Solved Chrome popups, viruses etc.

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

tobi19

PCHF Member
PCHF Member
May 6, 2017
9
4
21
Ok, so this started like 1-2 days ago... All of a sudden I started getting all these popups viruses, ads. etc. For example, every time I search for something (doesn't matter what) the first 3 results are from this iq option page, or some other similar.
I tried everything, reinstalling Chrome 2-3 times (didn't work), then I downloaded this "Malwarebytes" thing and it didn't work, so, can someone help me? What to do? BTW sorry If I posted this in the wrong thread, I am new here so maybe the admin can transfer it.
Here are some pics:
1.PNG 2.PNG 3.PNG 4.PNG 6.PNG
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select Scan



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 

tobi19

PCHF Member
PCHF Member
May 6, 2017
9
4
21
You want me to upload those FRST and Addition files here or to paste everything that's in them here? Sorry I didn't quite understand
 

tobi19

PCHF Member
PCHF Member
May 6, 2017
9
4
21
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by tobi (06-05-2017 19:26:14)
Running from C:\Users\tobi\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-08-18 11:27:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3211118102-3945958172-1215576064-500 - Administrator - Disabled)
Guest (S-1-5-21-3211118102-3945958172-1215576064-501 - Limited - Disabled)
tobi (S-1-5-21-3211118102-3945958172-1215576064-1000 - Administrator - Enabled) => C:\Users\tobi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Cossacks: Back to War (HKLM\...\Steam App 4850) (Version: - GSC Game World)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3211118102-3945958172-1215576064-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tobi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1C44F8D1-D6DA-4543-8FEC-3D4C37FD66BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {469EE6D7-79D1-4021-91F7-A64F1EE6F5AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {54B5531F-378E-4AFC-8011-C14101DAE9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {611A01F5-6038-426A-A3AD-6BAB6957495E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)
Task: {77949F2C-C570-496D-BA57-8D6B9BB142A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {C75F412F-CAB4-4D1D-A318-37A840970A69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {DFEEBE67-B18E-40AB-B735-715495A536C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {FEEE487A-6FF2-47D4-9917-A826EB623622} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-08-18 14:01 - 2016-08-11 13:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-20 02:10 - 2016-07-20 02:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-11 19:24 - 2017-03-11 19:24 - 00959168 _____ () C:\Users\tobi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-03-11 18:49 - 2017-04-28 10:09 - 08931008 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-08-08 05:37 - 2016-08-08 05:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-05-06 15:52 - 2017-05-02 03:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
2017-05-06 15:52 - 2017-05-02 03:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
2016-08-29 10:09 - 2016-08-29 10:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-09-24 23:39 - 2016-06-27 23:57 - 50663704 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-09-24 23:39 - 2016-06-27 23:58 - 01881880 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-09-24 23:39 - 2016-06-27 23:58 - 00082200 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-08-18 16:24 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\tobi:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FDECEE75-A69E-4B87-BA5E-F0F3F2288B86}] => (Allow) D:\ghS\SteaM\Steam.exe
FirewallRules: [{AA069F18-F06A-4BBC-B4FC-602F04F46B6F}] => (Allow) D:\ghS\SteaM\Steam.exe
FirewallRules: [{09B67137-A4E0-47EF-9116-98D787100227}] => (Allow) D:\ghS\SteaM\bin\steamwebhelper.exe
FirewallRules: [{CC7A4FEF-85F1-484A-B7E5-1016EF449C90}] => (Allow) D:\ghS\SteaM\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{8D1601FE-2355-460C-A7B0-0483E2131B17}D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{E31CD5BB-1E85-4DEC-A027-F85C3E20DACB}D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{AAB91FEF-0335-46EB-955A-24416FD08FFE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{434BE1F9-1B44-4F5C-937C-B9FE2121A3A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB1277A2-A5DB-4F0F-BC5A-FE8EECC10BEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0AA41DF0-0C37-4ABF-90E0-95E4EDBB1F2E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4248AF8F-70DD-452D-A5E8-A6D263A569C9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DBC73DCF-806D-4E0B-A335-ACA254C516AF}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0F3F4AA6-88D7-4BD0-9624-5280837E6D87}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{5EA2C313-0872-4158-A7D2-84373B499C4C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{6FBB41D9-05E3-41BB-8B51-8E9F78EB32E6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{D45DE01D-8004-4397-AA43-C8C4238474FB}] => (Allow) D:\ghS\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32629CFC-08C5-43BD-9561-FD41FA220F72}] => (Allow) D:\ghS\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C6995804-6F06-4D14-A7D7-90A7474FA3B8}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{00DD3ABE-5868-40CD-BF8E-C5B89050D33B}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{3D9DC22E-E862-4B34-A846-DCE33AFD70B2}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{C2A75468-FF47-41AD-AA87-F9466AA26AC1}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{83364127-8CB4-47B5-B00E-1689F8F51B4A}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{2808306D-4AC0-49C0-9974-4A9924D5B49A}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{0783C263-D318-401F-87DE-C79012481316}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{90F1D2DC-ECE8-4088-8A08-C7E9F9918A6C}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{B25773E3-D50F-4AB0-AAC4-BC54E22FF1A4}] => (Allow) D:\ghS\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B9D2B17F-76A4-4543-9756-EC755F6FDD65}] => (Allow) D:\ghS\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{4AE5A607-570B-45BC-9D02-DEA9FED8B228}C:\games\cs 1.6 v42 full\hl.exe] => (Allow) C:\games\cs 1.6 v42 full\hl.exe
FirewallRules: [UDP Query User{692CB3A7-9A26-4975-BC1F-062D67E7C704}C:\games\cs 1.6 v42 full\hl.exe] => (Allow) C:\games\cs 1.6 v42 full\hl.exe
FirewallRules: [{06800894-A14F-494C-8A03-72680060787E}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{DD755683-C8DE-4333-B946-6732DCABF5E4}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{49B9A3B7-BD53-42B0-9093-0EC2886ABAFF}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{F92D43BD-DE37-4861-BFFE-9ED10DAA4EC6}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{70D9457C-A8F2-4A76-8E99-6AED3CA80DDC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F274A595-62D8-424B-9624-E8F4B23C84A7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FE275259-6255-4B51-97C1-54564542AC7A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8871D4F6-737F-4F6D-BD59-5ECAED7BC3C3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{186FC68E-FEB6-43E3-B10F-BA7B0E8DE026}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FE43CE67-FA5E-4427-B5D2-0C0622E2E434}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2017 06:19:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 06:16:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 03:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/06/2017 01:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2017 08:22:18 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: tobi-PC)
Description: Application or service 'Internet Pass-Through Service' could not be restarted.

Error: (05/05/2017 06:41:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/05/2017 01:29:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/04/2017 09:06:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/04/2017 11:36:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/03/2017 09:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (05/06/2017 03:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/05/2017 06:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (05/05/2017 06:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 4059.86 MB
Available physical RAM: 1929.88 MB
Total Virtual: 8117.9 MB
Available Virtual: 5504.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:205.08 GB) (Free:170.73 GB) NTFS
Drive d: () (Fixed) (Total:726.33 GB) (Free:688.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A6C7A6C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=726.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by tobi (administrator) on TOBI-PC (06-05-2017 19:25:36)
Running from C:\Users\tobi\Downloads
Loaded Profiles: tobi (Available Profiles: tobi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\Run: [Steam] => D:\ghS\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: {416d12b4-656b-11e6-a743-94de80ee485f} - F:\HTC_Sync_Manager_PC.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07113958-D9AA-44A2-A6B3-09D5BE76DA4D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-04-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-04-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: r5iidbph.default
FF ProfilePath: C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default [2017-05-06]
FF Extension: (Dark YouTube Theme) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\Extensions\[email protected] [2017-01-18]
FF Extension: (Adblock Plus) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Shield Recipe Client) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\features\{d9a81d3b-b285-4dfb-a3c0-43dc2fb16e01}\[email protected] [2017-04-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-28] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default [2017-05-06]
CHR Extension: (Google Slides) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-06]
CHR Extension: (Google Docs) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-06]
CHR Extension: (Google Drive) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-06]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-05-06]
CHR Extension: (YouTube) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-06]
CHR Extension: (Adobe Acrobat) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-06]
CHR Extension: (Google Sheets) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-06]
CHR Extension: (Google Docs Offline) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-06]
CHR Extension: (AdBlock) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-06]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-06]
CHR Extension: (Gmail) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\tobi\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 19:25 - 2017-05-06 19:26 - 00012736 _____ C:\Users\tobi\Downloads\FRST.txt
2017-05-06 19:25 - 2017-05-06 19:25 - 02429440 _____ (Farbar) C:\Users\tobi\Downloads\FRST64.exe
2017-05-06 19:25 - 2017-05-06 19:25 - 00000000 ____D C:\FRST
2017-05-06 18:04 - 2017-05-06 18:08 - 60107896 _____ (Malwarebytes ) C:\Users\tobi\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-06 15:53 - 2017-05-06 15:53 - 00000000 ____D C:\Users\tobi\AppData\Roaming\Google
2017-05-06 15:52 - 2017-05-06 16:23 - 00000000 ____D C:\Users\tobi\AppData\Local\Google
2017-05-06 15:52 - 2017-05-06 15:52 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-06 15:52 - 2017-05-06 15:52 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-06 15:51 - 2017-05-06 15:52 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-06 15:51 - 2017-05-06 15:51 - 01130328 _____ (Google Inc.) C:\Users\tobi\Downloads\ChromeSetup(1).exe
2017-05-06 15:51 - 2017-05-06 15:51 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-06 15:51 - 2017-05-06 15:51 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-06 15:41 - 2017-05-06 15:41 - 00040898 _____ C:\Users\tobi\Desktop\bookmarks_5_6_17.html
2017-05-06 15:33 - 2017-05-06 15:35 - 00000000 ____D C:\AdwCleaner
2017-05-06 15:33 - 2017-05-06 15:33 - 04102600 _____ C:\Users\tobi\Downloads\adwcleaner_6.046.exe
2017-05-05 20:23 - 2017-05-05 20:23 - 01130328 _____ (Google Inc.) C:\Users\tobi\Downloads\ChromeSetup.exe
2017-05-05 18:45 - 2017-05-05 18:56 - 00004427 _____ C:\Users\tobi\Desktop\New Text Document.txt
2017-05-05 18:36 - 2017-05-05 18:36 - 00000000 ____D C:\Windows\pss
2017-05-05 15:35 - 2017-05-05 15:35 - 00522653 _____ ( ) C:\Users\tobi\Downloads\Neighbour_From_Hell_1_Game.exe
2017-05-01 16:31 - 2017-05-01 16:31 - 00000355 _____ C:\Users\tobi\Downloads\index.html.old
2017-04-28 10:12 - 2017-04-28 10:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-23 06:48 - 2017-04-23 06:48 - 00005309 _____ C:\Users\tobi\Downloads\wZxJscDnMSY
2017-04-22 07:35 - 2017-04-22 07:35 - 00000000 ____D C:\Users\tobi\AppData\Local\ElevatedDiagnostics
2017-04-22 04:25 - 2017-04-22 04:25 - 00000000 ____D C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-04-22 04:25 - 2017-04-22 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-04-22 04:24 - 2017-04-22 04:25 - 16270006 _____ C:\Users\tobi\Downloads\sa-mp-0.3.7-install.exe
2017-04-22 04:21 - 2017-04-22 04:21 - 00527292 _____ C:\Users\tobi\Downloads\Setup.rar
2017-04-18 20:40 - 2017-04-18 20:41 - 00000000 ____D C:\Temp
2017-04-18 20:40 - 2017-04-18 20:40 - 00000000 ____D C:\ProgramData\HTC
2017-04-17 14:55 - 2017-05-06 18:15 - 00000000 __SHD C:\ProgramData\TCISYF
2017-04-17 14:55 - 2017-05-06 18:12 - 00000000 ____D C:\ProgramData\XKQ
2017-04-17 14:55 - 2017-04-17 14:55 - 02577278 _____ C:\Users\tobi\Downloads\Untitled 1.odp
2017-04-17 01:43 - 2017-04-17 01:43 - 00000000 ____D C:\Users\tobi\AppData\Roaming\OpenOffice
2017-04-17 01:21 - 2017-04-17 01:21 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-04-17 01:20 - 2017-05-05 14:41 - 00000000 ____D C:\Users\tobi\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-04-17 01:20 - 2017-04-17 01:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-04-17 00:59 - 2017-04-17 01:15 - 140742472 _____ C:\Users\tobi\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-04-13 15:21 - 2017-04-13 15:21 - 00000000 ____D C:\Users\tobi\AppData\Roaming\MAXON
2017-04-13 15:12 - 2017-04-13 15:15 - 85916232 _____ C:\Users\tobi\Downloads\CINEBENCHR15.038.zip
2017-04-13 15:12 - 2017-04-13 15:12 - 01768110 _____ C:\Users\tobi\Downloads\IntelBurnTest.zip
2017-04-13 15:11 - 2017-04-13 15:11 - 02528523 _____ C:\Users\tobi\Downloads\cpu-z_1.78-en.zip
2017-04-13 14:59 - 2017-04-13 14:59 - 02109224 _____ (techPowerUp (www.techpowerup.com)) C:\Users\tobi\Downloads\GPU-Z.1.18.0.exe
2017-04-13 14:55 - 2017-04-13 14:56 - 40376862 _____ C:\Users\tobi\Downloads\MSIAfterburnerSetup.zip
2017-04-13 14:54 - 2017-04-13 14:54 - 00100635 _____ C:\Users\tobi\Downloads\MSIAfterburnerRemoteServer.zip
2017-04-13 14:52 - 2017-04-13 14:52 - 00514172 _____ C:\Users\tobi\Downloads\openhardwaremonitor-v0.8.0-beta.zip
2017-04-13 02:25 - 2017-04-13 02:26 - 00000000 ____D C:\Users\tobi\Downloads\sve valjda

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-06 18:26 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-06 18:26 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-06 18:24 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-06 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-06 18:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-06 15:51 - 2016-11-17 01:56 - 00000000 ____D C:\Users\tobi\AppData\LocalLow\Mozilla
2017-05-06 15:48 - 2016-09-30 20:42 - 00000000 ____D C:\Program Files (x86)\GUM3005.tmp
2017-05-06 15:35 - 2016-12-26 20:35 - 00000987 _____ C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-06 15:35 - 2016-10-01 12:25 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-06 15:35 - 2016-10-01 12:25 - 00001053 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-05 20:22 - 2016-12-30 01:37 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-05 18:53 - 2016-10-30 22:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 15:35 - 2016-11-15 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-30 11:03 - 2016-10-01 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-28 10:13 - 2017-03-11 18:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-28 10:12 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-04-28 10:11 - 2017-03-11 18:30 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-22 04:25 - 2016-12-26 17:22 - 00000000 ____D C:\Users\tobi\Documents\GTA San Andreas User Files
2017-04-17 14:44 - 2009-07-14 06:45 - 00451288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-17 01:35 - 2016-08-18 13:38 - 00117064 _____ C:\Users\tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-13 15:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-12 22:34 - 2016-10-30 22:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

Some files in TEMP:
====================
2016-10-27 20:27 - 2016-10-27 20:34 - 50563233 _____ (Popcorn Time ) C:\Users\tobi\AppData\Local\Temp\setup_575A.exe
2017-05-05 18:41 - 2017-04-22 04:22 - 0099896 _____ () C:\Users\tobi\AppData\Local\Temp\Uninstall.exe
2006-05-24 07:10 - 2006-05-24 07:10 - 0455600 ____R (Macrovision Corporation) C:\Users\tobi\AppData\Local\Temp\_is3D8C.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-04 23:33

==================== End of FRST.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Ok, give me about 20 minutes to look over the logs, I will have a reply for you then. :)
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Rogue Killer Scan.

Download RogueKiller -- (Portable) -- from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all other the running programs
  • Disable ALL Antivirus -- Antimalware -- Applications.
  • Right Click Rogue Killer and Run as Administrator.
  • Click the Start Scan button.
  • Allow the scan to run -- it can take ten minutes or more.
  • Once the scan is complete check All items for removal.

  • After All items are checked then press Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on open report -- then open txt
  • Copy the content of the report and paste it here in your next reply.

JRT Scan.


Please download Junkware Removal Tool and save it on your desktop.


  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

tobi19

PCHF Member
PCHF Member
May 6, 2017
9
4
21
This is from Rogue Killer

RogueKiller V12.10.7.0 (x64) [May 1 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tobi [Administrator]
Started from : C:\Users\tobi\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 05/06/2017 19:55:30 (Duration : 00:10:21)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DBC73DCF-806D-4E0B-A335-ACA254C516AF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F3F4AA6-88D7-4BD0-9624-5280837E6D87} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5EA2C313-0872-4158-A7D2-84373B499C4C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=node.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6FBB41D9-05E3-41BB-8B51-8E9F78EB32E6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=node.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DBC73DCF-806D-4E0B-A335-ACA254C516AF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0F3F4AA6-88D7-4BD0-9624-5280837E6D87} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe|Name=Popcorn Time| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5EA2C313-0872-4158-A7D2-84373B499C4C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=node.exe| [x] -> Deleted
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6FBB41D9-05E3-41BB-8B51-8E9F78EB32E6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\Popcorn Time\chromecast\node.exe|Name=node.exe| [x] -> Deleted
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Replaced (2)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Program Files (x86)\Popcorn Time -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Popcorn Time\init.txt -> Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Popcorn Time\Updater.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00ZF5A0 ATA Device +++++
--- User ---
[MBR] 98646b5e249559da0003966888645968
[BSP] cec391cca8c69c9731525bd7766de30a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 210000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 430286848 | Size: 743767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

This is from JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64
Ran by tobi (Administrator) on 06.05.2017 at 20:09:47,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MEADUMK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HRI3N5H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FG6HBNH3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HT1JQVIZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM8OXX4H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPQF0JVX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZQ1UNAF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\tobi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQO7B2IP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MEADUMK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6HRI3N5H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FG6HBNH3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HT1JQVIZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TM8OXX4H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPQF0JVX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZQ1UNAF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQO7B2IP (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2017 at 20:11:06,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is from FRST

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by tobi (06-05-2017 20:15:42) Run:1
Running from C:\Users\tobi\Downloads\frst
Loaded Profiles: tobi (Available Profiles: tobi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
RemoveProxy:
Task: {DFEEBE67-B18E-40AB-B735-715495A536C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
AlternateDataStreams: C:\Users\tobi:Heroes & Generals [38]
C:\Windows\system32\Drivers\etc\hosts
Hosts:
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\Run: [Steam] => D:\ghS\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: {416d12b4-656b-11e6-a743-94de80ee485f} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
FF Extension: (Shield Recipe Client) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\features\{d9a81d3b-b285-4dfb-a3c0-43dc2fb16e01}\[email protected] [2017-04-30]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2017-05-06]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\tobi\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\tobi\Downloads\wZxJscDnMSY
C:\ProgramData\TCISYF
C:\ProgramData\XKQ
C:\Users\tobi\Downloads\Untitled 1.odp
C:\Program Files (x86)\GUM3005.tmp
C:\Windows\System32\Tasks\Adobe Acrobat Update Task
C:\Users\tobi\AppData\Local\Temp\Uninstall.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end


*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFEEBE67-B18E-40AB-B735-715495A536C8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFEEBE67-B18E-40AB-B735-715495A536C8} => key removed successfully
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
C:\Users\tobi => ":Heroes & Generals" ADS removed successfully.
C:\Windows\system32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => value removed successfully
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key removed successfully
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{416d12b4-656b-11e6-a743-94de80ee485f} => key removed successfully
HKCR\CLSID\{416d12b4-656b-11e6-a743-94de80ee485f} => key not found.
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\features\{d9a81d3b-b285-4dfb-a3c0-43dc2fb16e01}\[email protected] => moved successfully
C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida => moved successfully
HKLM\System\CurrentControlSet\Services\gdrv => key removed successfully
gdrv => service removed successfully
HKLM\System\CurrentControlSet\Services\GPU-Z => key removed successfully
GPU-Z => service removed successfully
HKLM\System\CurrentControlSet\Services\HTCAND64 => key removed successfully
HTCAND64 => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
C:\Users\tobi\Downloads\wZxJscDnMSY => moved successfully
C:\ProgramData\TCISYF => moved successfully
C:\ProgramData\XKQ => moved successfully
C:\Users\tobi\Downloads\Untitled 1.odp => moved successfully
C:\Program Files (x86)\GUM3005.tmp => moved successfully
"C:\Windows\System32\Tasks\Adobe Acrobat Update Task" => not found.
C:\Users\tobi\AppData\Local\Temp\Uninstall.exe => moved successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state On =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 145436574 B
Java, Flash, Steam htmlcache => 180221622 B
Windows/system/drivers => 22746758 B
Edge => 0 B
Chrome => 504757270 B
Firefox => 384203962 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100816 B
systemprofile32 => 86504 B
LocalService => 66228 B
NetworkService => 1248 B
tobi => 220379474 B

RecycleBin => 24128 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:15:49 ====

P.S: Sorry for bothering and keeping you wait.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,395
551
Glad to have helped!! Please tell a friend ...... or two about us.


Optimize your internet connection.

Click here for instructions.


suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.





Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.

Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 

tobi19

PCHF Member
PCHF Member
May 6, 2017
9
4
21
@Malnutrition Sure I will ;)
Thanks for the other things, I will definitely check them If I need something like that.
And my PC is not that good so I can't have an antivirus, it slows it down even more.. maybe when I buy a better one :p
Thanks once again, you can close it.
 
  • Like
Reactions: Malnutrition
Status
Not open for further replies.