Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google trojan solution found for another user need assist


  • This topic is locked This topic is locked
11 replies to this topic

#1 mrdragonfell

mrdragonfell

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 22 October 2014 - 09:27 PM

Have the same issue as http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/

 

Have downloaded the tool

 

Virus location is at C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes

 

here is first text

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by MrDragonfell (administrator) on MRDRAGONFELL-PC on 22-10-2014 21:22:50
Running from C:\Users\MrDragonfell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NW3NRKF
Loaded Profile: MrDragonfell (Available profiles: MrDragonfell)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Media Player\wmpshare.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\Run: [nlnoaybub] => regsvr32.exe /s "C:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll" <===== ATTENTION
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\MountPoints2: {ad040b87-fe8e-11d5-bd36-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\MountPoints2: {c3045a51-2c7a-11e4-bb3a-e839df81201e} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F1447A52B93C101
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {3C35E086-18B1-4380-A26D-377CCD582E53} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {3C35E086-18B1-4380-A26D-377CCD582E53} URL = https://www.google.com/search?q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F1B2B61-3746-4F53-9A51-CF257EEEA3C8}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9A6723CA-086F-4E8D-8F0B-20056EA0CD8F}: [NameServer] 8.8.8.8,8.8.8.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (YouTube) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]
CHR Extension: (Gmail) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-08-19] ()
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S3 sclbl; C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2014-08-27] ()
S3 cpuz137; \??\C:\Users\MRDRAG~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
R3 WinRing0_1_2_0; \??\C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\OpenHardwareMonitor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 21:19 - 2014-10-22 21:22 - 00000000 ____D () C:\FRST
2014-10-22 20:44 - 2014-10-22 20:44 - 00000067 _____ () C:\Users\MrDragonfell\Desktop\viruspath.txt
2014-10-20 17:09 - 2014-10-23 00:05 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-10-20 17:07 - 2014-10-20 17:07 - 00000460 _____ () C:\Windows\G600DFUTool.log
2014-10-20 16:47 - 2014-09-13 15:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-20 16:45 - 2014-09-16 23:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-20 16:45 - 2014-09-16 23:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-20 16:45 - 2014-09-13 18:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-20 16:33 - 2014-09-13 18:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-20 16:33 - 2014-09-13 18:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-20 16:29 - 2014-09-16 23:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-10-20 16:29 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-10-20 16:29 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-10-20 08:23 - 2014-10-20 08:24 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\TERA-Diagnostic
2014-10-20 08:17 - 2014-10-20 08:17 - 01209808 _____ () C:\Users\MrDragonfell\Downloads\Setup.exe
2014-10-19 15:59 - 2014-10-23 00:05 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9 (2).exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9 (1).exe
2014-10-19 15:59 - 2014-10-19 15:59 - 00000967 _____ () C:\Users\MrDragonfell\Desktop\TechPowerUp GPU-Z.lnk
2014-10-19 15:59 - 2014-10-19 15:59 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-10-18 03:13 - 2014-10-18 03:13 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-16 11:41 - 2014-10-16 11:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RzSynapse_01009.Wdf
2014-10-16 11:39 - 2014-10-16 11:39 - 00007500 _____ () C:\Windows\DPINST.LOG
2014-10-16 11:39 - 2014-10-16 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-10-16 11:39 - 2014-10-16 11:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-10-16 11:38 - 2014-10-16 11:38 - 25788752 _____ (Razer USA Ltd. ) C:\Users\MrDragonfell\Downloads\Razer_Nostromo_Driver_v2.02.exe
2014-10-15 15:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 15:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 15:25 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 15:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 15:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 15:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 15:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 15:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 15:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 15:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 15:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 15:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 15:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 15:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 15:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 15:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 15:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 15:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 15:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 15:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 15:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 15:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 15:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 15:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 15:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 15:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 15:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 15:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 15:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 15:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 15:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 15:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 15:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 15:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 15:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 15:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 15:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 15:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 15:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 15:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 15:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 15:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 15:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 15:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 15:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 15:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 15:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 15:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 15:24 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 15:24 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 15:24 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 15:24 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 15:24 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 15:24 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 15:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 15:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 15:24 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 15:24 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 15:24 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 15:24 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 15:24 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 15:24 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 15:24 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 02:11 - 2014-10-14 02:11 - 00000000 ____D () C:\ProgramData\Riot Games
2014-10-14 02:10 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-10-14 02:10 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-10-14 02:10 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-10-14 02:09 - 2014-10-14 02:09 - 00001241 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-10-14 02:09 - 2014-10-14 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-10-14 02:08 - 2014-10-14 02:10 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Riot Games
2014-10-14 02:02 - 2014-10-14 02:02 - 27864920 _____ (Riot Games) C:\Users\MrDragonfell\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-10-09 18:23 - 2014-10-09 18:23 - 00000000 ____D () C:\Users\MrDragonfell\Documents\Tlink
2014-10-09 18:12 - 2014-10-09 18:13 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\Tlink
2014-10-09 17:52 - 2014-10-09 17:56 - 00000000 ____D () C:\Users\MrDragonfell\Documents\NetGearL
2014-10-09 17:25 - 2014-10-09 17:50 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\NetGearL
2014-10-08 12:00 - 2014-10-09 19:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-08 12:00 - 2014-10-08 12:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 12:00 - 2014-10-08 12:00 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-08 12:00 - 2014-10-08 12:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-08 11:49 - 2014-10-08 11:49 - 00362144 _____ () C:\Windows\Minidump\100814-10857-01.dmp
2014-10-08 10:30 - 2014-10-08 10:30 - 00110368 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-10-08 10:30 - 2014-10-08 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-10-08 10:30 - 2014-10-08 10:30 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-10-08 10:29 - 2014-10-08 10:29 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\VAC
2014-10-08 10:28 - 2014-10-08 10:28 - 00549492 _____ () C:\Users\MrDragonfell\Downloads\vac414.zip
2014-10-06 22:26 - 2014-10-06 22:26 - 00056545 _____ () C:\Users\MrDragonfell\Desktop\TERAG13.xml
2014-10-04 05:34 - 2014-10-04 05:34 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-10-04 05:33 - 2014-10-04 05:33 - 00000000 ____D () C:\Users\MrDragonfell\Downloads\MSIAfterburnerSetup400
2014-10-04 05:17 - 2014-10-04 05:17 - 34323316 _____ () C:\Users\MrDragonfell\Downloads\MSIAfterburnerSetup400.zip
2014-09-30 19:56 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:56 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 21:37 - 2014-09-29 21:37 - 00362144 _____ () C:\Windows\Minidump\092914-15990-01.dmp
2014-09-27 17:14 - 2014-09-27 17:14 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Logitech
2014-09-27 17:14 - 2014-09-27 17:14 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-27 17:10 - 2014-10-20 14:59 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-09-27 17:10 - 2014-10-20 14:59 - 00001557 _____ () C:\Windows\LkmdfCoInst.log
2014-09-27 17:10 - 2014-09-27 17:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 17:07 - 2014-09-27 17:07 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Logitech
2014-09-27 17:07 - 2014-09-27 17:07 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Logishrd
2014-09-27 17:05 - 2014-09-27 17:07 - 58423016 _____ (Logitech Inc.) C:\Users\MrDragonfell\Downloads\LGS_8.55.137_x64_Logitech.exe
2014-09-27 02:16 - 2014-10-19 04:30 - 00000000 ____D () C:\Program Files\Highresolution Enterprises
2014-09-27 02:16 - 2014-09-27 02:16 - 04252750 _____ () C:\Users\MrDragonfell\Downloads\XMouseButtonControlSetup.2.7.exe
2014-09-27 02:16 - 2014-09-27 02:16 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Highresolution Enterprises
2014-09-26 11:20 - 2014-10-21 18:32 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Tera_Awesomium
2014-09-24 04:23 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 04:23 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 10:53 - 2014-09-23 12:58 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00001447 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Program Files\iTunes
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Program Files\iPod
2014-09-23 10:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-23 10:52 - 2014-09-23 10:52 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\ProgramData\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-22 19:57 - 2014-09-23 12:10 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\Scarlet Blade Screenshots

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 00:05 - 2014-09-21 07:52 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-23 00:05 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-23 00:05 - 2014-08-19 07:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-22 21:14 - 2009-07-13 23:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 21:14 - 2009-07-13 23:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 21:12 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 21:11 - 2002-01-01 03:11 - 01922172 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 21:08 - 2014-08-19 23:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 21:07 - 2014-08-19 07:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 21:07 - 2014-08-18 21:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-22 21:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 21:07 - 2009-07-13 23:51 - 00040903 _____ () C:\Windows\setupact.log
2014-10-22 21:07 - 2002-01-01 01:16 - 00000000 ____D () C:\Users\MrDragonfell
2014-10-22 18:57 - 2014-08-19 07:19 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\XBMC
2014-10-20 17:03 - 2014-08-18 22:31 - 00005866 _____ () C:\Windows\PFRO.log
2014-10-20 17:01 - 2014-08-19 06:57 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-20 16:59 - 2014-08-20 19:44 - 00000000 ____D () C:\Program Files (x86)\ZOTAC FireStorm
2014-10-20 16:58 - 2014-08-19 07:46 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-20 16:29 - 2014-08-31 11:36 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\NVIDIA
2014-10-20 15:47 - 2014-08-27 16:30 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Akamai
2014-10-20 15:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-10-20 14:53 - 2014-09-10 20:44 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Adobe
2014-10-20 14:53 - 2014-08-18 23:24 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Adobe
2014-10-20 08:19 - 2014-08-19 23:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 08:19 - 2014-08-19 23:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 08:19 - 2014-08-19 23:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-19 04:44 - 2014-08-27 17:18 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Aeria Games
2014-10-16 23:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 11:41 - 2009-07-13 23:45 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 11:41 - 2002-01-01 20:22 - 00058912 _____ () C:\Users\MrDragonfell\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-16 03:01 - 2014-08-18 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2014-08-18 21:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 01:22 - 2014-08-19 07:46 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 11:49 - 2014-08-22 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 05:34 - 2014-08-31 11:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-02 15:53 - 2014-08-19 17:51 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-29 21:37 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\MrDragonfell\AppData\Local\Temp\ccemeiw.dll
C:\Users\MrDragonfell\AppData\Local\Temp\DJAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\dxwebsetup.exe
C:\Users\MrDragonfell\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\nvStInst.exe
C:\Users\MrDragonfell\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:43

==================== End Of Log ============================

 

here is the addition text

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by MrDragonfell at 2014-10-22 21:23:21
Running from C:\Users\MrDragonfell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1NW3NRKF
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Age of Conan: Unchained (HKLM-x32\...\Age of Conan_is1) (Version:  - Funcom)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AOC UI Installer 3.1.0 (HKLM-x32\...\{87464284-11C8-4F83-88EC-E8013320B789}) (Version: 3.1.0 - VikingWorks)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSI Kombustor 3.3.0 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.3 - NETGEAR)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
Razer Nostromo (HKLM-x32\...\{0214578F-4888-43FB-9E34-C14FCFDEDDEB}) (Version: 2.02.08 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
ScarletBlade (HKLM-x32\...\ScarletBlade) (Version:  - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
Visual C++ 2008 Runtime (x64) (x32 Version: 1.0.1 - Highresolution Enterprises) Hidden
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

20-10-2014 22:08:55 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
21-10-2014 15:38:11 Windows Update
23-10-2014 02:10:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FC9EFD3-5D6A-42A5-9770-F7B4BCC82FEF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1469054555-2732360396-1259575173-1000
Task: {574618B4-0879-4CEE-8663-2261E8161B04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {9606BE15-7624-4C22-8731-2E793D3D7D14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {A22EF187-6C16-4D03-85A8-836B7E2B7D81} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19] (Google Inc.)
Task: {C304972B-3A58-4EF6-BF44-946E582158E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E83EA912-2272-4BEF-B858-236C01699E27} - System32\Tasks\Open Hardware Monitor\Startup => C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\OpenHardwareMonitor.exe [2014-09-01] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-18 21:22 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-07-14 17:33 - 2014-09-01 01:09 - 00486912 _____ () C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\OpenHardwareMonitor.exe
2012-05-27 18:05 - 2014-09-01 01:09 - 00149504 _____ () C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\Aga.Controls.dll
2013-07-14 17:33 - 2014-09-01 01:09 - 00259584 _____ () C:\Users\MrDragonfell\Desktop\OC\OpenHardwareMonitor\OpenHardwareMonitorLib.dll
2002-01-01 19:41 - 2013-11-11 16:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2002-01-01 19:41 - 2013-12-05 15:00 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 00266240 _____ () C:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 00718152 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\libglesv2.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 00126280 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\libegl.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 08537928 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\pdf.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 00353096 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 01732936 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\ffmpegsumo.dll
2014-10-19 04:44 - 2014-10-19 04:44 - 14669128 _____ () C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3100v2 Genie.lnk => C:\Windows\pss\NETGEAR WNDA3100v2 Genie.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\MrDragonfell\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: iTunesHelper => "E:\Itunes\iTunesHelper.exe"
MSCONFIG\startupreg: Razer Nostromo Driver => C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1469054555-2732360396-1259575173-500 - Administrator - Disabled)
Guest (S-1-5-21-1469054555-2732360396-1259575173-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1469054555-2732360396-1259575173-1002 - Limited - Enabled)
MrDragonfell (S-1-5-21-1469054555-2732360396-1259575173-1000 - Administrator - Enabled) => C:\Users\MrDragonfell

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 09:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.104, time stamp: 0x5437298b
Faulting module name: chrome.dll, version: 38.0.2125.104, time stamp: 0x543726b0
Exception code: 0x80000003
Fault offset: 0x004d2f1f
Faulting process id: 0xbb0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (10/20/2014 06:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fwmcerk.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: nlnoaybub.dll, version: 0.0.0.0, time stamp: 0x54426597
Exception code: 0xc0000005
Fault offset: 0x000152db
Faulting process id: 0x16ec
Faulting application start time: 0xfwmcerk.exe0
Faulting application path: fwmcerk.exe1
Faulting module path: fwmcerk.exe2
Report Id: fwmcerk.exe3

Error: (10/20/2014 05:10:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Faulting module name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Exception code: 0xc0000005
Fault offset: 0x000000000000744a
Faulting process id: 0x16ac
Faulting application start time: 0xLCore.exe0
Faulting application path: LCore.exe1
Faulting module path: LCore.exe2
Report Id: LCore.exe3

Error: (10/20/2014 05:09:38 PM) (Source: MsiInstaller) (EventID: 11316) (User: MrDragonfell-PC)
Description: Product: Bonjour -- Error 1316. The specified account already exists.

Error: (10/20/2014 04:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Faulting module name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Exception code: 0xc0000005
Fault offset: 0x000000000000744a
Faulting process id: 0xaa4
Faulting application start time: 0xLCore.exe0
Faulting application path: LCore.exe1
Faulting module path: LCore.exe2
Report Id: LCore.exe3

Error: (10/20/2014 04:10:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Faulting module name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Exception code: 0xc0000005
Fault offset: 0x000000000000744a
Faulting process id: 0x760
Faulting application start time: 0xLCore.exe0
Faulting application path: LCore.exe1
Faulting module path: LCore.exe2
Report Id: LCore.exe3

Error: (10/20/2014 04:08:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Faulting module name: LCore.exe, version: 8.56.109.0, time stamp: 0x54189ff9
Exception code: 0xc0000005
Fault offset: 0x000000000000744a
Faulting process id: 0xc64
Faulting application start time: 0xLCore.exe0
Faulting application path: LCore.exe1
Faulting module path: LCore.exe2
Report Id: LCore.exe3

Error: (10/20/2014 03:42:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1670

Start Time: 01cfeca63f8771e4

Termination Time: 3

Application Path: C:\Windows\system32\mmc.exe

Report Id: a07d9da4-5899-11e4-a7b7-40167eaf0254

Error: (10/20/2014 03:34:53 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Installed DirectX). Additional information: 0x80070003.

Error: (10/20/2014 03:30:47 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030). Additional information: 0xc0000034.

System errors:
=============
Error: (10/20/2014 05:17:33 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 169.254.144.181.
The computer with the IP address 169.254.135.95 did not allow the name to be claimed by
this computer.

Error: (10/20/2014 04:57:05 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 169.254.144.181.
The computer with the IP address 169.254.135.95 did not allow the name to be claimed by
this computer.

Error: (10/20/2014 04:36:03 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 169.254.144.181.
The computer with the IP address 169.254.135.95 did not allow the name to be claimed by
this computer.

Error: (10/20/2014 04:13:17 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5F1B2B61-3746-4F53-9A51-CF257EEEA3C8}.
The backup browser is stopping.

Error: (10/20/2014 09:19:14 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{9B14F630-5451-496F-81BF-91A4230712DA}.
The backup browser is stopping.

Error: (10/20/2014 08:59:17 AM) (Source: BridgeMP) (EventID: 14702) (User: )
Description: Bridge [Adapter Realtek PCIe GBE Family Controller]:
The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.

Error: (10/20/2014 08:59:17 AM) (Source: BridgeMP) (EventID: 14702) (User: )
Description: Bridge [Adapter NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter]:
The bridge could not modify the network adapter's packet filter. The network adapter will not function correctly.

Error: (10/19/2014 04:04:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:03:17 PM on ‎10/‎19/‎2014 was unexpected.

Error: (10/19/2014 03:54:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:52:54 PM on ‎10/‎19/‎2014 was unexpected.

Error: (10/18/2014 08:26:44 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Microsoft Office Sessions:
=========================
Error: (10/22/2014 09:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1045437298bchrome.dll38.0.2125.104543726b080000003004d2f1fbb001cfee665bf61a5fC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll9aaed1a5-5a59-11e4-9896-40167eaf0254

Error: (10/20/2014 06:53:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fwmcerk.exe36.0.1985.14353e2e515nlnoaybub.dll0.0.0.054426597c0000005000152db16ec01cfecc0a3c8fe00C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exeC:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll47d32a6f-58b4-11e4-9473-40167eaf0254

Error: (10/20/2014 05:10:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.56.109.054189ff9LCore.exe8.56.109.054189ff9c0000005000000000000744a16ac01cfecb291afcf70C:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\LCore.exed653a875-58a5-11e4-b2fe-40167eaf0254

Error: (10/20/2014 05:09:38 PM) (Source: MsiInstaller) (EventID: 11316) (User: MrDragonfell-PC)
Description: Product: Bonjour -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/20/2014 04:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.56.109.054189ff9LCore.exe8.56.109.054189ff9c0000005000000000000744aaa401cfecadb688980eC:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\LCore.exe19f7ac65-58a1-11e4-90ea-40167eaf0254

Error: (10/20/2014 04:10:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.56.109.054189ff9LCore.exe8.56.109.054189ff9c0000005000000000000744a76001cfecaa49ec4efeC:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\LCore.exe8d31cb63-589d-11e4-b3a3-40167eaf0254

Error: (10/20/2014 04:08:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCore.exe8.56.109.054189ff9LCore.exe8.56.109.054189ff9c0000005000000000000744ac6401cfeca9ecba1630C:\Program Files\Logitech Gaming Software\LCore.exeC:\Program Files\Logitech Gaming Software\LCore.exe3469fce4-589d-11e4-b3a3-40167eaf0254

Error: (10/20/2014 03:42:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mmc.exe6.1.7600.16385167001cfeca63f8771e43C:\Windows\system32\mmc.exea07d9da4-5899-11e4-a7b7-40167eaf0254

Error: (10/20/2014 03:34:53 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Installed DirectX0x80070003

Error: (10/20/2014 03:30:47 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.610300xc0000034

==================== Memory info ===========================

Processor: AMD FX™-6300 Six-Core Processor
Percentage of memory in use: 51%
Total physical RAM: 4078.12 MB
Available physical RAM: 1979.73 MB
Total Pagefile: 16076.3 MB
Available Pagefile: 13537.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:8.57 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Storage) (Fixed) (Total:465.66 GB) (Free:57.01 GB) NTFS
Drive f: (WINDOWS7_INSTALL) (CDROM) (Total:3.02 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 22 October 2014 - 09:34 PM

on the original post the admin was able to provide a script that's all I need and im good to go!



#3 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 22 October 2014 - 11:49 PM

sigh, stupid fake google eating all my ram :(



#4 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 October 2014 - 10:44 AM

so many people reading this still no response going to probably just go ahead and do a fresh install



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:24 PM

Posted 23 October 2014 - 11:37 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi mrdragonfell,

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\Run: [nlnoaybub] => regsvr32.exe /s "C:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll" <===== ATTENTION
C:\Users\MrDragonfell\AppData\Local\Aeria Games
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy
C:\Users\MrDragonfell\AppData\Local\Temp\ccemeiw.dll
C:\Users\MrDragonfell\AppData\Local\Temp\DJAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\dxwebsetup.exe
C:\Users\MrDragonfell\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\nvStInst.exe
C:\Users\MrDragonfell\AppData\Local\Temp\vcredist_x86.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 October 2014 - 01:33 PM

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by MrDragonfell at 2014-10-23 13:32:29 Run:3
Running from C:\Users\MrDragonfell\Desktop
Loaded Profile: MrDragonfell (Available profiles: MrDragonfell)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
(Google Inc.) C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\Run: [nlnoaybub] => regsvr32.exe /s "C:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll" <===== ATTENTION
C:\Users\MrDragonfell\AppData\Local\Aeria Games
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy
C:\Users\MrDragonfell\AppData\Local\Temp\ccemeiw.dll
C:\Users\MrDragonfell\AppData\Local\Temp\DJAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\dxwebsetup.exe
C:\Users\MrDragonfell\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MrDragonfell\AppData\Local\Temp\nvStInst.exe
C:\Users\MrDragonfell\AppData\Local\Temp\vcredist_x86.exe
*****************

C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy\Rqfnqes\fwmcerk.exe => No running process found
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nlnoaybub => value deleted successfully.
C:\Users\MrDragonfell\AppData\Local\Aeria Games => Moved successfully.
"C:\Users\MrDragonfell\AppData\LocalLow\EmieSiteList\zbfffoy" => File/Directory not found.
C:\Users\MrDragonfell\AppData\Local\Temp\ccemeiw.dll => Moved successfully.
C:\Users\MrDragonfell\AppData\Local\Temp\DJAPI.dll => Moved successfully.
C:\Users\MrDragonfell\AppData\Local\Temp\dxwebsetup.exe => Moved successfully.
C:\Users\MrDragonfell\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\MrDragonfell\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\MrDragonfell\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.

==== End of Fixlog ====



#7 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 October 2014 - 01:36 PM

everything looks clear here is a rescan! thank you so much please guide me to your donate button toffee

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by MrDragonfell (administrator) on MRDRAGONFELL-PC on 23-10-2014 13:35:20
Running from C:\Users\MrDragonfell\Desktop
Loaded Profile: MrDragonfell (Available profiles: MrDragonfell)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\MountPoints2: {ad040b87-fe8e-11d5-bd36-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\MountPoints2: {c3045a51-2c7a-11e4-bb3a-e839df81201e} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-08-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1F1447A52B93C101
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F1B2B61-3746-4F53-9A51-CF257EEEA3C8}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9A6723CA-086F-4E8D-8F0B-20056EA0CD8F}: [NameServer] 8.8.8.8,8.8.8.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-19]
CHR Extension: (Google Drive) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-23]
CHR Extension: (YouTube) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-19]
CHR Extension: (Google Search) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-19]
CHR Extension: (Google Wallet) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-23]
CHR Extension: (Gmail) - C:\Users\MrDragonfell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2014-08-19] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 rzjoystk; C:\Windows\System32\DRIVERS\rzjoystk.sys [19968 2011-03-24] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [157184 2011-07-14] (Razer USA Ltd)
S3 sclbl; C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2014-08-27] ()
S3 cpuz137; \??\C:\Users\MRDRAG~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 23:13 - 2014-10-22 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-22 22:22 - 2014-10-22 22:22 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Blocker
2014-10-22 22:22 - 2014-10-22 22:22 - 00000000 ____D () C:\Program Files\Softros Systems
2014-10-22 22:01 - 2014-10-22 22:01 - 00065892 _____ () C:\Users\MrDragonfell\Desktop\otherdudeslist.txt
2014-10-22 21:53 - 2014-10-23 13:31 - 00001848 _____ () C:\Users\MrDragonfell\Desktop\fixdraft.txt
2014-10-22 21:39 - 2014-10-23 13:35 - 00007679 _____ () C:\Users\MrDragonfell\Desktop\FRST.txt
2014-10-22 21:39 - 2014-10-22 21:40 - 00023118 _____ () C:\Users\MrDragonfell\Desktop\Addition.txt
2014-10-22 21:39 - 2014-10-22 21:39 - 02112000 _____ (Farbar) C:\Users\MrDragonfell\Desktop\FRST64.exe
2014-10-22 21:19 - 2014-10-23 13:35 - 00000000 ____D () C:\FRST
2014-10-22 20:44 - 2014-10-22 20:44 - 00000067 _____ () C:\Users\MrDragonfell\Desktop\viruspath.txt
2014-10-20 17:09 - 2014-10-22 23:13 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-10-20 17:07 - 2014-10-20 17:07 - 00000460 _____ () C:\Windows\G600DFUTool.log
2014-10-20 16:47 - 2014-09-13 15:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-20 16:45 - 2014-09-16 23:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-20 16:45 - 2014-09-16 23:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-20 16:45 - 2014-09-13 18:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-10-20 16:45 - 2014-09-13 18:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-20 16:33 - 2014-09-13 18:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-20 16:33 - 2014-09-13 18:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-20 16:29 - 2014-09-16 23:51 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-20 16:29 - 2014-09-13 18:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-10-20 16:29 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-10-20 16:29 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-10-20 08:23 - 2014-10-20 08:24 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\TERA-Diagnostic
2014-10-20 08:17 - 2014-10-20 08:17 - 01209808 _____ () C:\Users\MrDragonfell\Downloads\Setup.exe
2014-10-19 15:59 - 2014-10-23 00:05 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9 (2).exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01655080 _____ (techPowerUp (www.techpowerup.com)) C:\Users\MrDragonfell\Downloads\GPU-Z.0.7.9 (1).exe
2014-10-19 15:59 - 2014-10-19 15:59 - 00000967 _____ () C:\Users\MrDragonfell\Desktop\TechPowerUp GPU-Z.lnk
2014-10-19 15:59 - 2014-10-19 15:59 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-10-18 03:13 - 2014-10-18 03:13 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-16 11:41 - 2014-10-16 11:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RzSynapse_01009.Wdf
2014-10-16 11:39 - 2014-10-16 11:39 - 00007500 _____ () C:\Windows\DPINST.LOG
2014-10-16 11:39 - 2014-10-16 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-10-16 11:39 - 2014-10-16 11:39 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-10-16 11:38 - 2014-10-16 11:38 - 25788752 _____ (Razer USA Ltd. ) C:\Users\MrDragonfell\Downloads\Razer_Nostromo_Driver_v2.02.exe
2014-10-15 15:25 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 15:25 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 15:25 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 15:25 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 15:25 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 15:25 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 15:25 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 15:25 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 15:25 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 15:25 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 15:25 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 15:25 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 15:25 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 15:25 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 15:25 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 15:25 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 15:25 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 15:25 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 15:25 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 15:25 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 15:25 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 15:25 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 15:25 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 15:25 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 15:25 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 15:25 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 15:25 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 15:25 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 15:25 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 15:25 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 15:25 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 15:25 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 15:25 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 15:25 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 15:25 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 15:25 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 15:25 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 15:25 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 15:25 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 15:25 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 15:25 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 15:25 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 15:25 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 15:25 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 15:25 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 15:25 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 15:25 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 15:25 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 15:25 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 15:25 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 15:25 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 15:25 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 15:25 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 15:25 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 15:24 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 15:24 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 15:24 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 15:24 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 15:24 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 15:24 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 15:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 15:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 15:24 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 15:24 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 15:24 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 15:24 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 15:24 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 15:24 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 15:24 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 15:24 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 02:11 - 2014-10-14 02:11 - 00000000 ____D () C:\ProgramData\Riot Games
2014-10-14 02:10 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-10-14 02:10 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-10-14 02:10 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-10-14 02:09 - 2014-10-14 02:09 - 00001241 _____ () C:\Users\Public\Desktop\League of Legends.lnk
2014-10-14 02:09 - 2014-10-14 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-10-14 02:08 - 2014-10-14 02:10 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Riot Games
2014-10-14 02:02 - 2014-10-14 02:02 - 27864920 _____ (Riot Games) C:\Users\MrDragonfell\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2014-10-09 18:23 - 2014-10-09 18:23 - 00000000 ____D () C:\Users\MrDragonfell\Documents\Tlink
2014-10-09 18:12 - 2014-10-09 18:13 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\Tlink
2014-10-09 17:52 - 2014-10-09 17:56 - 00000000 ____D () C:\Users\MrDragonfell\Documents\NetGearL
2014-10-09 17:25 - 2014-10-09 17:50 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\NetGearL
2014-10-08 12:00 - 2014-10-09 19:09 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-08 12:00 - 2014-10-08 12:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-08 12:00 - 2014-10-08 12:00 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-08 12:00 - 2014-10-08 12:00 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-08 11:49 - 2014-10-08 11:49 - 00362144 _____ () C:\Windows\Minidump\100814-10857-01.dmp
2014-10-08 10:30 - 2014-10-08 10:30 - 00110368 _____ (Eugene V. Muzychenko) C:\Windows\system32\Drivers\vrtaucbl.sys
2014-10-08 10:30 - 2014-10-08 10:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
2014-10-08 10:30 - 2014-10-08 10:30 - 00000000 ____D () C:\Program Files\Virtual Audio Cable
2014-10-08 10:29 - 2014-10-08 10:29 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\VAC
2014-10-08 10:28 - 2014-10-08 10:28 - 00549492 _____ () C:\Users\MrDragonfell\Downloads\vac414.zip
2014-10-06 22:26 - 2014-10-06 22:26 - 00056545 _____ () C:\Users\MrDragonfell\Desktop\TERAG13.xml
2014-10-04 05:34 - 2014-10-04 05:34 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-10-04 05:33 - 2014-10-04 05:33 - 00000000 ____D () C:\Users\MrDragonfell\Downloads\MSIAfterburnerSetup400
2014-10-04 05:17 - 2014-10-04 05:17 - 34323316 _____ () C:\Users\MrDragonfell\Downloads\MSIAfterburnerSetup400.zip
2014-09-30 19:56 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 19:56 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 21:37 - 2014-09-29 21:37 - 00362144 _____ () C:\Windows\Minidump\092914-15990-01.dmp
2014-09-27 17:14 - 2014-09-27 17:14 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Logitech
2014-09-27 17:14 - 2014-09-27 17:14 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-27 17:10 - 2014-10-23 01:22 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-09-27 17:10 - 2014-10-23 01:22 - 00002333 _____ () C:\Windows\LkmdfCoInst.log
2014-09-27 17:10 - 2014-09-27 17:10 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-27 17:07 - 2014-09-27 17:07 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Logitech
2014-09-27 17:07 - 2014-09-27 17:07 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Logishrd
2014-09-27 17:05 - 2014-09-27 17:07 - 58423016 _____ (Logitech Inc.) C:\Users\MrDragonfell\Downloads\LGS_8.55.137_x64_Logitech.exe
2014-09-27 02:16 - 2014-10-19 04:30 - 00000000 ____D () C:\Program Files\Highresolution Enterprises
2014-09-27 02:16 - 2014-09-27 02:16 - 04252750 _____ () C:\Users\MrDragonfell\Downloads\XMouseButtonControlSetup.2.7.exe
2014-09-27 02:16 - 2014-09-27 02:16 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Highresolution Enterprises
2014-09-26 11:20 - 2014-10-23 11:31 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Tera_Awesomium
2014-09-24 04:23 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 04:23 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-23 10:53 - 2014-09-23 12:58 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00001447 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Program Files\iTunes
2014-09-23 10:53 - 2014-09-23 10:53 - 00000000 ____D () C:\Program Files\iPod
2014-09-23 10:53 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-23 10:52 - 2014-09-23 10:52 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\ProgramData\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 10:52 - 2014-09-23 10:52 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 13:34 - 2014-08-19 07:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 13:34 - 2014-08-18 21:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-23 13:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 13:34 - 2009-07-13 23:51 - 00041285 _____ () C:\Windows\setupact.log
2014-10-23 13:33 - 2002-01-01 03:11 - 01943857 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 13:08 - 2014-08-19 23:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 12:58 - 2014-08-19 07:46 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 10:49 - 2009-07-13 23:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 10:49 - 2009-07-13 23:45 - 00016928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 10:48 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 00:05 - 2014-09-21 07:52 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-23 00:05 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-23 00:05 - 2014-08-19 07:46 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 00:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-22 21:43 - 2014-08-18 22:31 - 00006600 _____ () C:\Windows\PFRO.log
2014-10-22 21:07 - 2002-01-01 01:16 - 00000000 ____D () C:\Users\MrDragonfell
2014-10-22 18:57 - 2014-08-19 07:19 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\XBMC
2014-10-20 17:01 - 2014-08-19 06:57 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-20 17:01 - 2014-08-18 21:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-20 16:59 - 2014-08-20 19:44 - 00000000 ____D () C:\Program Files (x86)\ZOTAC FireStorm
2014-10-20 16:29 - 2014-08-31 11:36 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\NVIDIA
2014-10-20 15:47 - 2014-08-27 16:30 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Akamai
2014-10-20 15:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\security
2014-10-20 14:53 - 2014-09-10 20:44 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Local\Adobe
2014-10-20 14:53 - 2014-08-18 23:24 - 00000000 ____D () C:\Users\MrDragonfell\AppData\Roaming\Adobe
2014-10-20 08:19 - 2014-08-19 23:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-20 08:19 - 2014-08-19 23:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-20 08:19 - 2014-08-19 23:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 23:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 11:41 - 2009-07-13 23:45 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 11:41 - 2002-01-01 20:22 - 00058912 _____ () C:\Users\MrDragonfell\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-16 03:01 - 2014-08-18 21:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2014-08-18 21:03 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 01:22 - 2014-08-19 07:46 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-08 11:49 - 2014-08-22 21:53 - 00000000 ____D () C:\Windows\Minidump
2014-10-04 05:34 - 2014-08-31 11:24 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-02 15:53 - 2014-08-19 17:51 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-29 21:37 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-23 12:10 - 2014-09-22 19:57 - 00000000 ____D () C:\Users\MrDragonfell\Desktop\Scarlet Blade Screenshots

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 00:43

==================== End Of Log ============================



#8 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 October 2014 - 01:41 PM

I just wish I knew how to create that script! or at least where the line

 

HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\Run: [nlnoaybub] => regsvr32.exe /s

 

is compiled from? I know I have came across that number in my registry while I was trying to track this badboy. Also the nlnoaybub.dll" that was at attention in the script what was that exactly? I noticed it was hidden in my aria games folder which was a game I have not played for some time but launcher I kept running in the background for no reason really.



#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:24 PM

Posted 23 October 2014 - 02:31 PM

Hi mrdragonfell,
 
It's quite easy when you know what everything means and whether something should be removed. Easiest way to learn is through malware training however.
 
The full line is HKU\S-1-5-21-1469054555-2732360396-1259575173-1000\...\Run: [nlnoaybub] => regsvr32.exe /s "C:\Users\MrDragonfell\AppData\Local\Aeria Games\nlnoaybub.dll" <===== ATTENTION which can be found in the FRST log you created. The nlnoaybub.dll file is the malicious file which was loading the browser and recreating the chrome process. I am guessing the malware chose a random folder in that location and just so happened to choose that one.
 
If you want to donate, you may do so here.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 mrdragonfell

mrdragonfell
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 October 2014 - 10:51 PM

I saw that they offered training here. but there are no slots available :( as a disabled vet I would love to learn and become a part of this community! I build about 6-12 custom pc's a year locally but everytime one of my friends gets infected I just have to do a fresh install. If there is anyway A special consideration could be made to help tutor me in this process or guide me to self teaching I would definitely do everything I could to pay it forward to others.

 

I can provide proof of my time in service and of disability as well! Thank you so much for all you do toffee if you have any hardware issues or need help building a custom box at a budget don't hesitate to contact me!



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:24 PM

Posted 24 October 2014 - 02:01 PM

Hi mrdragonfell,

 

Keep checking back and you may see a space open up. It's the best thing you can do and can be very rewarding to go through. When a place opens up you have to fill in a form, you can mention about it there.

 

Thank you, I will keep the kind offer in mind.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:24 PM

Posted 29 October 2014 - 04:02 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users