Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing malware sites blocked by Avast


  • This topic is locked This topic is locked
6 replies to this topic

#1 NotFamous

NotFamous

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 03 March 2015 - 03:21 AM

Recently I uninstalled Avira and started to use Avast because Avira became worthless to me. Right after I had switched, Avast had been constantly blocking malware URLs and are usually the same name over and over again. From what I can remember sites called supergroupon, findyourex, webest and such keep recurring after every start up. I'm beginning to get annoyed because I've done scans with Malwarebytes and Avast that would not completely fix my problem. Also Avast says that the malware urls are coming from a folder with chrome.exe in it. I'm not computer literate so please someone help me fix this problem.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by RedxWing14 (administrator) on REDXWING14-PC on 03-03-2015 00:00:47
Running from C:\Users\RedxWing14\Desktop
Loaded Profiles: RedxWing14 (Available profiles: RedxWing14 & Account)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [DeLay] => C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair M65 Mouse] => C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components  Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-01] (AVAST Software)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11196224 2015-02-23] (Corsair Components, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Ichuhc] => C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\RedxWing14\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [GoogleChromeAutoLaunch_50F7C3E16797F742B12586D789AD8B38] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\MountPoints2: E - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\start.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\MountPoints2: {0f1d3122-8e82-11e2-b899-446d57b7cf85} - E:\LGAutoRun.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\MountPoints2: {be5ff324-f711-11e2-b1ff-446d57b7cf85} - E:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32:  c:\program files C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1538061077-1757749813-1683611041-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072113
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1538061077-1757749813-1683611041-1001 -> {D93F8838-6B10-4BCB-AA9D-DDFEC597D7F0} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120936,17118,0,18,0
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1538061077-1757749813-1683611041-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\RedxWing14\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013-09-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-01]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV="
CHR Profile: C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
CHR Extension: (Google Drive) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (YouTube) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
CHR Extension: (Google Search) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (PSO2 Extension) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\febdkhimnahpmjpbidcofjdpjjggojhj [2014-12-19]
CHR Extension: (Avira Browser Safety) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-24]
CHR Extension: (AdBlock) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-06]
CHR Extension: (Bookmark Manager) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2014-12-03]
CHR Extension: (Google Wallet) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eioaimhbaiomogmbefipmnbpjmefhhoc] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2011-09-02]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-03-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-03-01] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [299848 2011-11-03] (AuthenTec, Inc)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-11-30] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-10-11] ()
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-03-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-03-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-03-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-03-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-03-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-03-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-03-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-03-01] ()
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [48808 2014-11-25] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [22696 2014-11-25] (Corsair)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtwlane.sys [1077864 2011-12-04] (Realtek Semiconductor Corporation                           )
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-03-01] (Avast Software)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\REDXWI~1\AppData\Local\Temp\Rar$EXa0.312\WinRing0x64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 XFDriver64; \??\C:\Program Files\Xfire2\XFDriver64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-03 00:00 - 2015-03-03 00:01 - 00026354 _____ () C:\Users\RedxWing14\Desktop\FRST.txt
2015-03-03 00:00 - 2015-03-03 00:00 - 00000000 ____D () C:\FRST
2015-03-02 23:59 - 2015-03-03 00:00 - 02092544 _____ (Farbar) C:\Users\RedxWing14\Desktop\FRST64.exe
2015-03-02 23:47 - 2015-03-02 23:47 - 00000197 _____ () C:\Windows\system32\2015-03-03-07-47-50.007-AvastVBoxSVC.exe-4388.log
2015-03-02 23:38 - 2015-03-02 23:38 - 00448512 _____ (OldTimer Tools) C:\Users\RedxWing14\Desktop\TFC.exe
2015-03-02 23:31 - 2015-03-02 23:31 - 00000000 ____D () C:\Users\RedxWing14\Desktop\mbar
2015-03-02 23:30 - 2015-03-02 23:32 - 00003548 _____ () C:\Users\RedxWing14\Desktop\Rkill.txt
2015-03-02 23:30 - 2015-03-02 23:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\RedxWing14\Downloads\mbar-1.09.1.1004 (1).exe
2015-03-02 23:27 - 2015-03-02 23:27 - 00036111 _____ () C:\Users\RedxWing14\Desktop\Result.txt
2015-03-02 23:26 - 2015-03-02 23:26 - 00002359 _____ () C:\Users\RedxWing14\Desktop\FSS.txt
2015-03-02 23:20 - 2015-03-02 23:21 - 16502728 _____ (Malwarebytes Corp.) C:\Users\RedxWing14\Downloads\mbar-1.09.1.1004.exe
2015-03-02 23:20 - 2015-03-02 23:20 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\RedxWing14\Desktop\rkill.exe
2015-03-02 23:19 - 2015-03-02 23:19 - 00852604 _____ () C:\Users\RedxWing14\Desktop\SecurityCheck.exe
2015-03-02 23:19 - 2015-03-02 23:19 - 00415232 _____ (Farbar) C:\Users\RedxWing14\Desktop\FSS.exe
2015-03-02 23:19 - 2015-03-02 23:19 - 00401920 _____ (Farbar) C:\Users\RedxWing14\Desktop\MiniToolBox.exe
2015-03-02 23:17 - 2015-03-02 23:17 - 00000197 _____ () C:\Windows\system32\2015-03-03-07-17-39.073-AvastVBoxSVC.exe-5484.log
2015-03-02 23:10 - 2015-03-02 23:52 - 00000000 ____D () C:\AdwCleaner
2015-03-02 23:09 - 2015-03-02 23:09 - 02126848 _____ () C:\Users\RedxWing14\Desktop\AdwCleaner.exe
2015-03-02 22:53 - 2015-03-02 22:53 - 00000197 _____ () C:\Windows\system32\2015-03-03-06-53-54.034-AvastVBoxSVC.exe-6796.log
2015-03-02 22:44 - 2015-03-02 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-03-02 22:28 - 2015-03-02 22:30 - 48534128 _____ () C:\Users\RedxWing14\Downloads\Corsair-Utility-Engine-v1.5.80.zip
2015-03-02 22:27 - 2015-03-02 22:27 - 00000197 _____ () C:\Windows\system32\2015-03-03-06-27-20.021-AvastVBoxSVC.exe-2964.log
2015-03-02 20:01 - 2015-03-02 20:01 - 00000197 _____ () C:\Windows\system32\2015-03-03-04-01-04.024-AvastVBoxSVC.exe-5100.log
2015-03-01 21:16 - 2015-03-01 21:16 - 00000247 _____ () C:\Windows\system32\2015-03-02-05-16-31.073-aswFe.exe-5728.log
2015-03-01 21:11 - 2015-03-01 21:16 - 00000247 _____ () C:\Windows\system32\2015-03-02-05-11-49.026-aswFe.exe-3272.log
2015-03-01 21:11 - 2015-03-01 21:11 - 00000197 _____ () C:\Windows\system32\2015-03-02-05-11-42.018-AvastVBoxSVC.exe-7436.log
2015-03-01 21:03 - 2015-03-01 21:03 - 00000000 ____D () C:\Users\RedxWing14\AppData\Roaming\Dropbox
2015-03-01 21:02 - 2015-03-01 21:02 - 00000000 ____D () C:\Users\RedxWing14\AppData\Roaming\AVAST Software
2015-03-01 21:01 - 2015-03-01 21:01 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-03-01 21:01 - 2015-03-01 21:01 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-01 21:00 - 2015-03-02 22:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-01 21:00 - 2015-03-01 21:00 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-03-01 21:00 - 2015-03-01 21:00 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-03-01 21:00 - 2015-03-01 21:00 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-01 21:00 - 2015-03-01 21:00 - 00001971 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-01 21:00 - 2015-03-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-03-01 20:55 - 2015-03-01 20:55 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-01 20:55 - 2015-03-01 20:55 - 00000000 ____D () C:\Program Files\AVAST Software
2015-03-01 20:54 - 2015-03-01 20:54 - 05006864 _____ (AVAST Software) C:\Users\RedxWing14\Downloads\avast_free_antivirus_setup_online.exe
2015-03-01 20:06 - 2015-03-02 23:11 - 00141700 _____ () C:\Users\RedxWing14\Downloads\translation.bin.7z
2015-03-01 20:06 - 2015-03-01 13:01 - 01245780 _____ () C:\Users\RedxWing14\Downloads\translation.bin
2015-02-26 17:07 - 2015-02-26 17:07 - 00000087 _____ () C:\Users\RedxWing14\Desktop\Multi.txt
2015-02-26 13:53 - 2015-03-01 19:59 - 01603667 _____ () C:\Users\RedxWing14\Downloads\pso2.stripped.db.7z
2015-02-25 14:11 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:11 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 01:11 - 2015-03-02 23:11 - 00000011 _____ () C:\Users\RedxWing14\Downloads\precede.txt
2015-02-25 00:25 - 2015-02-25 00:47 - 15470699 _____ () C:\Users\RedxWing14\Documents\salt.mp4
2015-02-24 21:38 - 2015-02-24 21:38 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\RedxWing14\Downloads\avira_en_av___ws.exe
2015-02-20 02:20 - 2015-02-20 02:22 - 16780602 _____ () C:\Users\RedxWing14\Documents\dudu.mp4
2015-02-20 02:11 - 2015-02-20 02:11 - 00362728 _____ () C:\Users\RedxWing14\Downloads\Rameses B - Timeless (feat. Veela).mp3.sfk
2015-02-17 13:51 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 13:51 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 13:51 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 13:51 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-14 11:06 - 2015-02-14 11:07 - 10618851 _____ () C:\Users\RedxWing14\Documents\valen.mp4
2015-02-14 10:24 - 2015-02-14 10:24 - 00330976 _____ () C:\Users\RedxWing14\Downloads\[Future Bass] - WRLD - Orbit (feat. Richard Caddock).mp3.sfk
2015-02-14 10:21 - 2015-03-02 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 10:02 - 2015-03-02 19:58 - 00000020 _____ () C:\Users\RedxWing14\AppData\Roaming\appdataFr3.bin
2015-02-12 16:59 - 2015-02-12 17:08 - 119262048 _____ () C:\Users\RedxWing14\Documents\qq.mp4
2015-02-11 19:03 - 2015-02-11 19:05 - 17576085 _____ () C:\Users\RedxWing14\Documents\arthig.mp4
2015-02-11 18:34 - 2015-02-11 18:58 - 114687687 _____ () C:\Users\RedxWing14\Documents\arth.mp4
2015-02-11 18:19 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 18:19 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 18:19 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 18:19 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 18:18 - 2015-02-11 18:59 - 00051232 _____ () C:\Users\RedxWing14\Documents\arth.veg
2015-02-11 18:18 - 2015-02-11 18:18 - 00032968 _____ () C:\Users\RedxWing14\Documents\arth.veg.bak
2015-02-11 17:53 - 2015-02-11 17:57 - 00377240 _____ () C:\Users\RedxWing14\Downloads\Rameses B - Mountains (feat. Veela).mp3.sfk
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ____D () C:\Windows\SysWOW64\NV
2015-02-11 13:42 - 2015-02-11 13:42 - 00000000 ____D () C:\Windows\system32\NV
2015-02-11 13:40 - 2015-02-05 13:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-11 13:40 - 2015-02-05 13:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-11 13:40 - 2015-02-05 13:01 - 00031376 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-02-10 23:05 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 23:05 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 23:05 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 23:05 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 23:05 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 23:05 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 23:05 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 23:05 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 23:05 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 23:05 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 23:05 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 23:04 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 23:04 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 23:04 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 23:04 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 23:04 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 23:04 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 23:04 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 23:04 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 23:04 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 23:04 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 23:04 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 23:04 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 23:04 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 23:04 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 23:04 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 23:04 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 23:04 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 23:04 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 23:04 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 23:04 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 23:04 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 23:04 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 23:04 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 23:04 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 23:04 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 23:04 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 23:04 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 23:04 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 23:04 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 23:04 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 23:04 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 23:04 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 23:04 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 23:04 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 23:04 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 23:04 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 23:04 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 23:04 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 23:04 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 23:04 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 23:04 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 23:04 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 23:04 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 23:04 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 23:04 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 23:04 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 23:04 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 23:04 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 23:04 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 23:04 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 23:04 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 23:04 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 23:03 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 23:03 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 23:03 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 23:03 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 23:03 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 23:03 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 23:03 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 23:03 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 23:03 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 23:03 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 23:03 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 23:03 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 23:03 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 23:03 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 23:03 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 23:03 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 23:03 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 23:03 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 23:03 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 23:03 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 23:03 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 23:03 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 23:03 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 23:03 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 23:03 - 2014-10-03 18:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 23:03 - 2014-10-03 17:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 23:03 - 2014-10-03 17:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 23:03 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 23:03 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 23:03 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 23:03 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 23:02 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 23:02 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 23:01 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 23:01 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 23:01 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 23:01 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 23:01 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 23:01 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 23:01 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 23:01 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-09 21:59 - 2015-02-09 22:01 - 31845004 _____ () C:\Users\RedxWing14\Documents\naga.mp4
2015-02-08 03:01 - 2015-02-08 03:04 - 36299663 _____ () C:\Users\RedxWing14\Documents\zn1.mp4
2015-02-07 14:10 - 2015-02-07 14:10 - 00034756 _____ () C:\Users\RedxWing14\zO4936.K70RGB_app115.bin.Sv4936
2015-02-07 14:10 - 2015-02-07 14:10 - 00034756 _____ () C:\Users\RedxWing14\fK4936.K70RGB_app115.bin.qn4936
2015-02-05 11:56 - 2015-02-05 11:56 - 00000000 ____D () C:\Users\RedxWing14\AppData\Local\Steam
2015-02-04 22:36 - 2015-02-04 22:37 - 17120412 _____ () C:\Users\RedxWing14\Documents\keyboard.mp4
2015-02-04 22:17 - 2015-02-04 22:23 - 00379760 _____ () C:\Users\RedxWing14\Downloads\Dead C.A.T Bounce ft. Emily Underhill - Closer to Me.mp3.sfk
2015-02-04 21:58 - 2015-02-04 21:58 - 00315712 _____ () C:\Users\RedxWing14\Downloads\Tut Tut Child - Drink Up.mp3.sfk
2015-02-04 21:55 - 2015-02-04 21:56 - 00317296 _____ () C:\Users\RedxWing14\Downloads\Science Of Fear (Mistabishi Remix).mp3.sfk
2015-02-04 19:36 - 2015-02-04 19:36 - 00039356 _____ () C:\Users\RedxWing14\Downloads\Streak.zip
2015-02-04 19:33 - 2015-02-04 19:33 - 00326919 _____ () C:\Users\RedxWing14\Downloads\Knight Rider.prf
2015-02-04 13:17 - 2015-01-05 10:24 - 74379264 _____ () C:\Users\RedxWing14\Desktop\Corsair Utility Engine - v1.3.91.msi
2015-02-03 16:33 - 2015-02-03 16:33 - 00000000 ____D () C:\Users\RedxWing14\AppData\Roaming\Corsair
2015-02-03 16:33 - 2015-02-03 16:33 - 00000000 ____D () C:\Users\RedxWing14\AppData\Local\Corsair
2015-02-03 16:30 - 2015-02-03 16:31 - 48584252 _____ () C:\Users\RedxWing14\Downloads\Corsair-Utility-Engine-v1.3.91.zip
2015-02-01 03:19 - 2015-02-01 03:20 - 16535954 _____ () C:\Users\RedxWing14\Documents\afk.mp4
2015-02-01 03:11 - 2015-02-01 03:15 - 00417776 _____ () C:\Users\RedxWing14\Downloads\[MV] Perfume「ワンルーム・ディスコ」_youtube_cMsGcW-xaYU.mp3.sfk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-02 23:54 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 23:54 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 23:50 - 2012-08-07 13:15 - 01919008 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 23:49 - 2012-08-17 17:49 - 00000000 ____D () C:\Users\RedxWing14\AppData\Roaming\Skype
2015-03-02 23:47 - 2014-08-25 13:31 - 00048842 _____ () C:\Windows\setupact.log
2015-03-02 23:47 - 2014-04-23 23:04 - 00000000 ____D () C:\Users\RedxWing14\AppData\Local\HTC MediaHub
2015-03-02 23:47 - 2013-02-19 16:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 23:46 - 2014-12-22 11:08 - 810147038 _____ () C:\Windows\MEMORY.DMP
2015-03-02 23:46 - 2012-10-30 10:16 - 00000000 ____D () C:\Windows\Minidump
2015-03-02 23:46 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 23:32 - 2012-08-16 17:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 23:31 - 2014-11-13 22:40 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-02 23:29 - 2013-02-19 17:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 22:44 - 2013-10-09 16:30 - 00000000 ____D () C:\Program Files (x86)\Corsair
2015-03-02 22:21 - 2014-04-03 13:42 - 00000000 ____D () C:\Users\RedxWing14\Desktop\Sony Vegas Pro 12 Build 367 (64 bit patch-KHG) [ChingLiu]
2015-03-02 22:03 - 2014-01-01 22:14 - 00000000 ____D () C:\Program Files (x86)\pcreginst
2015-03-02 21:33 - 2012-09-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-02 20:00 - 2014-01-09 22:19 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-02 19:57 - 2010-11-20 19:47 - 01358882 _____ () C:\Windows\PFRO.log
2015-03-01 20:54 - 2013-10-15 11:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-01 20:54 - 2012-10-06 19:53 - 00000000 ____D () C:\ProgramData\Avira
2015-03-01 19:59 - 2014-12-18 22:47 - 02736128 _____ (Arks-Layer) C:\Users\RedxWing14\Downloads\PSO2 Tweaker.exe
2015-02-26 13:52 - 2012-08-17 17:49 - 00000000 ____D () C:\ProgramData\Skype
2015-02-25 22:28 - 2014-12-19 19:39 - 03157655 _____ () C:\Users\RedxWing14\Downloads\ENPatch.rar
2015-02-25 01:25 - 2014-12-19 19:39 - 86057175 _____ () C:\Users\RedxWing14\Downloads\LargeFiles.rar
2015-02-17 18:37 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-14 18:05 - 2013-12-13 01:52 - 00000000 ____D () C:\Users\RedxWing14\AppData\Local\Paint.NET
2015-02-14 10:24 - 2014-11-13 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 10:24 - 2014-11-13 22:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 10:24 - 2014-02-19 21:50 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-13 15:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 13:42 - 2014-04-23 22:52 - 00000000 ____D () C:\Temp
2015-02-11 13:42 - 2012-08-07 13:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-11 03:26 - 2009-07-13 20:45 - 04829552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:25 - 2014-12-10 13:48 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:25 - 2014-05-05 21:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:08 - 2013-08-14 00:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:01 - 2012-11-09 18:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-07 14:10 - 2012-08-16 13:45 - 00000000 ____D () C:\Users\RedxWing14
2015-02-05 13:01 - 2015-01-12 00:29 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-05 13:01 - 2012-08-07 13:10 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 11:07 - 2012-08-07 13:11 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 11:07 - 2012-08-07 13:11 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 11:07 - 2012-08-07 13:11 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 11:07 - 2012-08-07 13:11 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 11:07 - 2012-08-07 13:11 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 11:06 - 2012-08-07 13:11 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 11:06 - 2012-08-07 13:11 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 11:06 - 2012-08-07 13:11 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 08:29 - 2009-07-13 21:08 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-05 04:50 - 2012-08-07 13:11 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 21:32 - 2012-08-16 17:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 21:32 - 2012-08-16 17:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:32 - 2012-08-16 17:05 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2015-02-14 10:02 - 2015-03-02 19:58 - 0000020 _____ () C:\Users\RedxWing14\AppData\Roaming\appdataFr3.bin
2014-08-01 13:14 - 2014-08-01 13:14 - 0000093 _____ () C:\Users\RedxWing14\AppData\Roaming\ARCompanion.log
2014-01-29 16:33 - 2014-12-18 22:48 - 0000000 _____ () C:\Users\RedxWing14\AppData\Roaming\bitlord_log.txt
2014-12-12 18:33 - 2014-12-12 18:33 - 0000000 _____ () C:\Users\RedxWing14\AppData\Roaming\winfmdu.exe
2012-10-25 19:03 - 2012-10-25 19:03 - 0004608 _____ () C:\Users\RedxWing14\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-18 22:49 - 2014-12-18 22:49 - 0000218 _____ () C:\Users\RedxWing14\AppData\Local\recently-used.xbel
2014-01-27 13:57 - 2014-09-27 03:34 - 0007620 _____ () C:\Users\RedxWing14\AppData\Local\Resmon.ResmonCfg
2013-02-19 15:44 - 2013-02-19 15:44 - 2250054 _____ () C:\ProgramData\1.bmp
2013-02-19 15:44 - 2013-02-19 15:44 - 0350795 _____ () C:\ProgramData\1.jpg
 
Files to move or delete:
====================
C:\Users\RedxWing14\jagex_cl_runescape_LIVE.dat
C:\Users\RedxWing14\random.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 19:24
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:18 PM

Posted 06 March 2015 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Ichuhc] => C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1538061077-1757749813-1683611041-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV="
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-01]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\REDXWI~1\AppData\Local\Temp\Rar$EXa0.312\WinRing0x64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 XFDriver64; \??\C:\Program Files\Xfire2\XFDriver64.sys [X]
C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 NotFamous

NotFamous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 07 March 2015 - 02:28 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by RedxWing14 at 2015-03-06 23:15:38 Run:1
Running from C:\Users\RedxWing14\Desktop
Loaded Profiles: RedxWing14 (Available profiles: RedxWing14 & Account)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [Ichuhc] => C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1538061077-1757749813-1683611041-1002\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332464&octid=EB_ORIGINAL_CTID&ISID=2D38497C-862F-47B1-BF44-061C37CC99FE&SearchSource=55&CUI=&UM=8&UP=SPDDE70737-8AC9-44D9-A3F5-396423060F0A&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-01]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\REDXWI~1\AppData\Local\Temp\Rar$EXa0.312\WinRing0x64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 XFDriver64; \??\C:\Program Files\Xfire2\XFDriver64.sys [X]
C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe
 
End
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ichuhc => value deleted successfully.
HKU\S-1-5-21-1538061077-1757749813-1683611041-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1538061077-1757749813-1683611041-1002\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSuggestURL not detected.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
EagleX64 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
X6va010 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
XFDriver64 => Service deleted successfully.
"C:\Users\RedxWing14\AppData\Roaming\Ichuhc.exe" => File/Directory not found.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-06 23:17:17)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.
 
==== End of Fixlog 23:17:17 ====
 
# AdwCleaner v4.111 - Logfile created 06/03/2015 at 23:20:34
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : RedxWing14 - REDXWING14-PC
# Running from : C:\Users\RedxWing14\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\RedxWing14\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5829 bytes] - [02/03/2015 23:10:19]
AdwCleaner[R1].txt - [450 bytes] - [02/03/2015 23:44:35]
AdwCleaner[R2].txt - [961 bytes] - [02/03/2015 23:51:15]
AdwCleaner[R3].txt - [1407 bytes] - [06/03/2015 23:18:01]
AdwCleaner[S0].txt - [5442 bytes] - [02/03/2015 23:12:24]
AdwCleaner[S1].txt - [1340 bytes] - [06/03/2015 23:20:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1399  bytes] ##########
 
 
 
Avast is still picking up malware from chrome.exe for me:
-filesspot.co.il
-bestwebest.net
-finecoupon.info
-veterance.org
-filesyoume.co.il
-filehelperex.com


#4 NotFamous

NotFamous
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 07 March 2015 - 02:31 AM

Another had just shown for me, setgroupsuper.info. I have also noticed that they all end with /sync/?q=C6qUojk8qdg9rHU6qj...



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:18 PM

Posted 07 March 2015 - 09:07 AM

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

If that fails to solve the issue.

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Reinstall Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Keep me posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:18 PM

Posted 13 March 2015 - 08:19 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:18 PM

Posted 19 March 2015 - 07:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users