Tech Support Forum banner
Status
Not open for further replies.

Guitar playing virus?

2K views 6 replies 2 participants last post by  chemist 
#1 · (Edited by Moderator)
Every time i open up my speakers they start repeating a small song on guitar.This doesnt allow me to have access to the audio of games,youtube etc.For some reason it doesnt affect Skype calls.Following the instructions i found on another thread in your website--> http://www.techsupportforum.com/forums/f100/virus-plays-random-audio-with-no-programs-open-654679.html
I decided to run combofix.The results are attached.I also run the tdsskiller.exe but it didnt find any threats.Then scanned with malwarebytes.Again no threats found.The music just keeps going on and on.Any help?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18377 BrowserJavaVersion: 11.91.2
Run by user at 16:55:08 on 2016-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.598 [GMT 3:00]
.
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\user\Downloads\esetonlinescanner_enu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_91\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - c:\program files\microsoft office\office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_91\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [Dropbox] "c:\program files\dropbox\client\Dropbox.exe" /systemstartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ShadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\-hpdes~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office15\EXCEL.EXE/3000
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{03540190-7267-47B4-9ECB-B588BC973B6D} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office15\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\51.0.2704.103\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\m4entee6.default\
FF - plugin: c:\progra~1\micros~2\office15\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.30.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_91\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.50428.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1224194.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2015-11-16 71488]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2015-11-16 206312]
R1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\drivers\EpfwLWF.sys [2015-11-16 44608]
R2 ekbdflt;ekbdflt;c:\windows\system32\drivers\ekbdflt.sys [2015-11-16 111040]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2016-7-24 16432]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2016-4-17 18576]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-4-17 32912]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2016-7-23 25632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2016-7-24 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-7-24 24448]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-7-24 53120]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2015-12-10 52224]
.
=============== Created Last 30 ================
.
2016-07-24 13:06:48 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-24 13:06:28 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-24 13:06:28 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-07-24 13:06:28 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-24 13:06:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-07-24 12:59:57 -------- d-sh--w- C:\$RECYCLE.BIN
2016-07-24 12:43:27 98816 ----a-w- c:\windows\sed.exe
2016-07-24 12:43:27 256000 ----a-w- c:\windows\PEV.exe
2016-07-24 12:43:27 208896 ----a-w- c:\windows\MBR.exe
2016-07-24 12:09:00 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\offreg.3824.dll
2016-07-24 11:58:51 -------- d-----w- c:\users\user\appdata\roaming\Enigma Software Group
2016-07-24 11:58:37 -------- d-----w- C:\sh4ldr
2016-07-24 11:57:51 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57:43 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53:05 -------- d-----w- c:\users\user\appdata\local\Wondershare
2016-07-23 16:53:04 -------- d-----w- c:\program files\common files\Wondershare
2016-07-23 16:52:55 -------- d-----w- c:\users\user\appdata\roaming\Wondershare
2016-07-23 16:50:58 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50:55 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09:12 9507208 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a9061a84-160b-4300-9e98-e2ea8bdeee4d}\mpengine.dll
2016-07-21 13:25:14 -------- d-----w- c:\users\user\appdata\local\Steam
2016-07-21 13:21:48 -------- d-----w- c:\program files\common files\Steam
2016-07-21 13:21:40 -------- d-----w- c:\program files\Steam
2016-07-20 16:53:40 -------- d-----w- c:\users\user\appdata\roaming\Awesomium
2016-07-20 14:40:10 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39:53 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39:52 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39:41 -------- d-----w- c:\program files\common files\INCA Shared
2016-07-19 19:41:03 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53:44 -------- d-----w- c:\program files\plaync
2016-07-19 10:49:51 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56:22 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24:59 817664 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2016-07-13 10:24:59 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24:56 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24:48 10948096 ----a-w- c:\program files\internet explorer\F12Resources.dll
2016-07-13 10:24:39 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17:14 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43:42 -------- d-----w- c:\users\user\appdata\local\CrashRpt
2016-07-05 19:18:45 -------- d-----w- c:\program files\temp
2016-07-05 19:09:08 -------- d-----w- c:\program files\pack
2016-07-05 19:09:02 -------- d-----w- c:\program files\mark
2016-07-05 14:38:07 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55:40 226488 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2016-07-14 09:56:28 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56:28 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-25 20:01:58 37096 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-06-25 19:54:03 497152 ----a-w- c:\windows\system32\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- c:\windows\system32\ntprint.dll
2016-06-25 19:53:45 779776 ----a-w- c:\windows\system32\localspl.dll
2016-06-25 19:53:44 126464 ----a-w- c:\windows\system32\inetpp.dll
2016-06-25 19:53:36 1004544 ----a-w- c:\windows\system32\aeinv.dll
2016-06-25 19:42:04 39424 ----a-w- c:\windows\system32\wpnpinst.exe
2016-06-25 19:41:53 61952 ----a-w- c:\windows\system32\ntprint.exe
2016-06-25 19:41:00 18944 ----a-w- c:\windows\system32\inetppui.dll
2016-06-25 19:40:49 29696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2016-06-22 13:06:13 208896 ----a-w- c:\windows\system32\centel.dll
2016-06-21 09:13:28 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-17 18:23:24 468992 ----a-w- c:\windows\system32\generaltel.dll
2016-06-17 18:23:24 461312 ----a-w- c:\windows\system32\devinv.dll
2016-06-17 18:23:24 251392 ----a-w- c:\windows\system32\invagent.dll
2016-06-17 18:23:23 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-06-17 18:23:23 179712 ----a-w- c:\windows\system32\aepic.dll
2016-06-17 18:23:23 1288192 ----a-w- c:\windows\system32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-06-14 14:57:04 2398208 ----a-w- c:\windows\system32\win32k.sys
2016-06-10 19:09:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-06-10 19:09:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-06-10 18:54:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-06-10 18:53:30 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- c:\windows\system32\html.iec
2016-06-10 18:41:52 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-06-10 18:41:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-06-10 18:35:42 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-06-10 18:27:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-10 18:09:13 2055680 ----a-w- c:\windows\system32\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- c:\windows\system32\wininet.dll
2016-05-20 00:13:22 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13:22 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10:06 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54:26 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49:50 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22:37 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:22:37 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 14:56:15 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52:17 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52:16 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52:13 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52:13 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52:10 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51:38 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51:38 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51:37 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04:55 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04:55 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19:26 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01:19 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52:27 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
============= FINISH: 16:58:26,27 ===============

ComboFix 16-07-16.01 - user 24/07/2016 15:46:38.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1032.18.2047.747 [GMT 3:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.349.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.381.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F64F14C-12A4-4B88-B5B9-6FF328C8B4DA}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{32C754D9-A7E4-4BF0-9D82-0BC900E455F4}.xps
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3ED07E42-881B-4137-B778-E272335A7E04}.xps
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-06-24 to 2016-07-24 )))))))))))))))))))))))))))))))
.
.
2016-07-24 12:55 . 2016-07-24 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-24 12:09 . 2016-07-24 12:09 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\offreg.3824.dll
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- c:\users\user\AppData\Roaming\Enigma Software Group
2016-07-24 11:58 . 2016-07-24 11:58 -------- d-----w- C:\sh4ldr
2016-07-24 11:57 . 2016-07-24 11:57 19984 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2016-07-24 11:57 . 2016-07-24 11:57 -------- d-----w- c:\program files\Enigma Software Group
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\users\user\AppData\Local\Wondershare
2016-07-23 16:53 . 2016-07-23 16:53 -------- d-----w- c:\program files\Common Files\Wondershare
2016-07-23 16:52 . 2016-07-24 11:36 -------- d-----w- c:\users\user\AppData\Roaming\Wondershare
2016-07-23 16:50 . 2015-02-02 11:45 25632 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys
2016-07-23 16:50 . 2016-07-23 16:50 -------- d-----w- c:\program files\Wondershare
2016-07-23 10:09 . 2016-06-29 09:19 9507208 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9061A84-160B-4300-9E98-E2EA8BDEEE4D}\mpengine.dll
2016-07-21 13:25 . 2016-07-21 13:25 -------- d-----w- c:\users\user\AppData\Local\Steam
2016-07-21 13:21 . 2016-07-21 13:21 -------- d-----w- c:\program files\Common Files\Steam
2016-07-21 13:21 . 2016-07-22 06:01 -------- d-----w- c:\program files\Steam
2016-07-20 16:53 . 2016-07-20 16:57 -------- d-----w- c:\users\user\AppData\Roaming\Awesomium
2016-07-20 14:40 . 2016-03-03 10:28 3833776 ----a-w- c:\windows\system32\GameMon.des
2016-07-20 14:39 . 2005-01-03 06:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2016-07-20 14:39 . 2003-07-18 21:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2016-07-20 14:39 . 2016-07-20 14:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2016-07-19 19:41 . 2016-07-19 19:41 -------- d-----w- c:\windows\EOONotify
2016-07-19 10:53 . 2016-07-19 11:01 -------- d-----w- c:\program files\plaync
2016-07-19 10:49 . 2016-07-19 11:19 -------- d-----w- c:\program files\NCWest
2016-07-14 09:56 . 2016-07-14 09:56 19527360 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2016-07-13 10:24 . 2016-06-10 18:52 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-07-13 10:24 . 2016-06-10 18:23 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2016-07-13 10:24 . 2016-06-10 18:14 4608000 ----a-w- c:\windows\system32\jscript9.dll
2016-07-13 10:24 . 2016-06-10 19:04 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2016-07-13 10:24 . 2016-06-10 18:53 497664 ----a-w- c:\windows\system32\vbscript.dll
2016-07-13 09:17 . 2016-07-13 09:17 -------- d-----w- C:\HoTroLoL
2016-07-05 19:43 . 2016-07-05 19:43 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2016-07-05 19:18 . 2016-07-05 19:18 -------- d-----w- c:\program files\temp
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\pack
2016-07-05 19:09 . 2016-07-06 12:39 -------- d-----w- c:\program files\mark
2016-07-05 14:38 . 2016-07-05 15:14 -------- d-----w- c:\program files\LocMt2
2016-06-30 11:55 . 2016-06-30 11:55 226488 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-14 09:56 . 2015-12-10 16:25 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-07-14 09:56 . 2015-12-10 16:25 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-21 09:13 . 2015-12-10 16:17 400552 ------w- c:\windows\system32\MpSigStub.exe
2016-06-14 15:21 . 2016-07-13 10:25 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-05-20 00:13 . 2016-05-20 00:13 875712 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2016-05-20 00:13 . 2016-05-20 00:13 536768 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2016-05-18 16:10 . 2016-06-15 06:23 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-05-13 21:54 . 2016-06-15 06:25 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-05-13 21:49 . 2016-06-15 06:25 26112 ----a-w- c:\windows\system32\lpk.dll
2016-05-13 21:49 . 2016-06-15 06:25 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-05-13 21:49 . 2016-06-15 06:25 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-05-13 21:27 . 2016-06-15 06:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-05-12 15:22 . 2016-06-15 06:25 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-05-12 15:22 . 2016-06-15 06:25 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-05-12 15:18 . 2016-06-15 06:25 70144 ----a-w- c:\windows\system32\winipsec.dll
2016-05-12 15:18 . 2016-06-15 06:25 172032 ----a-w- c:\windows\system32\wdigest.dll
2016-05-12 15:18 . 2016-06-15 06:25 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-05-12 15:18 . 2016-06-15 06:25 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-05-12 15:18 . 2016-06-15 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
2016-05-12 15:18 . 2016-06-15 06:25 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2016-05-12 15:18 . 2016-06-15 06:25 251392 ----a-w- c:\windows\system32\schannel.dll
2016-05-12 15:18 . 2016-06-15 06:25 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-05-12 15:18 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\secur32.dll
2016-05-12 15:18 . 2016-06-15 06:25 274944 ----a-w- c:\windows\system32\polstore.dll
2016-05-12 15:18 . 2016-06-15 06:25 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-05-12 15:18 . 2016-06-15 06:25 260608 ----a-w- c:\windows\system32\msv1_0.dll
2016-05-12 15:18 . 2016-06-15 06:25 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-05-12 15:18 . 2016-06-15 06:25 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-05-12 15:18 . 2016-06-15 06:25 553472 ----a-w- c:\windows\system32\kerberos.dll
2016-05-12 15:18 . 2016-06-15 06:25 1062400 ----a-w- c:\windows\system32\lsasrv.dll
2016-05-12 15:18 . 2016-06-15 06:25 351744 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-05-12 15:18 . 2016-06-15 06:25 606720 ----a-w- c:\windows\system32\gpsvc.dll
2016-05-12 15:18 . 2016-06-15 06:25 79360 ----a-w- c:\windows\system32\gpapi.dll
2016-05-12 15:18 . 2016-06-15 06:25 44032 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-05-12 15:18 . 2016-06-15 06:25 17408 ----a-w- c:\windows\system32\credssp.dll
2016-05-12 15:18 . 2016-06-15 06:25 690688 ----a-w- c:\windows\system32\adtschema.dll
2016-05-12 14:56 . 2016-06-15 06:25 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-05-12 14:52 . 2016-06-15 06:25 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2016-05-12 14:52 . 2016-06-15 06:25 313856 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-05-12 14:52 . 2016-06-15 06:25 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-05-12 14:52 . 2016-06-15 06:25 115712 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-05-12 14:52 . 2016-06-15 06:25 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-05-12 14:52 . 2016-06-15 06:25 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-05-12 14:51 . 2016-06-15 06:25 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-05-12 14:51 . 2016-06-15 06:25 22016 ----a-w- c:\windows\system32\lsass.exe
2016-05-12 14:51 . 2016-06-15 06:25 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-05-12 13:04 . 2016-06-15 06:25 370784 ----a-w- c:\windows\system32\drivers\cng.sys
2016-05-12 13:04 . 2016-06-15 06:25 249352 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-05-11 15:19 . 2016-06-15 06:24 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-05-11 15:19 . 2016-06-15 06:24 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-05-11 15:19 . 2016-06-15 06:25 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-05-11 15:19 . 2016-06-15 06:24 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-05-11 15:01 . 2016-06-15 06:24 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-05-11 14:52 . 2016-06-15 06:24 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-07-05 17:57 211264 ----a-w- c:\program files\Dropbox\Client\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-06-14 10:38 1741104 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-06-28 26424960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-01-29 2585744]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-07-05 24204648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2016-01-29 1278920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-03-31 596504]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-12-10 280576]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2015-12-1 1192656]
Ðáñáêïëïýèçóç åéäïðïéÞóåùí ìåëÜíçò - HP Deskjet 3520 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN27C1561T05SZ;CONNECTION=USB;MONITOR=1; [2009-7-14 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
R2 dbupdate;Dropbox Update Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-05-23 324224]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [2016-07-24 797352]
R3 dbupdatem;Dropbox Update Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 143144]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2016-07-24 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-06-10 102912]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2016-03-03 3833776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2016-04-02 71488]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2016-04-02 206312]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2015-11-16 146024]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys [2016-04-02 44608]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys [2015-11-16 111040]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2016-05-24 1982752]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-01-29 915600]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2016-07-04 29760]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-01-29 1706128]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2016-01-29 19775632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-01-29 426040]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2016-07-24 16432]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-01-29 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2016-01-29 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2015-02-02 25632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESGIGUARD
*NewlyCreated* - ESGSCANNER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-18 08:22 1245848 ----a-w- c:\program files\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-10 09:56]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-12-10 16:26]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-10 15:55]
.
2016-07-21 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 07:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Clip bookmark - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Clip Image - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&îáãùãÞ óôï Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m4entee6.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Steam App 570 - c:\program files\Steam\steam.exe
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3843692468-4068903542-3892895194-1000\Software\G*e*n*i*e*"!\FM Genie Scout 15]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\games"
"ShortlistDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\shortlists"
"FMPath"=""
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2015\\"
"HistoryDir"="c:\\FM Genie Scout 15\\History Points"
"HistoryAutoTracking"=dword:00000000
"LangDB"="c:\\FM Genie Scout 15\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a615
"VersionOf201"=dword:0000007b
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"ShowGuidNotification2"=dword:00000000
"ShowQuickGuideNotification"=dword:00000000
"ShowShortlistGuideNotification"=dword:00000001
"ShowDonateNotification"=dword:00000000
"Version"=dword:00000202
"UniqueID"="15-FC80-0ABF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000006
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000000
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000001
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"AdClicksNum"=dword:00000000
"AdImpressionsNum"=dword:000001fb
"GameLoadedCounter"=dword:0000000c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-07-24 15:59:18
ComboFix-quarantined-files.txt 2016-07-24 12:59
.
Pre-Run: 15 ÊáôÜëïãïé 387.832.877.056 äéáèÝóéìá byte
Post-Run: 19 ÊáôÜëïãïé 395.277.819.904 äéáèÝóéìá byte
.
- - End Of File - - F67C3FAC3909717C3238B4EBDC2104B1
3C27C0429156ADC19E0F46AF77CD22D7
 

Attachments

See less See more
#2 ·
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix? Our fixes are designed specifically for each machine. Running fixes designed for other machines may render your machine unusable.

As stated in the disclaimer you had to pass when running ComboFix, it is not intended for unsupervised use.

As you also should have read here in Step 2 of our First Steps thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

We suggest uninstalling SpyHunter via Programs and Features in your Control Panel.

If you decide to uninstall it, also delete this Folder if it still exists:

C:\Program Files\Enigma Software Group

------------------------------------------------------

I see you have P2P software ( uTorrent and qBittorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall them. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 
#3 ·
Thank you for your reply.SpyHunter was downloaded in my pc as i was trying to download malwarebytes for some reason.qBittorent and uTorrent have been removed.Furthermore the music has stopped and i can listen to the sound of videos/games after combofix was used and after a couple of reboots after its use.However it seems that a file(HP Support Assistant) has been removed causing a black screenwhile booting which is followed by windows installer ending up with an "Error 1706".I think I will reinstall the drivers for that.

The report from ADWCleaner:

# AdwCleaner v5.201 - Logfile created 24/07/2016 at 19:35:40
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\downspeedtest.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\fromdoctopdf.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\internetspeedtracker.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\premierdownloadmanager.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mapsgalaxy.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key Deleted : HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\st.chatango.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\timeshighereducation.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3124 bytes] - [24/07/2016 19:35:40]
C:\AdwCleaner\AdwCleaner[R0].txt - [3929 bytes] - [24/07/2016 18:37:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [2873 bytes] - [24/07/2016 18:38:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [3745 bytes] - [24/07/2016 19:32:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3416 bytes] ##########

The FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2016
Ran by user (administrator) on USER-PC (24-07-2016 19:42:14)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-3843692468-4068903542-3892895194-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-12-10] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-24]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Παρακολούθηση ειδοποιήσεων μελάνης - .lnk [2016-07-24]
ShortcutTarget: Παρακολούθηση ειδοποιήσεων μελάνης - .lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Παρακολούθηση ειδοποιήσεων μελάνης - HP Deskjet 3520 series.lnk [2016-07-24]
ShortcutTarget: Παρακολούθηση ειδοποιήσεων μελάνης - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk /k:C *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{03540190-7267-47B4-9ECB-B588BC973B6D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3843692468-4068903542-3892895194-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m4entee6.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3843692468-4068903542-3892895194-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-11] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\m4entee6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-30]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Διαφάνειες Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-10]
CHR Extension: (Έγγραφα Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-10]
CHR Extension: (Google Drive ) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-20]
CHR Extension: (Αναζήτηση Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10]
CHR Extension: (Υπολογιστικά φύλλα Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-10]
CHR Extension: (Έγγραφα Google εκτός σύνδεσης) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-10] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1982752 2016-05-24] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2016-01-29] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [3833776 2016-03-03] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2016-01-29] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [206312 2016-04-02] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146024 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [111040 2015-11-16] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [152728 2016-04-02] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44608 2016-04-02] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [71488 2016-04-02] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-07-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2016-01-29] (NVIDIA Corporation)
S3 WsAudioDevice_383; C:\Windows\System32\drivers\WsAudioDevice_383.sys [25632 2015-02-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-24 19:42 - 2016-07-24 19:46 - 00018063 _____ C:\Users\user\Desktop\FRST.txt
2016-07-24 19:40 - 2016-07-24 19:40 - 00003495 _____ C:\Users\user\Desktop\AdwCleaner[C1].txt
2016-07-24 19:28 - 2016-07-24 19:28 - 03712064 _____ C:\Users\user\Downloads\AdwCleaner.exe
2016-07-24 19:27 - 2016-07-24 19:42 - 00000000 ____D C:\FRST
2016-07-24 19:24 - 2016-07-24 19:25 - 01744384 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2016-07-24 18:49 - 2016-07-24 19:39 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-24 18:48 - 2016-07-24 19:15 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-24 18:48 - 2016-07-24 18:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-24 18:48 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-24 18:48 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-24 18:48 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-24 18:46 - 2016-07-24 18:46 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-07-24 18:37 - 2016-07-24 19:35 - 00000000 ____D C:\AdwCleaner
2016-07-24 18:23 - 2016-07-24 18:53 - 00000000 ____D C:\Program Files\BitTorrent
2016-07-24 18:22 - 2016-07-24 18:22 - 07105536 _____ C:\Users\user\AppData\Roaming\agent.dat
2016-07-24 18:22 - 2016-07-24 18:22 - 00677376 _____ C:\Users\user\AppData\Roaming\Kindom.exe
2016-07-24 18:22 - 2016-07-24 18:22 - 00677376 _____ C:\Users\user\AppData\Roaming\Duobam.exe
2016-07-24 18:22 - 2016-07-24 18:22 - 00129024 _____ C:\Users\user\AppData\Roaming\Installer.dat
2016-07-24 18:22 - 2016-07-24 18:22 - 00018432 _____ C:\Users\user\AppData\Roaming\Main.dat
2016-07-24 18:20 - 2016-07-24 18:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Enigma Software Group
2016-07-24 18:19 - 2016-07-24 18:19 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-07-24 18:17 - 2016-07-24 18:17 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer(1).exe
2016-07-24 16:58 - 2016-07-24 16:58 - 00019225 _____ C:\Users\user\Desktop\dds.txt
2016-07-24 16:58 - 2016-07-24 16:58 - 00013460 _____ C:\Users\user\Desktop\attach.txt
2016-07-24 16:54 - 2016-07-24 16:54 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.scr
2016-07-24 16:31 - 2016-07-24 16:31 - 06759552 _____ (ESET spol. s r.o.) C:\Users\user\Downloads\esetonlinescanner_enu.exe
2016-07-24 16:20 - 2016-07-24 16:20 - 02870984 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2016-07-24 16:05 - 2016-07-24 16:05 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-24 16:03 - 2016-07-24 16:05 - 00193538 _____ C:\TDSSKiller.3.1.0.9_24.07.2016_16.03.58_log.txt
2016-07-24 16:03 - 2016-07-24 16:03 - 04633146 _____ C:\Users\user\Desktop\tdsskiller.zip
2016-07-24 16:03 - 2015-12-11 23:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\TDSSKiller.exe
2016-07-24 16:00 - 2016-07-24 16:00 - 00024424 _____ C:\Users\user\Desktop\combofix.txt
2016-07-24 15:59 - 2016-07-24 15:59 - 00024424 _____ C:\ComboFix.txt
2016-07-24 15:43 - 2016-07-24 15:59 - 00000000 ____D C:\Qoobox
2016-07-24 15:43 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-24 15:43 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-24 15:43 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-24 15:43 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-24 15:43 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-24 15:43 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-24 15:43 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-24 15:43 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-24 15:42 - 2016-07-24 15:57 - 00000000 ____D C:\Windows\erdnt
2016-07-24 15:34 - 2016-07-24 15:34 - 05659291 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2016-07-24 14:56 - 2016-07-24 14:56 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\user\Downloads\SpyHunter-Installer.exe
2016-07-24 14:53 - 2016-07-24 19:15 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-24 14:53 - 2016-07-24 19:15 - 00001103 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-24 14:53 - 2016-07-24 14:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-07-24 14:52 - 2016-07-24 14:52 - 00242408 _____ C:\Users\user\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-23 19:53 - 2016-07-23 19:53 - 00000000 ____D C:\Users\user\AppData\Local\Wondershare
2016-07-23 19:53 - 2016-07-23 19:53 - 00000000 ____D C:\Program Files\Common Files\Wondershare
2016-07-23 19:52 - 2016-07-24 14:36 - 00000000 ____D C:\Users\user\AppData\Roaming\Wondershare
2016-07-23 19:50 - 2016-07-23 19:50 - 00000000 ____D C:\Program Files\Wondershare
2016-07-23 19:50 - 2015-02-02 14:45 - 00025632 _____ (Wondershare) C:\Windows\system32\Drivers\WsAudioDevice_383.sys
2016-07-22 10:49 - 2016-07-22 10:49 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2016-07-21 16:25 - 2016-07-21 16:25 - 00000000 ____D C:\Users\user\AppData\Local\Steam
2016-07-21 16:21 - 2016-07-22 09:01 - 00000000 ____D C:\Program Files\Steam
2016-07-21 16:21 - 2016-07-21 16:21 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-07-21 16:19 - 2016-07-21 16:19 - 01444992 _____ C:\Users\user\Downloads\SteamSetup.exe
2016-07-21 01:50 - 2016-07-20 23:54 - 60883731 ____N C:\Users\user\Desktop\MOV_0699.mp4
2016-07-21 01:50 - 2016-07-20 23:15 - 58303533 _____ C:\Users\user\Desktop\wind of change.mp4
2016-07-20 19:53 - 2016-07-20 19:57 - 00000000 ____D C:\Users\user\AppData\Roaming\Awesomium
2016-07-20 17:40 - 2016-03-03 13:28 - 03833776 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\GameMon.des
2016-07-20 17:39 - 2016-07-20 17:39 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-07-20 17:39 - 2005-01-03 09:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\system32\npptNT2.sys
2016-07-20 17:39 - 2003-07-19 00:17 - 00005174 _____ C:\Windows\system32\nppt9x.vxd
2016-07-19 22:41 - 2016-07-19 22:41 - 00000000 ____D C:\Windows\EOONotify
2016-07-19 14:19 - 2016-07-19 14:19 - 04984744 _____ (NC Interactive, LLC) C:\Users\user\Downloads\Lineage2Installer(2).exe
2016-07-19 13:53 - 2016-07-19 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plaync
2016-07-19 13:53 - 2016-07-19 14:01 - 00000000 ____D C:\Program Files\plaync
2016-07-19 13:49 - 2016-07-19 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-07-19 13:49 - 2016-07-19 14:19 - 00000000 ____D C:\Program Files\NCWest
2016-07-19 13:49 - 2016-07-19 13:49 - 04984744 _____ (NC Interactive, LLC) C:\Users\user\Downloads\Lineage2Installer(1).exe
2016-07-19 13:46 - 2016-07-19 13:46 - 04984744 _____ (NC Interactive, LLC) C:\Users\user\Downloads\Lineage2Installer.exe
2016-07-19 11:56 - 2016-07-19 11:56 - 00000000 ____D C:\Users\user\Downloads\Ludovico Einaudi - Elements [Deluxe Edition] (2015)
2016-07-15 16:21 - 2016-07-22 11:06 - 00000000 ____D C:\Users\user\Desktop\Games
2016-07-15 16:09 - 2016-07-15 16:09 - 00659797 _____ C:\Users\user\Downloads\VisualBoyAdvance-1.8.0-beta3(1).zip
2016-07-14 12:56 - 2016-07-14 12:56 - 19527360 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-07-13 13:25 - 2016-06-25 23:01 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-13 13:25 - 2016-06-25 22:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-13 13:25 - 2016-06-25 22:53 - 01004544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-13 13:25 - 2016-06-25 22:53 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-13 13:25 - 2016-06-25 22:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-13 13:25 - 2016-06-25 22:53 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-13 13:25 - 2016-06-25 22:42 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-13 13:25 - 2016-06-25 22:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-13 13:25 - 2016-06-25 22:41 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-13 13:25 - 2016-06-22 16:06 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 01288192 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-13 13:25 - 2016-06-17 21:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-13 13:25 - 2016-06-14 17:57 - 02398208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 13:25 - 2016-06-11 07:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-13 13:25 - 2016-06-10 22:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-13 13:25 - 2016-06-10 22:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-13 13:25 - 2016-06-10 21:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-13 13:25 - 2016-06-10 21:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-13 13:25 - 2016-06-10 21:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-13 13:25 - 2016-06-10 21:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-13 13:25 - 2016-06-10 21:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-13 13:25 - 2016-06-10 21:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-13 13:25 - 2016-06-10 21:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-13 13:25 - 2016-06-10 21:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-13 13:25 - 2016-06-10 21:41 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-13 13:25 - 2016-06-10 21:35 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-13 13:25 - 2016-06-10 21:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-13 13:25 - 2016-06-10 21:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-13 13:25 - 2016-06-10 21:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-13 13:25 - 2016-06-10 21:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-13 13:25 - 2016-06-10 21:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-13 13:25 - 2016-06-10 21:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-13 13:25 - 2016-06-10 21:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-13 13:25 - 2016-06-10 21:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-13 13:25 - 2016-06-10 21:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-13 13:25 - 2016-06-10 21:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-13 13:25 - 2016-06-10 21:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-13 13:25 - 2016-06-10 21:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-13 13:25 - 2016-06-10 20:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-13 13:25 - 2016-06-10 20:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-13 13:25 - 2016-06-10 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-13 13:25 - 2016-06-10 20:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-13 13:24 - 2016-06-10 21:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-13 13:24 - 2016-06-10 21:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-13 13:24 - 2016-06-10 21:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-13 13:24 - 2016-06-10 21:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-13 13:24 - 2016-06-10 21:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-13 13:24 - 2016-06-10 21:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-13 12:17 - 2016-07-13 12:17 - 00000000 ____D C:\HoTroLoL
2016-07-12 11:37 - 2016-07-12 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-08 12:34 - 2016-07-08 12:34 - 00344053 _____ C:\Users\user\Documents\πτυχιακη-κατευθυνση.pdf
2016-07-08 11:08 - 2016-07-08 11:09 - 00188473 _____ C:\Users\user\Downloads\entypo_ptyxiakhs_16-17.pdf
2016-07-07 21:43 - 2016-07-07 21:43 - 00177184 _____ C:\Users\user\Downloads\tickets_5062431177.pdf
2016-07-07 21:41 - 2016-07-07 21:41 - 00105972 _____ C:\Users\user\Desktop\SCORPIONS TICKET.pdf
2016-07-06 10:42 - 2016-07-06 10:43 - 00577391 _____ C:\Users\user\Downloads\webinstaller.exe
2016-07-05 22:43 - 2016-07-05 23:07 - 00002469 _____ C:\Program Files\syserr.txt
2016-07-05 22:18 - 2016-07-05 22:18 - 00000000 ____D C:\Program Files\temp
2016-07-05 22:09 - 2016-07-06 15:39 - 00000000 ____D C:\Program Files\pack
2016-07-05 22:09 - 2016-07-06 15:39 - 00000000 ____D C:\Program Files\mark
2016-07-05 18:12 - 2016-07-05 22:06 - 1447736392 ____R () C:\Users\user\Downloads\wom2_installer_20160424.exe
2016-07-05 17:38 - 2016-07-05 18:14 - 00000000 ____D C:\Program Files\LocMt2
2016-07-05 15:56 - 2016-07-05 16:12 - 1116709159 _____ () C:\Users\user\Downloads\LocMt2-Setup.exe
2016-07-03 20:33 - 2016-07-03 20:33 - 00803345 _____ C:\Users\user\Downloads\αναλυτικη.pdf
2016-06-29 21:29 - 2016-06-29 21:29 - 15140742 _____ C:\Users\user\Desktop\scan.rar
2016-06-28 21:32 - 2016-06-28 21:32 - 00010560 _____ C:\Users\user\Documents\ΜΗΝΙΑΙΑ ΕΞΟΔΑ.xlsx
2016-06-26 14:18 - 2016-07-24 19:14 - 00001636 _____ C:\Users\user\Desktop\APANTHSH BOX - Συντόμευση.lnk
2016-06-26 14:04 - 2016-07-24 19:14 - 00001580 _____ C:\Users\user\Desktop\BOX 16 - Συντόμευση.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-24 19:41 - 2008-06-11 01:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-07-24 19:38 - 2015-12-10 19:26 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-24 19:38 - 2015-12-10 18:55 - 00001168 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-24 19:37 - 2015-12-10 18:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-24 19:37 - 2009-07-14 07:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-24 19:31 - 2015-12-10 19:26 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-24 19:30 - 2015-12-11 15:02 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-07-24 19:26 - 2015-12-10 18:55 - 00001172 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-24 19:21 - 2009-07-14 07:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-24 19:21 - 2009-07-14 07:34 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-24 19:16 - 2015-12-12 17:12 - 00001130 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-24 19:15 - 2016-02-04 22:17 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-24 19:15 - 2015-12-12 14:59 - 00001053 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-07-24 19:15 - 2015-12-12 14:58 - 00002164 _____ C:\Users\Public\Desktop\HP Deskjet 3520 series.lnk
2016-07-24 19:15 - 2015-12-12 14:58 - 00001153 _____ C:\Users\Public\Desktop\Αγορά αναλώσιμων - HP Deskjet 3520 series.lnk
2016-07-24 19:15 - 2015-12-11 14:41 - 00002021 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2016-07-24 19:15 - 2015-12-10 19:29 - 00000888 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-07-24 19:15 - 2015-12-10 19:24 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2016-07-24 19:15 - 2015-12-10 19:23 - 00002089 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-07-24 19:15 - 2015-12-10 19:21 - 00001129 _____ C:\Users\Public\Desktop\Media Player Classic.lnk
2016-07-24 19:15 - 2015-12-10 19:20 - 00001022 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-07-24 19:15 - 2015-12-10 19:19 - 00001062 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-07-24 19:15 - 2015-12-10 19:19 - 00000993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-24 19:15 - 2015-12-10 19:19 - 00000987 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-07-24 19:15 - 2015-12-10 18:57 - 00000997 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-07-24 19:15 - 2015-12-10 18:55 - 00001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-24 19:15 - 2015-12-10 18:55 - 00001248 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-24 19:15 - 2015-12-10 18:43 - 00002726 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2016-07-24 19:15 - 2015-12-10 18:43 - 00002630 _____ C:\Users\Public\Desktop\Nero Home.lnk
2016-07-24 19:15 - 2015-12-10 14:57 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-24 19:15 - 2015-12-10 14:57 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-24 19:15 - 2009-07-14 07:46 - 00001503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-24 19:15 - 2009-07-14 07:42 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-24 19:15 - 2009-07-14 07:42 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-24 19:15 - 2009-07-14 07:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-24 19:15 - 2009-07-14 07:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-24 19:14 - 2015-12-12 17:27 - 00002177 _____ C:\Users\user\Desktop\HP Support Assistant.lnk
2016-07-24 19:14 - 2015-12-10 19:28 - 00001080 _____ C:\Users\user\Desktop\Dropbox.lnk
2016-07-24 19:14 - 2015-12-10 19:26 - 00000606 _____ C:\Users\user\Desktop\KMPlayer.lnk
2016-07-24 19:14 - 2015-12-10 15:18 - 00001124 _____ C:\Users\user\Desktop\Internet Explorer.lnk
2016-07-24 19:14 - 2009-07-14 07:46 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-24 19:14 - 2009-07-14 07:37 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-24 19:12 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\security
2016-07-24 18:56 - 2015-12-10 19:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-24 17:12 - 2015-12-11 14:41 - 00000000 ____D C:\Program Files\ESET
2016-07-24 16:31 - 2015-12-11 14:42 - 00000000 ____D C:\Users\user\AppData\Local\ESET
2016-07-24 15:56 - 2009-07-14 05:04 - 00000215 _____ C:\Windows\system.ini
2016-07-24 14:53 - 2016-06-11 00:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-07-24 14:39 - 2016-03-02 14:00 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-07-23 19:52 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\inf
2016-07-23 19:27 - 2015-12-10 15:10 - 01499328 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-23 19:27 - 2009-07-14 11:11 - 00610658 _____ C:\Windows\system32\perfh008.dat
2016-07-23 19:27 - 2009-07-14 11:11 - 00112606 _____ C:\Windows\system32\perfc008.dat
2016-07-22 00:44 - 2015-12-21 21:15 - 00000316 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-07-21 21:49 - 2015-12-12 15:57 - 00000000 ___RD C:\Users\user\Documents\Τα έγγραφά μου
2016-07-21 19:23 - 2015-12-12 17:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-07-19 22:41 - 2015-12-12 20:16 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-19 21:02 - 2015-12-10 19:24 - 00000000 ___RD C:\Program Files\Skype
2016-07-19 21:02 - 2015-12-10 19:24 - 00000000 ____D C:\ProgramData\Skype
2016-07-19 20:54 - 2016-04-05 13:05 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-07-19 14:02 - 2016-04-05 13:00 - 00000000 ____D C:\ProgramData\Norton
2016-07-17 10:23 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\rescache
2016-07-15 16:30 - 2016-04-17 21:58 - 00000000 ____D C:\Users\user\AppData\Local\Jagex
2016-07-15 16:30 - 2016-04-17 21:58 - 00000000 ____D C:\ProgramData\Jagex
2016-07-14 12:56 - 2015-12-10 19:25 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-07-14 12:56 - 2015-12-10 19:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-07-13 22:01 - 2009-07-14 07:33 - 00438752 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-13 21:59 - 2009-07-14 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-13 21:59 - 2008-06-11 01:01 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-13 21:18 - 2015-12-11 21:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-07-13 21:13 - 2009-07-14 05:04 - 00000478 _____ C:\Windows\win.ini
2016-07-13 21:10 - 2015-12-10 19:37 - 00000000 ____D C:\Windows\system32\MRT
2016-07-13 21:04 - 2015-12-10 19:37 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 17:56 - 2015-12-10 19:25 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 11:38 - 2015-12-10 19:26 - 00000000 ____D C:\Program Files\Dropbox
2016-07-08 10:51 - 2009-07-14 07:53 - 00032500 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2016-07-05 22:43 - 2016-07-05 23:07 - 0002469 _____ () C:\Program Files\syserr.txt
2016-07-24 18:22 - 2016-07-24 18:22 - 7105536 _____ () C:\Users\user\AppData\Roaming\agent.dat
2016-07-24 18:22 - 2016-07-24 18:22 - 0677376 _____ () C:\Users\user\AppData\Roaming\Duobam.exe
2016-07-24 18:22 - 2016-07-24 18:22 - 0129024 _____ () C:\Users\user\AppData\Roaming\Installer.dat
2016-07-24 18:22 - 2016-07-24 18:22 - 0677376 _____ () C:\Users\user\AppData\Roaming\Kindom.exe
2016-07-24 18:22 - 2016-07-24 18:22 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
2015-12-12 14:58 - 2015-12-12 14:58 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 10:15

==================== End of FRST.txt ============================

Finally, the addition.txt is attached
 

Attachments

#4 ·
Hello PanMin. Are you using a legal copy of MS Office?

------------------------------------------------------

I'd like to take a look at that file.

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

Code:
@echo off
for %%g in (
"C:\Qoobox\Quarantine\C\WINDOWS\TEMP\HP Support Framework\HPSF_Config1.dll.vir"
) do zip Files_for_submission %%g
del %0
Save this as submit.bat Choose to Save type as - All Files to your desktop then close the Notepad file.
It should look like this:


Double-click on submit.bat to allow it to run. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved.

Please submit it to this site ==> Submit a Malware Sample

and include this link in the message:

http://www.techsupportforum.com/forums/f50/guitar-playing-virus-1147625.html#post7158329


Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------
 
#6 ·
Hello again, PanMin. Thanks for submitting the file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    AutoKMS.exe
    
    :folderfind
    AutoKMS
    
    :regfind
    *KMS*
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
 
#7 ·
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top