User Tag List

Multiple programs hanging

This is a discussion on Multiple programs hanging within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. A couple of weeks ago I posted in another part of the forum that my current PDF viewer, PDFlite, was


 
 
Thread Tools Search this Thread
Old 04-24-2019, 09:10 AM   #1
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



A couple of weeks ago I posted in another part of the forum that my current PDF viewer, PDFlite, was hanging when I attempted to start it, and would not close even through use of the Task Manager it would not close.

I attempted to post in here about it at the time, but doing a virus scan with Microsoft Security Essentials would (and still does) hang upon hitting C:\Windows\sysWOW64\unregmp2.exe

Additionally my computer fails to update, or even find the updates.

Restarting my computer does not seem to fix any of these problems.

Recently, one of my nephews told me Steam had a similar failure where it began to hang, though it seemed to close properly. Now I cannot get it open however, and Task Manager reports one Steam.exe running, though it will not be ended by the task manager either.

All of this strikes me as behaviour likely from a virus of some kind, though it may just be something else. Could I please get some assistance in figuring out what is wrong?

I've been trying to post this in the Malware forum via Firefox, but for some reason when I hit Submit the page goes white and nothing happens.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23.04.2019
Ran by Kaz (administrator) on INQUISITOR (MSI MS-7821) (24-04-2019 10:38:32)
Running from C:\Users\Kaz\Downloads
Loaded Profiles: Kaz (Available Profiles: Kaz)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSizeSvc.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Smart Connect software -> ) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) [File not signed] C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Brio) [File not signed] C:\Program Files\FolderSize\FolderSize.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Discord Inc. -> Discord Inc.) C:\Users\Kaz\AppData\Local\Discord\app-0.0.305\Discord.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\MRT.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
() [File not signed] C:\Program Files (x86)\TableSmith52\TableSmith.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\setup_wm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(GOLD CLICK LIMITED -> Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
(Corsair Components, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google) C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7575768 2014-05-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe [37221424 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [53540200 2019-03-26] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Run: [Folder Size] => C:\Program Files\FolderSize\FolderSize.exe [169472 2013-02-13] (Brio) [File not signed]
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\MountPoints2: {7dee50b0-7651-11e4-a897-448a5b86249c} - H:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [3036112 2018-11-06] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-18\...\RunOnce: [KyhuRAcNvF] => "C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1\win32k.exe"
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [180224 2009-06-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\...\Drivers32: [vidc.VP61] => C:\Windows\SysWOW64\vp6vfw.dll [447752 2016-09-05] (Electronic Arts -> On2.com)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\Installer\chrmstp.exe [2019-04-14] (Google LLC -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0363C9A4-CBC4-4005-8C3D-A52779BE1876} - System32\Tasks\{CA194D92-20B6-45CA-A8D1-278C7DFAC3AC} => E:\Games\TGames\Mechwarrior\autoconfig.exe
Task: {1189DC0E-F439-4D21-9D27-5E3D5F4B9D46} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {1E1A2E45-FBC1-4A27-83BC-5E8596B9E667} - System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => C:\Windows\system32\pcalua.exe -a "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal\HMPlusSetup.exe" -d "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal"
Task: {2E6CB8EE-C549-4661-95C3-C20FC6FA356E} - System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {330BA693-F1A1-4CDA-9D00-6889E528856F} - System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "E:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {35C654FF-3DB3-4096-8446-6B4082E0CE04} - System32\Tasks\{9A58FEC6-4F50-4D62-BBC1-05AF0BCA76CB} => E:\Games\TGames\Mechwarrior\MechWarriors 4 Vengeance_Expansion_MechPaks\MechWarrior 4 Vengeance\mw4x\MW4x.exe
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {39B8BB3B-9827-43A4-BB76-3DF38EA61629} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {638D123F-77E2-49D4-9D5C-F064C7E3E19F} - System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d E:\SteamLibrary\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="E:\SteamLibrary\steamapps\common\Antichamber\Binaries\Redist\physx\P (the data entry has 34 more characters).
Task: {6ADE2C4C-5CAB-4409-A525-636D3D7005D9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {6E663022-CF52-494F-BDDA-8F55C9516950} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040 [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {7197999C-5F84-4134-9A03-85160E5DFD91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {733413E3-0B49-4EA6-95A3-FB54F761517B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {75C7C21B-10B3-4FD4-8438-71B0A116DE05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {93014A1C-407D-4431-9678-60037904C474} - System32\Tasks\Opera scheduled Autoupdate 1437361655 => C:\Program Files (x86)\Opera\launcher.exe [1252440 2019-03-28] (Opera Software AS -> Opera Software)
Task: {96F40638-2C11-4B8C-A232-5EB115C20A17} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [3220640 2013-08-27] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [File not signed]
Task: {9A6DD3FE-11E4-4812-A376-E245C65C0395} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2019-03-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {A0E29073-89BD-44C7-8CB4-10662AE88DE0} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe
Task: {C902606B-BF45-4DF7-810D-27B2C231B058} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {CB7ECCA6-C428-4627-8E6B-AF01E41DEFFA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-01-09] (Advanced Micro Devices, Inc.) [File not signed]
Task: {E5B7CA0E-7B80-4562-9822-EDBD77542850} - System32\Tasks\Connect => C:\Program Files (x86)\MAGIX\Connect\connect.exe [356936 2017-08-02] (MAGIX Software GmbH -> MAGIX Software GmbH)
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
Task: {EBC42920-B387-4E12-8FFE-68362C206E8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd -> Piriform Ltd)
Task: {FC5F345F-C9BC-4315-9927-33271FEB66A0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_pepper.exe [1452544 2019-02-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Connect.job => C:\Program Files (x86)\MAGIX\Connect\connect.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{858B7A0A-E6D2-44AD-9272-458B32DBCE1C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3138771545-412995871-3342752947-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D092214-AA5B8F5E3375944B284F&form=CONBDF&conlogo=CT3330934&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3138771545-412995871-3342752947-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_3&ent=ch_5036&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Minecraft\Java\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Minecraft\Java\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Eyeo GmbH -> Adblock Plus) [File not signed]

FireFox:
========
FF ProfilePath: C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default [2019-04-24]
FF Homepage: Mozilla\Firefox\Profiles\zuskzjh9.default -> cracked.com
FF Session Restore: Mozilla\Firefox\Profiles\zuskzjh9.default -> is enabled.
FF Extension: (Privacy Badger) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\[email protected] [2019-02-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-04-19]
FF Extension: (DownThemAll!) - C:\Users\Kaz\AppData\Roaming\Mozilla\Firefox\Profiles\zuskzjh9.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-30] [Legacy]
FF Plugin: @Adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin: @Java.com/DTPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.171.2 -> E:\Minecraft\Java\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_156.dll [2019-03-12] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-03-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: BYOND -> E:\BYOND\bin\npbyond.dll [2008-07-08] (BYOND) [File not signed]
FF Plugin HKU\S-1-5-21-3138771545-412995871-3342752947-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-07-05] (Ubisoft Entertainment Sweden AB -> )
FF Plugin ProgramFiles/Appdata: C:\Users\Kaz\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2014-06-15]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_3&ent=hp_5036&src=5036"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default [2019-04-24]
CHR Extension: (Docs) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-07]
CHR Extension: (Google Drive) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-04-24]
CHR Extension: (Google Search) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-18]
CHR Extension: (Edit PDF in Docs Online - PDFfiller) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcbeibnlppnnddmmbfgaghnhhokedkbp [2018-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-14]
CHR Extension: (Gmail) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\Kaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-13]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [499080 2019-01-09] (Advanced Micro Devices, Inc. -> AMD)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-01-09] (AMD) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-15] (BattlEye Innovations e.K. -> )
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2018-02-10] (BitRaider LLC -> BitRaider, LLC)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [46640 2018-10-31] (Corsair Components, Inc. -> Corsair Memory, Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-07-25] (Creative Labs) [File not signed]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-01-03] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn, Inc. -> LogMeIn Inc.)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-14] (Hi-Rez Studios) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] (Intel(R) Smart Connect software -> )
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
S3 Media Jukebox 14 Service; C:\Program Files (x86)\J River\Media Jukebox 14\JRService.exe [379400 2010-07-15] (J. River Inc. -> J. River, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [437200 2018-11-06] (TEFINCOM S.A. -> )
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2304304 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3175728 2019-04-09] (Electronic Arts, Inc. -> Electronic Arts)
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-04-21] (Plays.tv, LLC -> Copyright (c) 2017 Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2018-08-16] (Even Balance, Inc. -> )
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-11] (Qualcomm Atheros) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [52783496 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [581000 2019-01-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [92944 2018-10-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [104840 2018-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2019-01-05] (BitRaider -> BitRaider)
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [46944 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [23392 2018-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz146; C:\Windows\temp\cpuz146\cpuz146_x64.sys [52824 2019-04-14] (CPUID -> CPUID)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] (Intel(R) Smart Connect software -> )
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] (Intel(R) Smart Connect software -> )
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] (Intel(R) Smart Connect software -> )
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] (Intel(R) Smart Connect software -> )
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc. -> Qualcomm Atheros, Inc.)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1758208 2011-08-27] (Creative Labs Inc -> Creative Technology Ltd.)
R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 mcdbus; C:\Windows\SysWOW64\DRIVERS\mcdbus.sys [255552 2009-02-24] (JiaPing Gan -> MagicISO, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-16] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31232 2016-07-11] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2018-06-07] (TEFINCOM S.A. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 10:38 - 2019-04-24 10:40 - 000038053 _____ C:\Users\Kaz\Downloads\FRST.txt
2019-04-24 10:38 - 2019-04-24 10:38 - 000000000 ____D C:\FRST
2019-04-24 10:35 - 2019-04-24 10:38 - 002436096 _____ (Farbar) C:\Users\Kaz\Downloads\FRST64.exe
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ C:\Users\Kaz\AppData\Local\recently-used.xbel
2019-04-14 18:40 - 2019-04-14 18:40 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Free PDF Soulutions
2019-04-14 18:39 - 2019-04-14 18:39 - 006728584 _____ (Free PDF Soulutions) C:\Users\Kaz\Downloads\pdfreader_setup.exe
2019-04-14 18:35 - 2019-04-14 18:36 - 046052856 _____ (Mozilla) C:\Users\Kaz\Downloads\Firefox_Setup_66.0.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11.exe
2019-04-14 18:31 - 2019-04-14 18:31 - 001254504 _____ (Nitro) C:\Users\Kaz\Downloads\nitro_pro11 (1).exe
2019-04-13 17:04 - 2019-04-13 17:04 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Google
2019-04-13 17:03 - 2019-04-13 17:03 - 000000000 ____D C:\Users\Kaz\skype-export
2019-04-10 23:42 - 2019-04-14 19:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-04-10 18:46 - 2019-04-10 18:46 - 001245940 _____ (Bruce Gulke ) C:\Users\Kaz\Downloads\TS52setup.exe
2019-03-31 19:33 - 2019-04-21 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\RenPy
2019-03-29 21:56 - 2019-03-29 22:28 - 000000000 ____D C:\Users\Kaz\Documents\Planescape Torment - Enhanced Edition
2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ C:\Program Files (x86)\GUTD47D.tmp
2019-03-28 16:20 - 2019-03-28 16:20 - 000000000 ____D C:\Program Files (x86)\GUMD47C.tmp
2019-03-26 20:46 - 2019-03-26 20:46 - 000001089 _____ C:\Users\Kaz\Desktop\BattletechModManager.ico.lnk
2019-03-26 20:46 - 2019-03-26 20:46 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Battletech Mod Manager

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-24 10:17 - 2019-03-20 22:06 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\StardewValley
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:59 - 2009-07-13 23:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-24 09:04 - 2016-11-17 12:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Mozilla
2019-04-24 01:50 - 2014-09-01 15:08 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adblock Plus for IE
2019-04-24 01:06 - 2014-06-14 16:34 - 000000000 ____D C:\Program Files (x86)\Steam
2019-04-23 21:24 - 2017-05-02 22:00 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-04-20 20:18 - 2014-12-18 09:12 - 000000000 ____D C:\Users\Kaz\AppData\Local\gtk-2.0
2019-04-20 20:18 - 2014-12-18 09:10 - 000000000 ____D C:\Users\Kaz\.gimp-2.8
2019-04-20 19:38 - 2014-06-15 00:24 - 000000000 ____D C:\Users\Kaz\Documents\my games
2019-04-18 22:58 - 2017-09-22 20:56 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Heat_Signature
2019-04-18 14:41 - 2014-10-17 12:44 - 129330784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-04-18 14:41 - 2014-10-17 12:44 - 000000000 ____D C:\Windows\system32\MRT
2019-04-15 19:59 - 2018-11-01 10:09 - 000000000 ____D C:\Program Files (x86)\Origin
2019-04-15 16:00 - 2016-12-23 01:21 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\discord
2019-04-15 10:28 - 2015-08-09 23:10 - 000000000 ____D C:\Users\Kaz\AppData\LocalLow\Adobe
2019-04-14 19:30 - 2014-06-14 15:50 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-14 19:30 - 2014-06-14 15:50 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-14 19:12 - 2009-07-14 00:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-14 19:12 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-04-14 19:05 - 2017-11-14 12:38 - 000000340 _____ C:\Windows\Tasks\Connect.job
2019-04-14 19:04 - 2015-09-16 00:28 - 000000000 ____D C:\Users\Kaz\AppData\Local\LogMeIn Hamachi
2019-04-14 19:03 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-14 19:02 - 2014-06-14 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-04-14 18:44 - 2014-07-23 13:08 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Audacity
2019-04-14 18:05 - 2015-08-09 23:08 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-04-14 18:03 - 2014-09-06 13:36 - 000000000 ____D C:\Users\Kaz\AppData\Local\Adobe
2019-04-13 17:03 - 2014-06-14 15:31 - 000000000 ____D C:\Users\Kaz
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Users\Kaz\Documents\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TableSmith
2019-04-10 18:47 - 2016-10-17 22:53 - 000000000 ____D C:\Program Files (x86)\TableSmith52
2019-04-07 20:11 - 2014-06-14 19:14 - 000000000 ____D C:\Users\Kaz\AppData\Local\CrashDumps
2019-04-05 22:51 - 2015-07-19 22:07 - 000000000 ____D C:\Program Files (x86)\Opera
2019-04-05 22:41 - 2018-07-24 09:08 - 000001306 _____ C:\Users\Public\Desktop\Skype.lnk
2019-04-05 22:41 - 2018-07-24 09:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-03-25 00:15 - 2018-12-13 22:58 - 000000000 ____D C:\Users\Kaz\AppData\Roaming\Surviving Mars

==================== Files in the root of some directories =======

2019-03-28 16:20 - 2019-03-28 16:20 - 007505920 _____ () C:\Program Files (x86)\GUTD47D.tmp
2015-10-20 11:37 - 2015-10-20 11:37 - 000001099 _____ () C:\Program Files (x86)\RepairSurge.lnk
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
2019-04-20 20:18 - 2019-04-20 20:18 - 000001426 _____ () C:\Users\Kaz\AppData\Local\recently-used.xbel
2014-06-15 04:31 - 2018-09-30 18:48 - 000007665 _____ () C:\Users\Kaz\AppData\Local\Resmon.ResmonCfg
2016-04-17 23:34 - 2016-04-17 23:34 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{609C432A-7AF6-4E98-8708-7ABAB6E8D089}
2015-06-29 11:24 - 2015-06-29 11:24 - 000000000 _____ () C:\Users\Kaz\AppData\Local\{E17CFB37-5925-44F5-AE95-23DA374C46A4}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-23 15:02
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (113.7 KB, 4 views)
Aderas is offline  
Sponsored Links
Advertisement
 
Old 04-25-2019, 08:28 AM   #2
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Welcome to the TSF Malware Removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions completely before you complete them.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it before proceeding.
  • If you don't respond to your topic in 3 days, it will be closed. In the event this topic is closed and you still need help, please start a new topic with a link to this one.
  • If you have questions about anything during the cleanup, please ask.


------------------------------------

Did you set your browser home page to MyStart?

------------------------------------

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

µTorrent (HKU\S-1-5-21-3138771545-412995871-3342752947-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== ATTENTION
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)

------------------------------------

Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [KyhuRAcNvF] => "C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1\win32k.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1E1A2E45-FBC1-4A27-83BC-5E8596B9E667} - System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => C:\Windows\system32\pcalua.exe -a "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal\HMPlusSetup.exe" -d "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal"
Task: {2E6CB8EE-C549-4661-95C3-C20FC6FA356E} - System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {330BA693-F1A1-4CDA-9D00-6889E528856F} - System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "E:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {638D123F-77E2-49D4-9D5C-F064C7E3E19F} - System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d E:\SteamLibrary\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="E:\SteamLibrary\steamapps\common\Antichamber\Binaries\Redist\physx\P (the data entry has 34 more characters).
Task: {7197999C-5F84-4134-9A03-85160E5DFD91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
AlternateDataStreams: C:\Users\Kaz\AppData\Local\Temp:$DATA? [16]

C:\Program Files (x86)\ProxyGate
C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1

File: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
Folder: C:\Program Files (x86)\GUMD47C.tmp

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.

Let me know if the problems persist.
iMacg3 is offline  
Old 04-25-2019, 09:27 AM   #3
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



I have followed all posted instructions thus far. During Farbar's fix run, it seems to have begun to hung, and has been in that state for about 10-15 minutes now.

The Fixlog file has generated and its contents as follows.

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.04.2019
Ran by Kaz (25-04-2019 10:57:06) Run:1
Running from C:\Users\Kaz\Downloads
Loaded Profiles: Kaz (Available Profiles: Kaz)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [KyhuRAcNvF] => "C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1\win32k.exe"
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1E1A2E45-FBC1-4A27-83BC-5E8596B9E667} - System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => C:\Windows\system32\pcalua.exe -a "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal\HMPlusSetup.exe" -d "D:\Writing\All Users\Roleplaying\Battletech (New)\HeavyMetal"
Task: {2E6CB8EE-C549-4661-95C3-C20FC6FA356E} - System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => C:\Windows\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{532F6E8A-AF97-41C3-915F-39F718EC07D1} /l1033
Task: {330BA693-F1A1-4CDA-9D00-6889E528856F} - System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "E:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {638D123F-77E2-49D4-9D5C-F064C7E3E19F} - System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => C:\Windows\system32\pcalua.exe -a C:\Windows\System32\msiexec.exe -d E:\SteamLibrary\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="E:\SteamLibrary\steamapps\common\Antichamber\Binaries\Redist\physx\P (the data entry has 34 more characters).
Task: {7197999C-5F84-4134-9A03-85160E5DFD91} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
AlternateDataStreams: C:\Users\Kaz\AppData\Local\Temp:$DATA? [16]
C:\Program Files (x86)\ProxyGate
C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1
File: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
Folder: C:\Program Files (x86)\GUMD47C.tmp

*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KyhuRAcNvF" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E1A2E45-FBC1-4A27-83BC-5E8596B9E667}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E1A2E45-FBC1-4A27-83BC-5E8596B9E667}" => removed successfully
C:\Windows\System32\Tasks\{681A53BA-0F18-4C30-9168-0149580F01DB} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{681A53BA-0F18-4C30-9168-0149580F01DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6CB8EE-C549-4661-95C3-C20FC6FA356E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6CB8EE-C549-4661-95C3-C20FC6FA356E}" => removed successfully
C:\Windows\System32\Tasks\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4AD0D8BF-8660-449C-8E9F-016CCAAA15E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{330BA693-F1A1-4CDA-9D00-6889E528856F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330BA693-F1A1-4CDA-9D00-6889E528856F}" => removed successfully
C:\Windows\System32\Tasks\{FFFD1769-7D35-4E02-8057-939473DB3998} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFFD1769-7D35-4E02-8057-939473DB3998}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{638D123F-77E2-49D4-9D5C-F064C7E3E19F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{638D123F-77E2-49D4-9D5C-F064C7E3E19F}" => removed successfully
C:\Windows\System32\Tasks\{B043CB37-FF33-4921-8CAC-02503F50BEF6} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B043CB37-FF33-4921-8CAC-02503F50BEF6}" => removed successfully
Aderas is offline  
Sponsored Links
Advertisement
 
Old 04-25-2019, 03:50 PM   #4
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,


The fixlog.txt file is incomplete. Please try to copy and paste it again.
iMacg3 is offline  
Old 04-25-2019, 06:37 PM   #5
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



It is incomplete because the Farbar program freezes on me when I try to run it in Fix mode. I am not sure why.

That's all the data I have from fixlog.txt.
Aderas is offline  
Old 04-26-2019, 08:02 AM   #6
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,


I've modified the FRST script. Try running it again:


Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::

CloseProcesses:

Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
FF Plugin: @  microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @  microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
AlternateDataStreams: C:\Users\Kaz\AppData\Local\Temp:$DATA? [16]

C:\Program Files (x86)\ProxyGate
C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1

File: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
Folder: C:\Program Files (x86)\GUMD47C.tmp

EmptyTemp:

End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
When the fix is complete the tool will create a log (Fixlog.txt) in the same directory it was run from.
Copy and paste the contents of Fixlog.txt into your next reply.
iMacg3 is offline  
Old 04-26-2019, 05:07 PM   #7
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



It ran to completion this time. It is worth noting that it attempted to restart my computer afterwards, but as usual the computer did not progress past the 'shutting down' screen. I was forced to manually shut it down and reboot it.


Fix result of Farbar Recovery Scan Tool (x64) Version: 25.04.2019
Ran by Kaz (26-04-2019 18:40:39) Run:2
Running from C:\Users\Kaz\Downloads
Loaded Profiles: Kaz (Available Profiles: Kaz)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
Task: {831A0ED5-334F-4CCB-887A-5BD5998646BC} - System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => C:\Windows\system32\pcalua.exe -a D:\FontsEtc\bp_mw_ss.exe -d D:\FontsEtc
Task: {8D2006E3-EEC3-443C-8F1E-D40A82D221D9} - System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => C:\Windows\system32\pcalua.exe -a D:\Programs\EVE\setup.exe -d D:\Programs\EVE
Task: {E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C} - System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => C:\Windows\system32\pcalua.exe -a "E:\SteamLibrary\steamapps\common\Hitman Codename 47\setup.exe" -d "E:\SteamLibrary\steamapps\common\Hitman Codename 47"
Task: {EB902CEC-2C32-4DCE-8EA3-A622F191B6AE} - System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\ -c /autorun
FF Plugin: @ microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx <not found>
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (GOLD CLICK LIMITED -> Gold Click Ltd) <==== ATTENTION
S3 atillk64; \??\C:\Program Files (x86)\ASUS\GPU Tweak\atillk64.sys [X]
S3 BRDriver64_1_3_1_1FB80738; \??\C:\ProgramData\BitRaider\support\1.3.1\1FB80738\BRDriver64.sys [X]
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
2018-06-03 18:59 - 2018-06-03 18:59 - 000000000 _____ () C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini
2014-11-13 00:19 - 2014-11-13 09:57 - 000000003 _____ () C:\Users\Kaz\AppData\Local\proxy.log
AlternateDataStreams: C:\Users\Kaz\AppData\Local\Temp:$DATA? [16]
C:\Program Files (x86)\ProxyGate
C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1
File: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
Folder: C:\Program Files (x86)\GUMD47C.tmp
EmptyTemp:

*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{831A0ED5-334F-4CCB-887A-5BD5998646BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{831A0ED5-334F-4CCB-887A-5BD5998646BC}" => removed successfully
C:\Windows\System32\Tasks\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43B2D8BE-7AF6-46E8-ABE1-86EFCF667867}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D2006E3-EEC3-443C-8F1E-D40A82D221D9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D2006E3-EEC3-443C-8F1E-D40A82D221D9}" => removed successfully
C:\Windows\System32\Tasks\{DE659DEC-691D-476B-90A5-A982242FA9B1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DE659DEC-691D-476B-90A5-A982242FA9B1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5BA5D9C-2BE1-4770-9EBC-B5CFDB30062C}" => removed successfully
C:\Windows\System32\Tasks\{9535329C-90C9-4E70-A3F4-12EBEE8493A5} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9535329C-90C9-4E70-A3F4-12EBEE8493A5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB902CEC-2C32-4DCE-8EA3-A622F191B6AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB902CEC-2C32-4DCE-8EA3-A622F191B6AE}" => removed successfully
C:\Windows\System32\Tasks\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{988C3BA0-C8EA-4F76-99B5-F953CD9244B0}" => removed successfully
HKLM\Software\MozillaPlugins\@ microsoft.com/GENUINE => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@ microsoft.com/GENUINE => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dghncoeocefmhkhiphdgikkamjeglbfh => removed successfully
HKLM\System\CurrentControlSet\Services\pgt_svc => removed successfully
pgt_svc => service removed successfully
HKLM\System\CurrentControlSet\Services\atillk64 => removed successfully
atillk64 => service removed successfully
HKLM\System\CurrentControlSet\Services\BRDriver64_1_3_1_1FB80738 => removed successfully
BRDriver64_1_3_1_1FB80738 => service removed successfully
HKLM\System\CurrentControlSet\Services\CLMirrorDriver => removed successfully
CLMirrorDriver => service removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\MSICDSetup => removed successfully
MSICDSetup => service removed successfully
HKLM\System\CurrentControlSet\Services\NTIOLib_1_0_C => removed successfully
NTIOLib_1_0_C => service removed successfully
C:\Users\Kaz\AppData\Roaming\FC29FA0894FE.ini => moved successfully
C:\Users\Kaz\AppData\Local\proxy.log => moved successfully
C:\Users\Kaz\AppData\Local\Temp => ":$DATA?" ADS could not remove.
C:\Program Files (x86)\ProxyGate => moved successfully
"C:\Windows\system32\config\SYSTEM~1\AppData\Local\YXVHVH~1" => not found

========================= File: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe ========================

C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
File not signed
MD5: 7757014CF90EC2685E8ACDC1774AFA3F
Creation and modification date: 2003-09-04 15:21 - 2003-09-04 15:21
Size: 000757760
Attributes: ----A
Company Name: InstallShield Software Corporation
Internal Name: InstallDriver
Original Name: InstallDriver.EXE
Product: InstallDriver Module
Description: InstallDriver Module
File Version: 9.00.333
Product Version: 9.00
Copyright: Copyright (C) 2003 InstallShield Software Corp.
VirusTotal: https://www.virustotal.com/file/c081...is/1555709413/

====== End of File: ======


========================= Folder: C:\Program Files (x86)\GUMD47C.tmp ========================

2019-03-28 16:20 - 2019-03-28 16:20 - 000292648 ___AT [27322C0A2F2B96D47EBA58E550FC85F2] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleCrashHandler.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000369960 ___AT [D92F091D2C3D686FD17ED0F441768425] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleCrashHandler64.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000156456 ___AT [FBC17BBA12B23433AFEAA9DA138B9B1A] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdate.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000100136 ___AT [0FE546732413AC42046A36F739B063F1] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateBroker.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000177448 ___AT [7D4A5D2C3BE057EEA014DD3D7A08D3C2] () C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateComRegisterShell64.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000752424 ___AT [6D37412968A6E3242710255A8015F6E1] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateCore.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000040960 ___AT [BC2703B6E27C16242284F831C44AD3EA] () C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateHelper.msi
2019-03-28 16:20 - 2019-03-28 16:20 - 000100136 ___AT [5D5A0950E50318416EC3E1487D2FE63E] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateOnDemand.exe
2019-03-28 16:20 - 2019-03-18 18:16 - 001214008 ____A [281B3EF49E8399B0A00DBF6643D49AA3] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateSetup.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 000100136 ___AT [265B865C37503B9DB540A912913612C4] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\GoogleUpdateWebPlugin.exe
2019-03-28 16:20 - 2019-03-28 16:20 - 001083688 ___AT [0E93218F6DE56FF1859C75D7784EEFDE] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdate.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000045864 ___AT [EF01658F6B280903FF33554E690ED7B3] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_am.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000044840 ___AT [AF761BE9F504A907CEE26F8B84E78A0C] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ar.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [23B476D8A50A24DEA83BDADB5D18BA3B] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_bg.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [182496A1548FA2C3994CD28C4F45F81E] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_bn.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [76897F3B34F5406FAD2A73BF9C949C6D] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ca.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [6FEE6358D2FC63A0360D7B7062E0B71B] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_cs.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [814948B06E4A5E55C80414CF53A49B4D] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_da.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048936 ___AT [85B10C8A06A430D47F6F51078A16267F] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_de.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [13DA9B858609E47AFAD908324829C39F] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_el.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000045864 ___AT [BEA053DBE0ED0CBDE42EA4C7CFA598CD] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_en.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000045864 ___AT [0001F0B87063B2DC35B5B1E68C668679] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_en-GB.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048936 ___AT [249E6A320F3B46D30490F57179384742] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_es.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [6CE732221FB44CEC239A1ADB553BF842] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_es-419.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [23A742324E15EA331AD6299E0616DA87] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_et.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000045864 ___AT [461CC484EEB6B02E3715F4E110926EF3] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_fa.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [80455A0657D6D909F37974555C247EF7] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_fi.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [AACEABDC9793774CC2BB62D3AD11A4B9] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_fil.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [E05DB677DE98FDFACA0EF75150BDF0BF] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_fr.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [FAEA204297CA2DF2BD3F192A5F511C4A] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_gu.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [0D5C2FB66F5029FC8DC89AB947FDE4F8] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_hi.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [4249C2C361FC8488DE3754D624CE364B] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_hr.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [61F7DE3DF93EEE70324C23B441F8E1FF] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_hu.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [CF18940B86D19A8479A310D26B9C40C2] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_id.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [05CDA4A9E66BE97AFA5A66BC0CC301F9] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_is.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [280DD02087C35FA70C2AB97025FC8A85] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_it.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000044328 ___AT [641A65991BA196B3377293C937ED8DDF] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_iw.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000043304 ___AT [F8D66AF42BBCD2075F5BDCA27811FF80] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ja.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [ED6F177349401CC5081EDD6DA2432C6E] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_kn.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000042280 ___AT [E9D22CA9A5EC33F126A4C343E9D95DFC] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ko.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [55F9DD7A68C4417E617C909FF7CF7FCB] („Google LLC“) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_lt.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [89455EE22C2928C02F625AEC7DEEC1D6] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_lv.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000049960 ___AT [ED8E3A055BF890E3408A28686DA2A9BD] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ml.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [03C2ADAC9977912C9B814E8693A117A7] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_mr.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [9F7A8B8F7BEF01C1B435DD411BA6CA81] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ms.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047912 ___AT [AB01AF4041A2A953EC0CC2C0DB874514] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_nl.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [3D84836660E508342AE83FAB0C8AF3B1] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_no.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [2BF2EC437D1BFE1808F216FDEC2874EB] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_pl.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [D1B9A1B379E6AC0365569B724C83B907] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_pt-BR.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [0520866FBCED5D4E6EB34064D1473688] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_pt-PT.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [BB1DF0AE124C34486BE19980ADDE3C55] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ro.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [8B190D1DFFF5C5B0A02369A4B50C1D99] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ru.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [62B17ADE3B5656DFA49DEC1B2CE54B1D] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_sk.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000047400 ___AT [0E88C3014FD2DB4CEAAA83B2B7CA9EB3] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_sl.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [1F74EBD791B4345BEA3FB1D207C3E2CB] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_sr.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [F7A78CE1136F3F650596349F08783009] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_sv.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [809D886CEE49C22894E133DB7FD891C3] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_sw.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048936 ___AT [25667AE01FE46E9F9CFC9B3151CD2D3B] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ta.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000048424 ___AT [03E2A52B5422006BFA748E7A38022329] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_te.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000045864 ___AT [0896769F1FA07B3D8703B074D69A72BF] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_th.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [3B476CCAC64C0E4A33A00088B4402165] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_tr.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [8374F4C9E46CF4EA674F24A0B92B3BF7] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_uk.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046888 ___AT [78B039B42E65C9AC02FF41DD1F3E7857] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_ur.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000046376 ___AT [0AB519FABBCA65C53BBCF673BCB6CD2C] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_vi.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000040744 ___AT [370ED86303D31462A3224CA45BB8A1BB] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_zh-CN.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000040744 ___AT [3C575982D39CCC810D7BE20EC0FF0745] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\goopdateres_zh-TW.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000778536 ___AT [78CF8E4F9D1D211415E1ED8EDCD2CF7D] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\npGoogleUpdate3.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000208680 ___AT [A46CE61211E8159D26C44A4647849096] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\psmachine.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000250664 ___AT [1E01A2ED2961B9A4683F107051273057] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\psmachine_64.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000208680 ___AT [8834FC12E91B2C1CA8213751D1748180] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\psuser.dll
2019-03-28 16:20 - 2019-03-28 16:20 - 000250664 ___AT [34CEF00FCDA08EF4867E4D1033CACFE8] (Google LLC) C:\Program Files (x86)\GUMD47C.tmp\psuser_64.dll

====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43834178 B
Java, Flash, Steam htmlcache => 558680755 B
Windows/system/drivers => 13063188001 B
Edge => 0 B
Chrome => 288778326 B
Firefox => 1409332511 B
Opera => 72009438 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55326386 B
systemprofile32 => 4669028 B
LocalService => 66228 B
NetworkService => 17729323 B
Kaz => 785255939 B

RecycleBin => 0 B
EmptyTemp: => 15.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:44:36 ====
Aderas is offline  
Old 04-26-2019, 07:14 PM   #8
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,

Farbar Recovery Scan Tool - Scan

  • Right-click FRST/FRST64 and select Run as Administrator.
  • Ensure Addition.txt is checked and click Scan.
  • Once the scan is complete, click OK to the "Scan Complete" message box and OK to the Addition.txt box.
  • Two reports will be open in Notepad.
  • Copy and paste their contents into your next reply.
Let me know how the computer is doing.
iMacg3 is offline  
Old 04-28-2019, 07:46 AM   #9
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



Computer is still having the same symptoms as before- will not shut down properly, can't update it, and Task Manager will often not close frozen programs.

The files combined are too long, so I am posting them as attachments.
Attached Files
File Type: txt Addition.txt (112.4 KB, 4 views)
File Type: txt FRST.txt (37.9 KB, 3 views)
Aderas is offline  
Old 04-28-2019, 08:20 AM   #10
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi,


Did you set your browser home page to MyStart?


Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • Click on Get Started.
  • Another window will appear - select Get Started. Select whether you would like to send anonymous data to ESET.
  • Click on the Full Scan option.
  • Click on the option to Enable ESET to detect and remove potentially unwanted applications, and select Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop with a name like ESETlog.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • On your desktop, a file will be created called ESETlog.txt. Open it, then copy and paste its contents into your next reply.

--------------------------------------------------


Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers)..
iMacg3 is offline  
Old 04-30-2019, 11:44 AM   #11
Registered Member
 
Join Date: Apr 2009
Posts: 186
OS: Windows 7



My browser is set to MyStart.

Both programs froze during operations, but I will try to run them again after a restart.

I apologize for the lacking information, the site has refused my posts three times now.
Aderas is offline  
Old 04-30-2019, 03:21 PM   #12
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



No problem.
iMacg3 is offline  
Old 05-03-2019, 07:35 AM   #13
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Due to lack of response, this topic will now be closed.

If you need continued support, please begin a new thread, and provide a link to this topic.

This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

https://www.techsupportforum.com/f50...lp-305963.html
iMacg3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Multiple Audio/Graphics Programs in Add/Remove Prgms
I was deleting a program today and decided to look through the Add/Remove Programs list to see if there was anything else I could remove. I noticed multiple entries referring to "Audio" and multiple entries referring to "Graphics". Sorry - I know this is a Sound Card Forum - but I'd like to show...
flydonna Sound Cards 4 04-10-2014 08:08 AM
Urgent Help: DNS server keeps changing & redirecting pages
Hi, My problem is that every time my laptop restarts my DNS server settings changes to the following : preferred DNS server : 93.188.163.48 alternate DNS server : 93.188.161.195 which are not mine surfing the net with these sittings delaying my computer very much, pop ups keep coming, giving...
pharaoh00 Resolved HJT Threads 7 05-24-2010 02:08 PM
Multiple symptoms: programs not opening, crashing...
Here is my problem on my XP sp2 computer, which before this recent incident ran flawlessly. 1. Itunes, Adobe PDF files, Macromedia Fireworks and Dreamweaver do not open. I usually get the "encountered a problem" message that gives me the chance to report the problem to Microsoft. Sometimes I...
snjakebt Inactive Malware Help Topics 0 12-28-2008 04:13 AM
Nasty Recurring Adware / Malware - Multiple Trojans / Programs
I've defeated malware / trojans / viruses on my own before through heavy use of anti-spyware programs like Ad-Aware SE and have gone through Hijack This before....but this one is so nasty. Yesterday, I was getting nearly infinite new tabs to the same kinds of sites on IE. On this computer...
cw98 Inactive Malware Help Topics 2 12-17-2007 08:01 AM
about:blank and windows security center popup problem
I'm to my wit's end... I've tried everything it seems. It started with a few popup windows and now Spybot is catching 55 different entries for everything from coolwebsearch to klez! AdAware usually shows 3 registry problems but doesn't elaborate. McAfee pretty much does nothing. My main...
boni_jabroni Resolved HJT Threads 15 07-28-2005 06:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:10 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts