Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Angler Exploit post


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rammanjeff

Rammanjeff

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 31 October 2014 - 11:14 PM

Greetings,

 

I think I have been infected with an Angler Exploit kit. I am usually pretty savvy with malware and virus removal but this one has gotten the better of me thus far so I am here to ask for help.

 

FRST reports attached.

 

UPDATE: I have found and manually removed a file from sys32/drivers directory named Truesight.sys and the corresponding registry strings. I will continue to see what else I can find until help arrives. I will post new reports when desired.

Attached Files


Edited by Rammanjeff, 01 November 2014 - 08:36 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 AM

Posted 06 November 2014 - 08:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554200 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Rammanjeff

Rammanjeff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 06 November 2014 - 06:41 PM

Still getting notifications from Norton that Angler Exploit kit has attempted to download to my machine. Multiple notifications for this rootkit. I have manually found a suspicious file named Truesight.sys in Sys32 folder and deleted it along with its registry strings. I am not sure if this was the solution or not. We shall see. I do have the original Win7 disk.

 

DDS follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116  BrowserJavaVersion: 11.25.2
Run by MASTER at 15:28:35 on 2014-11-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16280.12625 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Users\MASTER\AppData\Roaming\Verizon\UA_ar\UA.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Windows\explorer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\MASTER\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERIZO~1.LNK - C:\Users\MASTER\AppData\Roaming\Verizon\UA_ar\UA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: Interfaces\{C11984FF-2F87-425B-B156-E73761C40A99} : NameServer = 68.87.69.150,68.87.85.102
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2013-3-5 292136]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2013-3-3 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-3-3 128512]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-16 1149760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-24 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-24 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-7-2 1796928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-29 19440960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-24 410952]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-7-1 1832072]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-8-26 142640]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-3-2 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-3-2 88832]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-2 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-7 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-24 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-24 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-7-2 20288]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-16 38048]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-2 565352]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-3-5 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
.
=============== Created Last 30 ================
.
2014-11-06 02:10:13 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-06 02:06:27 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-06 02:06:13 -------- d-----w- C:\ProgramData\Oracle
2014-11-06 01:56:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-11-01 21:43:43 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-29 13:48:12 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-25 10:51:48 -------- d-----w- C:\Windows\ERUNT
2014-10-24 22:25:48 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-24 21:53:13 614544 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-17 05:22:00 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-10-17 05:22:00 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-10-17 05:22:00 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434411.dll
2014-10-17 05:21:59 1876296 ----a-w- C:\Windows\System32\nvdispco6434411.dll
2014-10-17 05:00:30 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2014-10-17 04:55:57 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-17 04:55:56 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-17 04:55:56 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-17 04:55:55 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-17 04:55:55 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-17 04:55:55 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-10-17 04:55:55 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-10-17 04:53:56 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-10-17 04:53:56 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-10-16 16:55:31 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
.
==================== Find3M  ====================
.
2014-11-06 20:55:25 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-29 13:47:46 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-16 14:11:40 6883136 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-16 14:11:40 3533632 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-16 14:11:36 933064 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-16 14:11:36 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-16 14:11:36 384200 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-16 14:11:36 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-15 00:48:02 4047877 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-04 06:42:47 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-04 06:42:47 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-04 06:41:43 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-04 06:41:43 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 15:57:06 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 15:57:06 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-20 05:17:42 2236928 ----a-w- C:\Windows\System32\wininet.dll
2014-09-20 05:16:11 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07 67072 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57 1762816 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 15:28:50.92 ===============

 

Additional Attach.txt:

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/2/2013 9:10:08 PM
System Uptime: 11/5/2014 8:36:27 AM (31 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | 990FXA-UD3
Processor: AMD FX™-8120 Eight-Core Processor            | CPU 1 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 12.425 GiB free.
D: is FIXED (NTFS) - 488 GiB total, 380.604 GiB free.
E: is FIXED (NTFS) - 244 GiB total, 240.209 GiB free.
F: is FIXED (NTFS) - 199 GiB total, 195.37 GiB free.
G: is CDROM (CDFS)
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 10/25/2014 4:13:41 AM - End of disinfection
RP169: 11/1/2014 11:00:01 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Photoshop 7.0
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
ANT Drivers Installer x64
Battle.net
Call of Duty: Ghosts
Call of Duty: Ghosts - Multiplayer
Catalyst Control Center InstallProxy
CCleaner
CPUID HWMonitor 1.21
D3DX10
Dokan Library 0.6.0
Dolby Home Theater v4
Elevated Installer
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
Etron USB3.0 Host Controller
Fraps
Garmin Express
Garmin Express Tray
Google Earth
Google Update Helper
Grand Theft Auto IV
Java 8 Update 25
Java 8 Update 25 (64-bit)
Java Auto Updater
Junk Mail filter update
LiveUpdate 3.3 (Symantec Corporation)
Logitech Gaming Software
Logitech Gaming Software 8.40
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 4 Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 344.46
NVIDIA 3D Vision Driver 344.48
NVIDIA Control Panel 344.48
NVIDIA GeForce Experience 2.1.3
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.48
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.56
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.56
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
PFPortChecker 1.0.39
Photo Common
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
SAMSUNG USB Driver for Mobile Phones
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
Spybot - Search & Destroy
Steam
SUABnR
swMSM
Symantec Endpoint Protection
The Elder Scrolls Online Beta
The Elder Scrolls V: Skyrim
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VLC media player 2.0.5
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
11/5/2014 6:50:43 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user AMD_8CORE\MASTER SID (S-1-5-21-1309053964-2238085186-3160769977-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/5/2014 6:50:43 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user AMD_8CORE\MASTER SID (S-1-5-21-1309053964-2238085186-3160769977-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/5/2014 5:59:50 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:  An instance of the service is already running.
11/5/2014 5:59:44 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:  An instance of the service is already running.
11/5/2014 5:58:44 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error:  An instance of the service is already running.
11/5/2014 5:57:50 AM, Error: Service Control Manager [7031]  - The Workstation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2014 5:57:50 AM, Error: Service Control Manager [7031]  - The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
11/5/2014 5:57:50 AM, Error: Service Control Manager [7031]  - The DNS Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/5/2014 5:57:50 AM, Error: Service Control Manager [7031]  - The Cryptographic Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2014 5:57:44 AM, Error: Service Control Manager [7034]  - The Function Discovery Provider Host service terminated unexpectedly.  It has done this 1 time(s).
11/5/2014 5:57:44 AM, Error: Service Control Manager [7034]  - The Diagnostic Service Host service terminated unexpectedly.  It has done this 1 time(s).
11/5/2014 5:57:44 AM, Error: Service Control Manager [7031]  - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
11/5/2014 5:57:44 AM, Error: Service Control Manager [7031]  - The Windows Font Cache Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2014 5:57:44 AM, Error: Service Control Manager [7031]  - The Network Store Interface Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/5/2014 5:57:44 AM, Error: Service Control Manager [7031]  - The Network List Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
11/5/2014 5:57:44 AM, Error: Service Control Manager [7031]  - The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
.
==== End Of File ===========================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:00 AM

Posted 08 November 2014 - 08:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 Rammanjeff

Rammanjeff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 08 November 2014 - 05:04 PM

Reports follow:

 

Question on the AdwCleaner report. Do I want to delete those registry strings? They are not obvious issues to me and I didn't want to delete them without being certain.

Awaiting further instructions..

 

# AdwCleaner v4.100 - Report created 08/11/2014 at 13:54:58
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : MASTER - AMD_8CORE
# Running from : C:\Users\MASTER\Desktop\adwcleaner_4.100.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1116 octets] - [08/11/2014 13:48:17]
AdwCleaner[R1].txt - [1177 octets] - [08/11/2014 13:53:04]
AdwCleaner[S0].txt - [1101 octets] - [08/11/2014 13:54:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1161 octets] ##########

 

 

FRST Reports follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by MASTER (administrator) on AMD_8CORE on 08-11-2014 13:59:38
Running from C:\Users\MASTER\Desktop
Loaded Profile: MASTER (Available profiles: MASTER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\MASTER\AppData\Roaming\Verizon\UA_ar\UA.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-03] (NVIDIA Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [507744 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115560 2010-05-06] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\...\MountPoints2: {392d6c1f-2c24-11e4-8aff-94de802132ef} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\MASTER\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{C11984FF-2F87-425B-B156-E73761C40A99}: [NameServer] 68.87.69.150,68.87.85.102

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\MASTER\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-05-06] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2010-05-06] (Symantec Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-03] (NVIDIA Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-03] (NVIDIA Corporation)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3234848 2010-08-05] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [425800 2010-07-01] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1832072 2010-07-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-11-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20141107.002\eng64.sys [129752 2014-10-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20141107.002\ex64.sys [2137304 2014-10-22] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [447536 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482352 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32304 2010-03-08] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173616 2013-03-03] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [64048 2009-12-28] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2010-08-05] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)
S3 cLE^cBNSD; \??\C:\ProgramData\000F91A4_S_tvn [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 13:59 - 2014-11-08 13:59 - 00017424 _____ () C:\Users\MASTER\Desktop\FRST.txt
2014-11-08 13:59 - 2014-11-08 13:59 - 00000000 ____D () C:\FRST
2014-11-08 13:58 - 2014-11-08 13:58 - 02115584 _____ (Farbar) C:\Users\MASTER\Desktop\FRST64.exe
2014-11-08 13:48 - 2014-11-08 13:54 - 00000000 ____D () C:\AdwCleaner
2014-11-08 13:45 - 2014-11-08 13:45 - 02145792 _____ () C:\Users\MASTER\Desktop\adwcleaner_4.100.exe
2014-11-07 15:53 - 2014-10-29 16:56 - 00614728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-07 15:51 - 2014-10-29 20:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-07 15:51 - 2014-10-29 20:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00416912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-07 15:51 - 2014-10-29 20:53 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-06 15:26 - 2014-11-06 15:26 - 00688992 ____R (Swearware) C:\Users\MASTER\Downloads\dds.com
2014-11-05 18:10 - 2014-11-05 18:10 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-05 18:09 - 2014-11-05 18:10 - 49416188 _____ () C:\Users\MASTER\Downloads\jre-8u25-windows-x64.exe.x95qe5h.partial
2014-11-05 18:09 - 2014-11-05 18:09 - 00000000 ____D () C:\Program Files\Java
2014-11-05 18:07 - 2014-11-05 18:07 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\Oracle
2014-11-05 18:06 - 2014-11-05 18:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-05 18:06 - 2014-11-05 18:06 - 00000000 ____D () C:\ProgramData\Sun
2014-11-05 18:06 - 2014-11-05 18:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-05 18:06 - 2014-11-05 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-05 18:06 - 2014-11-05 18:06 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-05 17:56 - 2014-11-05 18:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-05 17:31 - 2013-12-20 18:28 - 00450660 _____ () C:\Windows\system32\Drivers\etc\hosts.20141105-173150.backup
2014-11-01 13:43 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-29 05:48 - 2014-10-29 05:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-29 05:46 - 2014-10-31 17:42 - 14349744 _____ (Malwarebytes Corp.) C:\Users\MASTER\Downloads\mbar-1.07.0.1012.exe
2014-10-25 02:51 - 2014-10-25 03:13 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 14:25 - 2014-10-24 14:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-24 13:51 - 2014-10-29 20:53 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-24 13:51 - 2014-10-16 08:54 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434448.dll
2014-10-24 13:51 - 2014-10-16 08:54 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434448.dll
2014-10-24 12:59 - 2014-10-24 13:13 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 21:24 - 2014-10-16 21:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-16 21:22 - 2014-09-16 20:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-16 21:22 - 2014-09-16 20:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-16 21:22 - 2014-09-13 15:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-16 21:21 - 2014-09-13 15:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-16 21:00 - 2014-10-16 21:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 20:57 - 2014-09-19 21:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 20:57 - 2014-09-19 21:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 20:57 - 2014-09-19 21:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 20:57 - 2014-09-19 21:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 20:57 - 2014-09-19 21:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 20:57 - 2014-09-19 19:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-16 20:57 - 2014-09-19 19:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 20:57 - 2014-09-19 19:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 20:56 - 2014-09-19 21:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 20:56 - 2014-09-19 21:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 20:56 - 2014-09-19 21:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 20:56 - 2014-09-19 21:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 20:56 - 2014-09-19 21:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 20:56 - 2014-09-19 21:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 20:56 - 2014-09-19 21:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 20:56 - 2014-09-19 19:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 20:56 - 2014-09-19 19:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 20:56 - 2014-09-19 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 20:56 - 2014-09-19 19:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 20:56 - 2014-09-19 18:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-16 20:56 - 2014-09-19 18:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-16 20:56 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 20:56 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 20:56 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 20:56 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 20:56 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 20:56 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 20:56 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 20:56 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 20:56 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 20:56 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 20:56 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 20:56 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 20:56 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 20:56 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 20:56 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 20:56 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 20:56 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 20:56 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 20:56 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 20:56 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 20:55 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 20:55 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 20:55 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 20:55 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 20:55 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 20:55 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 20:55 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 20:53 - 2014-09-04 11:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-16 20:53 - 2014-09-04 11:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-16 08:55 - 2014-11-08 13:56 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 13:59 - 2013-03-02 21:12 - 01056203 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 13:57 - 2013-08-10 04:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 13:56 - 2014-09-10 08:14 - 00010290 _____ () C:\Windows\PFRO.log
2014-11-08 13:56 - 2014-09-10 08:14 - 00006003 _____ () C:\Windows\setupact.log
2014-11-08 13:56 - 2014-08-24 22:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-08 13:56 - 2013-03-24 23:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-08 13:56 - 2013-03-02 21:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-08 13:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 13:54 - 2013-03-24 23:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-08 03:44 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 03:43 - 2009-07-13 20:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 03:43 - 2009-07-13 20:45 - 00010208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 03:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-07 15:53 - 2013-03-02 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-07 15:53 - 2013-03-02 21:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-05 20:36 - 2013-03-02 22:07 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-05 18:13 - 2014-06-25 12:38 - 00000000 ____D () C:\Users\MASTER\AppData\Local\Minion
2014-11-05 18:13 - 2014-03-27 20:59 - 00000000 ____D () C:\Users\MASTER\AppData\Local\Black_Tree_Gaming
2014-11-05 18:13 - 2013-03-02 21:10 - 00000000 ____D () C:\Users\MASTER
2014-11-05 18:12 - 2009-07-13 23:46 - 00000000 ____D () C:\Windows\ShellNew
2014-10-29 20:53 - 2014-03-20 22:02 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-29 20:53 - 2013-03-02 21:12 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-29 18:10 - 2014-03-25 12:04 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-29 18:10 - 2013-03-02 21:12 - 06880968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-29 18:10 - 2013-03-02 21:12 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-29 18:10 - 2013-03-02 21:12 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-29 18:10 - 2013-03-02 21:12 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-29 18:10 - 2013-03-02 21:12 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-29 05:47 - 2014-08-24 22:38 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 16:34 - 2013-03-02 21:12 - 04066553 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-26 02:30 - 2009-07-13 21:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 14:49 - 2013-03-24 23:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 14:49 - 2013-03-24 23:48 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 13:48 - 2014-08-24 22:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 13:46 - 2013-06-30 14:55 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-10-24 13:46 - 2013-03-03 07:46 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-10-24 13:46 - 2013-03-03 07:46 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-24 13:46 - 2013-03-02 23:28 - 00000000 ____D () C:\Windows\system32\SPReview
2014-10-24 13:46 - 2013-03-02 23:28 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-10-24 13:46 - 2013-03-02 21:20 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-24 13:46 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-24 13:46 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-24 13:46 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-24 13:46 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Recovery
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2014-10-24 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-24 13:45 - 2014-08-25 08:16 - 00000000 ___RD () C:\Users\MASTER\Google Drive
2014-10-24 13:45 - 2014-06-28 20:40 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2014-10-24 13:45 - 2014-02-21 18:56 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\Battle.net
2014-10-24 13:45 - 2013-11-05 01:22 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-24 13:45 - 2013-03-24 20:27 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\vlc
2014-10-24 13:45 - 2013-03-03 11:06 - 00000000 ____D () C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-24 13:45 - 2013-03-02 21:10 - 00000000 ___RD () C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-24 13:45 - 2013-03-02 21:10 - 00000000 ___RD () C:\Users\MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 13:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-10-24 13:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-10-24 13:44 - 2014-08-24 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 13:44 - 2014-08-12 03:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-10-24 13:44 - 2014-03-20 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2014-10-24 13:44 - 2014-02-21 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-10-24 13:44 - 2014-02-21 18:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-24 13:44 - 2014-02-03 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ford Motor Company
2014-10-24 13:44 - 2014-01-12 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta
2014-10-24 13:44 - 2013-12-15 04:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-10-24 13:44 - 2013-11-13 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-10-24 13:44 - 2013-11-13 13:49 - 00000000 ____D () C:\Fraps
2014-10-24 13:44 - 2013-11-07 00:40 - 00000000 ____D () C:\Program Files (x86)\PFPortChecker
2014-10-24 13:44 - 2013-10-31 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-24 13:44 - 2013-10-31 09:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-24 13:44 - 2013-06-30 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-10-24 13:44 - 2013-03-24 21:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-24 13:44 - 2013-03-24 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-10-24 13:44 - 2013-03-24 21:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-24 13:44 - 2013-03-24 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-24 13:44 - 2013-03-04 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-24 13:44 - 2013-03-04 09:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 13:44 - 2013-03-03 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-10-24 13:44 - 2013-03-03 11:19 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-24 13:44 - 2013-03-03 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-24 13:44 - 2013-03-03 11:06 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-24 13:44 - 2013-03-03 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-24 13:44 - 2013-03-03 07:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-24 13:44 - 2013-03-03 07:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-24 13:44 - 2013-03-03 00:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-10-24 13:44 - 2013-03-03 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2014-10-24 13:44 - 2013-03-03 00:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft ActiveSync
2014-10-24 13:44 - 2013-03-02 22:53 - 00000000 ____D () C:\Program Files (x86)\MonitorDriver
2014-10-24 13:44 - 2013-03-02 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-24 13:44 - 2013-03-02 22:51 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-10-24 13:44 - 2013-03-02 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2014-10-24 13:44 - 2013-03-02 21:20 - 00000000 ____D () C:\Program Files (x86)\Dolby Home Theater v4
2014-10-24 13:44 - 2013-03-02 21:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-24 13:43 - 2009-07-13 23:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-24 13:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-24 13:39 - 2013-03-02 21:11 - 00000000 ____D () C:\NVIDIA
2014-10-24 13:13 - 2009-07-13 18:34 - 78643200 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-24 13:13 - 2009-07-13 18:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-24 13:13 - 2009-07-13 18:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-24 13:13 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-24 13:13 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-24 02:28 - 2014-06-18 15:31 - 00000000 ____D () C:\Users\MASTER\AppData\Local\Adobe
2014-10-16 21:16 - 2009-07-13 20:45 - 00284176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:59 - 2013-07-11 08:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 20:58 - 2013-03-02 22:36 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 09:43 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins

Some content of TEMP:
====================
C:\Users\MASTER\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MASTER\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\MASTER\AppData\Local\Temp\nvStInst.exe
C:\Users\MASTER\AppData\Local\Temp\Quarantine.exe
C:\Users\MASTER\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

LastRegBack: 2014-11-05 00:39

==================== End Of Log ============================

 

 

Additional text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by MASTER at 2014-11-08 14:00:16
Running from C:\Users\MASTER\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Up to date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection (Enabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{120EC191-78F8-CA89-3511-7E90C23F5261}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PFPortChecker 1.0.39 (HKLM-x32\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}) (Version: 11.0.6100.645 - Symantec Corporation)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1309053964-2238085186-3160769977-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\tsmf.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-10-2014 11:13:41 End of disinfection
02-11-2014 07:00:01 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-05 17:31 - 00450776 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C723565-5A00-4EEA-BFFD-FF6FCECDE707} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {29D07045-818C-4B61-A9EC-4372B73097D7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {AA64B812-36E6-432E-A033-1152DE30A741} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: {BB450529-F356-41AA-92E6-2E02CF7AFACB} - System32\Tasks\{80A6109D-C48F-4EE0-836F-138C663840BF} => C:\Users\MASTER\Desktop\G17 Media IV Diagnostics.exe
Task: {CE69CF90-7C68-4BFC-89D6-CC565E902B07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D14F04C8-DA2E-4641-BF08-86BD66317185} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-02 21:12 - 2014-10-29 18:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-10 04:49 - 2011-01-10 04:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2009-07-13 13:03 - 2009-07-13 17:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1309053964-2238085186-3160769977-500 - Administrator - Disabled)
Guest (S-1-5-21-1309053964-2238085186-3160769977-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1309053964-2238085186-3160769977-1003 - Limited - Enabled)
MASTER (S-1-5-21-1309053964-2238085186-3160769977-1000 - Administrator - Enabled) => C:\Users\MASTER

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 00:17:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/07/2014 00:04:02 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:master@sales.liveperson.net/ by: Scheduled scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: The file was deleted successfully.

Error: (11/06/2014 00:37:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (11/04/2014 01:28:25 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (11/08/2014 04:58:11 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C11984FF-2F87-425B-B156-E73761C40A99}.
The backup browser is stopping.

Error: (11/08/2014 03:37:43 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/08/2014 03:37:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:35:39 AM on ‎11/‎8/‎2014 was unexpected.

Error: (11/05/2014 09:39:39 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C11984FF-2F87-425B-B156-E73761C40A99}.
The backup browser is stopping.

Error: (11/05/2014 06:50:43 AM) (Source: DCOM) (EventID: 10016) (User: AMD_8CORE)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}AMD_8COREMASTERS-1-5-21-1309053964-2238085186-3160769977-1000LocalHost (Using LRPC)

Error: (11/05/2014 06:50:43 AM) (Source: DCOM) (EventID: 10016) (User: AMD_8CORE)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}AMD_8COREMASTERS-1-5-21-1309053964-2238085186-3160769977-1000LocalHost (Using LRPC)

Error: (11/05/2014 05:59:50 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (11/05/2014 05:59:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error:
%%1056

Error: (11/05/2014 05:58:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error:
%%1056

Error: (11/05/2014 05:57:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Location Awareness service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/08/2014 00:17:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/07/2014 00:04:02 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!Tracking Cookies in File: Cookie:master@sales.liveperson.net/ by: Scheduled scan.  Action: Quarantine failed : Leave Alone failed.  Action Description: The file was deleted successfully.

Error: (11/06/2014 00:37:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (11/04/2014 01:28:25 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

CodeIntegrity Errors:
===================================
  Date: 2014-10-24 14:07:01.489
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-24 14:07:01.473
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 16279.72 MB
Available physical RAM: 12746.5 MB
Total Pagefile: 32557.63 MB
Available Pagefile: 29409.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:10.09 GB) NTFS
Drive d: (PROGRAMS) (Fixed) (Total:488.28 GB) (Free:380.6 GB) NTFS
Drive e: (DOWNLOADS) (Fixed) (Total:244.14 GB) (Free:240.21 GB) NTFS
Drive f: (STORAGE) (Fixed) (Total:198.9 GB) (Free:195.37 GB) NTFS
Drive g: (FORD96_99) (CDROM) (Total:3.17 GB) (Free:0 GB) CDFS
Drive h: (Drive) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 8B024F22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.3 GB) (Disk ID: 9CE89C9E)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:00 AM

Posted 09 November 2014 - 10:31 AM



Question on the AdwCleaner report. Do I want to delete those registry strings? They are not obvious issues to me and I didn't want to delete them without being certain.
Awaiting further instructions..

Keep them if you want. Your call.

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 cLE^cBNSD; \??\C:\ProgramData\000F91A4_S_tvn [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 Rammanjeff

Rammanjeff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 09 November 2014 - 04:57 PM

Thank you so far nasdaq.

 

Here are the requested reports:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by MASTER at 2014-11-09 13:48:46 Run:1
Running from C:\Users\MASTER\Desktop
Loaded Profile: MASTER (Available profiles: MASTER)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 cLE^cBNSD; \??\C:\ProgramData\000F91A4_S_tvn [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

*****************

"HKU\S-1-5-21-1309053964-2238085186-3160769977-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
cLE^cBNSD => Service deleted successfully.
gdrv => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.

==== End of Fixlog ====

 

Security Check:

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Symantec Endpoint Protection  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File 
 Spybot - Search & Destroy
 Call of Duty: Ghosts 
 Call of Duty: Ghosts - Multiplayer
 Java 8 Update 25 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:00 AM

Posted 10 November 2014 - 08:19 AM

Java 8 Update 25
Java version out of Date!


Ignore this remark.

How is the computer running now?

#9 Rammanjeff

Rammanjeff
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:00 AM

Posted 10 November 2014 - 10:11 AM

So far so good. I have not seen any type of alerts yet so I will keep my fingers crossed and continue monitoring.

 

Thanks nasdaq.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:00 AM

Posted 10 November 2014 - 02:03 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:00 AM

Posted 16 November 2014 - 09:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users