Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Bot.ED


  • This topic is locked This topic is locked
7 replies to this topic

#1 Puddingpie21

Puddingpie21

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 19 February 2015 - 05:14 PM

Randomly this virus made my machine go all wonky and my battlefield folder started to have issue so I did a scan with malwarebytes and found out that some Backdoor.Bot.ED was hiding out in my battlefield folder. I'm not very knowledgeable in this area but there were around 6 cases of it in the malware bytes history. I quarantined the viruses but issues were still persisting, so I have them sitting there.

 

Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Jackson (administrator) on HELLO on 19-02-2015 16:56:13
Running from C:\Users\Jackson\Downloads
Loaded Profiles: Jackson (Available profiles: Jackson)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Users\Jackson\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2014-11-13] (FNet Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-29] (AVAST Software)
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\...\Run: [ASRockRuefi] => [X]
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-12] (Electronic Arts)
Startup: C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-27]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://lenovo13.msn.com/
CHR StartupUrls: Default -> "hxxp://bing.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-13]
CHR Extension: (From Dust) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\anelkojiepicmcldgnmkplocifmegpfj [2014-11-13]
CHR Extension: (Google Docs) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-13]
CHR Extension: (Google Drive) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-14]
CHR Extension: (YouTube) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-13]
CHR Extension: (Google Search) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-13]
CHR Extension: (Avast SafePrice) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-02]
CHR Extension: (Google Sheets) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-13]
CHR Extension: (Classic Games) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbofnbeakdognkanffmpldbjgkblljkh [2014-11-13]
CHR Extension: (AdBlock) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-13]
CHR Extension: (Avast Online Security) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-27]
CHR Extension: (Dailymotion unblur) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfhplhalkibbfonminkkbfnhcpbibga [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-13]
CHR Extension: (Gmail) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-13]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\PureVPN\bin\openvpnserv.exe [32568 2014-06-05] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-12] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-02-12] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [348928 2015-02-19] ()
R2 Realtek11nSU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-11-13] (FNet Co., Ltd.)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R3 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1577104 2012-09-27] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2979544 2013-09-25] (Realtek Semiconductor Corporation                           )
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 16:56 - 2015-02-19 16:56 - 00019094 _____ () C:\Users\Jackson\Downloads\FRST.txt
2015-02-19 16:51 - 2015-02-19 16:51 - 00000000 ____D () C:\Users\Jackson\AppData\Local\ESN
2015-02-19 16:51 - 2015-02-19 16:51 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-19 16:50 - 2015-02-19 16:50 - 01533584 _____ () C:\Users\Jackson\Downloads\battlelog-web-plugins_2.6.2_157.exe
2015-02-19 16:45 - 2015-02-19 16:56 - 00000000 ____D () C:\FRST
2015-02-19 16:44 - 2015-02-19 16:44 - 02086912 _____ (Farbar) C:\Users\Jackson\Downloads\FRST64.exe
2015-02-19 16:43 - 2015-02-19 16:45 - 00000197 _____ () C:\WINDOWS\system32\2015-02-19-21-43-55.006-AvastVBoxSVC.exe-3500.log
2015-02-19 13:58 - 2015-02-19 13:58 - 00000000 _____ () C:\Users\Jackson\Desktop\New Text Document (3).txt
2015-02-16 18:31 - 2015-02-16 18:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\Hotspot Shield
2015-02-16 12:55 - 2015-02-16 15:17 - 00000435 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-02-16 12:51 - 2015-02-16 12:51 - 00002119 _____ () C:\Users\Public\Desktop\ASUS USB-N13 WLAN Control Center.lnk
2015-02-16 12:51 - 2015-02-16 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-02-16 12:50 - 2012-06-18 18:21 - 00188416 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\RTLExtUI.dll
2015-02-16 12:50 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\WINDOWS\RtlUI2.exe
2015-02-16 12:50 - 2009-01-05 20:31 - 00000901 _____ () C:\WINDOWS\RtlUI2.exe.manifest
2015-02-16 12:50 - 2008-07-01 12:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\SysWOW64\Rtlihvs.dll
2015-02-16 12:47 - 2015-02-16 12:47 - 00000000 ____D () C:\WINDOWS\LastGood
2015-02-16 12:34 - 2015-02-16 12:34 - 00296064 _____ () C:\WINDOWS\Minidump\021615-47531-01.dmp
2015-02-16 12:32 - 2015-02-16 12:32 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-13 14:02 - 2015-02-13 14:05 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-19-02-35.037-AvastVBoxSVC.exe-6064.log
2015-02-12 20:54 - 2015-02-12 20:55 - 00000197 _____ () C:\WINDOWS\system32\2015-02-13-01-54-27.046-AvastVBoxSVC.exe-2800.log
2015-02-12 10:30 - 2015-02-19 16:53 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2015-02-12 10:30 - 2015-02-12 10:30 - 00000000 ____D () C:\Users\Jackson\Documents\Battlefield 3
2015-02-12 10:30 - 2015-02-12 10:30 - 00000000 ____D () C:\Users\Jackson\AppData\Local\PunkBuster
2015-02-12 10:27 - 2015-02-12 10:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-12-15-27-28.040-AvastVBoxSVC.exe-3596.log
2015-02-12 10:07 - 2015-02-12 10:07 - 00000000 ____D () C:\ProgramData\EA Core
2015-02-12 10:06 - 2015-02-19 16:53 - 00348928 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2015-02-12 10:06 - 2015-02-19 16:53 - 00280904 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2015-02-12 10:06 - 2015-02-12 10:35 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-12 10:06 - 2015-02-12 10:06 - 00001190 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2015-02-12 10:06 - 2015-02-12 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-02-12 08:52 - 2015-02-12 08:52 - 00001338 _____ () C:\Users\Jackson\Desktop\Origin - Shortcut.lnk
2015-02-11 23:56 - 2015-02-11 23:56 - 00317680 _____ () C:\Users\Jackson\Downloads\psd_158_by_blonde_inside-d4fi6w0.psd
2015-02-11 15:19 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 15:19 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 11:08 - 2015-02-11 11:09 - 00000197 _____ () C:\WINDOWS\system32\2015-02-11-16-08-53.038-AvastVBoxSVC.exe-2944.log
2015-02-11 11:07 - 2013-07-02 19:29 - 00024824 _____ (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2015-02-11 11:03 - 2015-02-11 11:03 - 00000197 _____ () C:\WINDOWS\system32\2015-02-11-16-03-16.002-AvastVBoxSVC.exe-3060.log
2015-02-10 20:56 - 2015-02-10 20:56 - 00000197 _____ () C:\WINDOWS\system32\2015-02-11-01-56-34.027-AvastVBoxSVC.exe-2648.log
2015-02-10 18:52 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 18:52 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 18:52 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 18:52 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 18:52 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 18:52 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 18:52 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 18:52 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 18:52 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 18:52 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-10 18:52 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-10 18:52 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 18:52 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 18:52 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 18:52 - 2014-10-28 21:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 18:52 - 2014-10-28 21:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 18:52 - 2014-10-28 21:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 18:52 - 2014-10-28 21:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 18:52 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 18:52 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 18:52 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 18:52 - 2014-10-28 20:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 18:52 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 18:52 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 18:52 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 18:52 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 18:52 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 18:51 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 18:51 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 18:51 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 18:51 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 18:51 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 18:51 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 18:51 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 18:51 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 18:51 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 18:51 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 18:51 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 18:51 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 18:51 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 18:51 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 18:51 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 18:51 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 18:51 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 18:51 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 18:51 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 18:51 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 18:51 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 18:51 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 18:51 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 18:51 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 18:51 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 18:51 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 18:51 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 18:51 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 18:51 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 18:51 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 18:51 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 18:51 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 18:51 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 18:51 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 18:51 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 18:51 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-10 18:49 - 2015-02-03 18:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-10 18:49 - 2015-02-03 18:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-10 18:49 - 2015-02-03 18:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-10 18:49 - 2015-02-02 18:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-10 18:49 - 2015-02-02 18:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-10 18:49 - 2015-02-02 18:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-10 18:49 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-10 18:49 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 01:20 - 2015-02-10 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cromm Cruac
2015-02-09 14:51 - 2015-02-09 14:51 - 00000000 ____D () C:\Users\Public\Documents\STALKER-STCS
2015-02-09 13:14 - 2015-02-09 13:14 - 00000000 ____D () C:\Users\Jackson\Documents\DyingLight
2015-02-09 12:04 - 2015-02-10 01:05 - 00000000 ____D () C:\Users\Jackson\Desktop\Games
2015-02-09 11:52 - 2015-02-09 11:53 - 00000197 _____ () C:\WINDOWS\system32\2015-02-09-16-52-43.076-AvastVBoxSVC.exe-2748.log
2015-02-08 23:56 - 2015-02-09 00:07 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-02-08 23:56 - 2015-02-08 23:56 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-02-08 23:55 - 2015-02-09 00:07 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-02-08 23:55 - 2015-02-08 23:55 - 00001102 _____ () C:\Users\Jackson\Desktop\MSI Afterburner.lnk
2015-02-08 23:55 - 2015-02-08 23:55 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-02-08 23:51 - 2015-02-08 23:51 - 00000197 _____ () C:\WINDOWS\system32\2015-02-09-04-51-07.056-AvastVBoxSVC.exe-2728.log
2015-02-07 22:01 - 2015-02-07 22:18 - 112509455 _____ () C:\Users\Jackson\Downloads\MISERY_FOV_Language_switcher.zip
2015-02-07 21:46 - 2015-02-07 21:46 - 00000175 _____ () C:\WINDOWS\DXError.log
2015-02-06 14:14 - 2015-02-06 14:14 - 00000197 _____ () C:\WINDOWS\system32\2015-02-06-19-14-50.048-AvastVBoxSVC.exe-5920.log
2015-02-05 22:49 - 2015-02-05 22:49 - 00000197 _____ () C:\WINDOWS\system32\2015-02-06-03-49-28.053-AvastVBoxSVC.exe-3004.log
2015-02-05 21:35 - 2015-02-05 21:36 - 00000197 _____ () C:\WINDOWS\system32\2015-02-06-02-35-51.064-AvastVBoxSVC.exe-1888.log
2015-02-05 18:04 - 2015-02-05 18:04 - 00000197 _____ () C:\WINDOWS\system32\2015-02-05-23-04-28.044-AvastVBoxSVC.exe-4884.log
2015-02-04 20:19 - 2015-02-04 20:20 - 00000197 _____ () C:\WINDOWS\system32\2015-02-05-01-19-16.075-AvastVBoxSVC.exe-6028.log
2015-02-04 18:17 - 2015-02-04 18:18 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-23-17-57.042-AvastVBoxSVC.exe-5256.log
2015-02-04 10:09 - 2015-02-04 10:09 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-15-09-19.004-AvastVBoxSVC.exe-2892.log
2015-02-03 22:54 - 2015-02-07 21:44 - 00000019 _____ () C:\Users\Jackson\Desktop\New Text Document (2).txt
2015-02-01 12:40 - 2015-02-01 12:41 - 00000197 _____ () C:\WINDOWS\system32\2015-02-01-17-40-26.018-AvastVBoxSVC.exe-3716.log
2015-01-31 21:23 - 2015-01-31 21:23 - 00001953 _____ () C:\Users\Jackson\Desktop\Stalker-COP - Shortcut.lnk
2015-01-31 21:18 - 2015-01-31 21:18 - 00000000 ____D () C:\Users\Jackson\Downloads\GP100_fix
2015-01-31 21:17 - 2015-01-31 21:18 - 00188281 _____ () C:\Users\Jackson\Downloads\GP100_fix.7z
2015-01-31 20:08 - 2015-01-31 20:08 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\XRay Engine
2015-01-31 13:16 - 2015-01-31 13:16 - 00000000 ____D () C:\Users\Jackson\Downloads\The_Armed_Zone_1.7.4
2015-01-30 23:23 - 2015-01-31 00:03 - 689522521 _____ () C:\Users\Jackson\Downloads\The_Armed_Zone_1.7.4.7z
2015-01-30 22:14 - 2015-01-30 22:14 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-03-14-15.072-AvastVBoxSVC.exe-2956.log
2015-01-30 21:54 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-01-30 21:54 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-01-30 21:54 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-01-30 21:54 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-01-30 21:54 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-01-30 21:54 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-01-30 21:22 - 2015-02-09 12:04 - 00000000 ___RD () C:\Users\Jackson\Desktop\Computer
2015-01-30 21:10 - 2015-01-30 21:10 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-02-10-07.000-AvastVBoxSVC.exe-3908.log
2015-01-30 20:56 - 2015-01-30 20:56 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-01-56-17.070-AvastVBoxSVC.exe-5044.log
2015-01-30 18:00 - 2015-01-30 18:00 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-23-00-13.049-AvastVBoxSVC.exe-4140.log
2015-01-28 23:35 - 2015-02-17 22:58 - 00000019 _____ () C:\Users\Jackson\Desktop\Money spent.txt
2015-01-28 13:50 - 2015-01-28 13:50 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\NVIDIA
2015-01-28 13:42 - 2015-01-28 13:42 - 00000000 ____D () C:\Users\Jackson\Downloads\YGOPro DevPro
2015-01-28 13:22 - 2015-01-28 13:22 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-18-22-06.091-AvastVBoxSVC.exe-3980.log
2015-01-28 13:16 - 2015-01-28 13:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-18-16-56.067-AvastVBoxSVC.exe-4688.log
2015-01-28 13:05 - 2015-01-28 13:05 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-18-05-22.060-AvastVBoxSVC.exe-2964.log
2015-01-28 13:03 - 2014-11-27 19:10 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-01-28 13:01 - 2015-01-28 13:01 - 00262144 _____ () C:\WINDOWS\Minidump\012815-20609-01.dmp
2015-01-26 14:32 - 2015-01-26 14:33 - 00000197 _____ () C:\WINDOWS\system32\2015-01-26-19-32-43.085-AvastVBoxSVC.exe-2980.log
2015-01-25 10:15 - 2015-01-25 10:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-15-15-11.038-AvastVBoxSVC.exe-2964.log
2015-01-24 12:40 - 2015-01-24 12:41 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-17-40-42.067-AvastVBoxSVC.exe-4368.log
2015-01-24 09:27 - 2015-01-24 09:28 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-14-27-31.020-AvastVBoxSVC.exe-2904.log
2015-01-23 18:52 - 2015-01-23 18:53 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-23-52-36.061-AvastVBoxSVC.exe-2892.log
2015-01-23 13:16 - 2015-01-23 13:47 - 00000527 _____ () C:\Users\Jackson\Desktop\Crafts.txt
2015-01-21 20:40 - 2015-01-21 20:41 - 00000197 _____ () C:\WINDOWS\system32\2015-01-22-01-40-23.074-AvastVBoxSVC.exe-3628.log
2015-01-21 11:01 - 2015-01-21 11:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-21-16-01-26.068-AvastVBoxSVC.exe-3428.log
2015-01-20 18:09 - 2015-01-20 18:09 - 00000000 ____D () C:\Users\Jackson\Desktop\Arc
2015-01-20 10:47 - 2015-01-22 17:24 - 00000717 _____ () C:\Users\Jackson\Desktop\New Text Document.txt
2015-01-20 10:05 - 2015-01-30 21:22 - 00000000 ____D () C:\Users\Jackson\Desktop\Gamecube
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 16:51 - 2014-11-13 19:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 16:51 - 2014-11-13 18:33 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 16:43 - 2014-11-27 19:10 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-02-19 16:42 - 2014-11-25 11:17 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-19 16:42 - 2014-11-24 17:48 - 00000000 ____D () C:\ProgramData\Origin
2015-02-19 16:41 - 2014-11-13 18:33 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-19 16:41 - 2014-11-13 18:17 - 00000000 ____D () C:\Users\Jackson
2015-02-19 16:41 - 2013-08-22 09:46 - 00024063 _____ () C:\WINDOWS\setupact.log
2015-02-19 16:40 - 2014-11-13 18:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-19 16:40 - 2014-11-13 18:12 - 01695904 _____ () C:\WINDOWS\PFRO.log
2015-02-19 16:40 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-19 16:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-19 14:35 - 2014-12-25 13:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-19 14:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-19 13:11 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-02-19 13:11 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-19 11:33 - 2014-11-13 18:16 - 01602667 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-19 10:43 - 2014-11-13 18:57 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47E2AD85-9177-4A12-A358-260601C3260A}
2015-02-18 20:34 - 2014-11-13 19:51 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-02-17 21:30 - 2014-11-24 17:51 - 00000000 ____D () C:\Users\Jackson\AppData\Local\Origin
2015-02-17 16:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-16 21:30 - 2014-11-13 21:22 - 00000000 ____D () C:\Users\Jackson\Documents\ArcheAge
2015-02-16 17:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-02-16 15:20 - 2014-11-13 18:21 - 00820548 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 14:42 - 2014-11-13 18:22 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2538790369-3710488084-1483442651-1001
2015-02-16 12:51 - 2013-08-22 08:25 - 00000284 _____ () C:\WINDOWS\win.ini
2015-02-16 12:49 - 2014-11-13 18:22 - 00000000 ____D () C:\Intel
2015-02-16 12:44 - 2014-11-13 18:20 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-02-16 12:34 - 2014-12-18 00:24 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-16 12:34 - 2014-12-18 00:23 - 546155484 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-16 12:29 - 2014-11-13 18:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-14 11:06 - 2014-11-24 17:51 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\Origin
2015-02-12 10:05 - 2014-11-13 21:53 - 00287795 _____ () C:\WINDOWS\DirectX.log
2015-02-12 09:53 - 2014-11-25 11:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-02-12 09:09 - 2013-08-22 10:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-11 12:35 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 11:04 - 2014-12-17 23:40 - 00000000 ____D () C:\ProgramData\purevpn
2015-02-10 20:53 - 2013-08-22 09:44 - 00337840 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 19:20 - 2014-11-15 13:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-10 19:17 - 2014-11-15 13:09 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-10 19:16 - 2014-12-11 09:56 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-10 19:16 - 2014-11-18 17:39 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-09 13:14 - 2014-11-24 17:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-08 23:56 - 2014-11-13 21:25 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-02-08 23:56 - 2014-11-13 21:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2015-02-05 20:52 - 2014-11-13 18:33 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 20:46 - 2014-11-13 18:33 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 20:46 - 2014-11-13 18:33 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 14:31 - 2014-12-11 09:59 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 21:23 - 2014-11-15 13:44 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\TS3Client
2015-01-28 16:00 - 2014-11-27 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 16:00 - 2014-11-13 21:01 - 00000000 ____D () C:\Users\Jackson\AppData\Local\Glyph
2015-01-28 16:00 - 2014-11-13 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-28 15:58 - 2014-11-13 18:34 - 00000000 ____D () C:\ProgramData\FNET
2015-01-28 15:58 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\registration
2015-01-28 13:14 - 2014-12-25 13:33 - 00000000 ____D () C:\Users\Jackson\AppData\Roaming\BitTorrent
2015-01-27 18:22 - 2014-12-17 17:39 - 00048640 ___SH () C:\Users\Jackson\Desktop\Thumbs.db
2015-01-20 09:19 - 2015-01-18 12:00 - 00000000 ____D () C:\Users\Jackson\Documents\Dolphin Emulator
 
==================== Files in the root of some directories =======
 
2014-11-16 09:10 - 2014-11-16 09:10 - 0007602 _____ () C:\Users\Jackson\AppData\Local\Resmon.ResmonCfg
2014-11-13 18:34 - 2014-11-13 18:34 - 0000003 _____ () C:\Users\Jackson\AppData\Local\user_data.ini
 
Some content of TEMP:
====================
C:\Users\Jackson\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Jackson\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jackson\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jackson\AppData\Local\Temp\nvStInst.exe
C:\Users\Jackson\AppData\Local\Temp\YgoUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-11 12:24
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Puddingpie21

Puddingpie21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 21 February 2015 - 05:02 PM

Bumping in case missed.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 24 February 2015 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\...\Run: [ASRock A-Tuning] => [X]
HKU\S-1-5-21-2538790369-3710488084-1483442651-1001\...\Run: [ASRockRuefi] => [X]
CHR Extension: (Avast SafePrice) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-02]
CHR Extension: (Avast Online Security) - C:\Users\Jackson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
C:\Users\Jackson\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll
C:\Users\Jackson\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jackson\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jackson\AppData\Local\Temp\nvStInst.exe
C:\Users\Jackson\AppData\Local\Temp\YgoUpdater.exe
C:\Program Files (x86)\Hotspot Shield
C:\Program Files (x86)\Splashtop

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 Puddingpie21

Puddingpie21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 February 2015 - 12:51 PM

Sorry, I reformatted my computer. What is the likelihood of a virus still being attached to my system?


Edited by Puddingpie21, 24 February 2015 - 12:52 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 24 February 2015 - 01:47 PM

Just run the AdwCleaner and post the log.

#6 Puddingpie21

Puddingpie21
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 24 February 2015 - 04:45 PM

# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : John Rimplin - PCPC
# Running from : C:\Users\John Rimplin\Downloads\adwcleaner_4.111.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\John Rimplin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=026600FFD9FB9BA1&affID=119357&tt=160913_m3&tsp=5014
[C:\Users\John Rimplin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11165101361136218&ctid=CT3291326&UM=2
[C:\Users\John Rimplin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\John Rimplin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\John Rimplin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA2F44105-1B32-4CB1-A851-F6F8FBD1F24B&q={searchTerms}
*************************
 
AdwCleaner[R0].txt - [1749 bytes] - [24/02/2015 16:43:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1808 bytes] ##########


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 25 February 2015 - 08:41 AM

Looking good.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:33 PM

Posted 02 March 2015 - 10:05 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users