Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Audio ads on startup


  • Please log in to reply
4 replies to this topic

#1 Oldspice999

Oldspice999

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 11 March 2015 - 03:04 AM

I keep hearing commercials a few minutes after starting my computer. I've tried Malwarebytes root and anti-malware killer, TDSkiller, hitman pro, ADW Cleaner, JRT, Rkill, SpyBot search and destroy and finally RogueKiller. Nothing was detected until the latest version of RogueKiller picked up 5 instances of PUM.Proxy on my computer. I'm at my wits end. Any and all help is appreciated. I am running windows 8.1 so you know windows defender has been useless also. Thank you...


Edited by Chris Cosgrove, 11 March 2015 - 07:38 AM.
Moved from Win 8 to Am I infected?


BC AdBot (Login to Remove)

 


m

#2 Fish66

Fish66

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 11 March 2015 - 11:03 AM

Hello,

 I've tried Malwarebytes root and anti-malware killer, TDSkiller, hitman pro, ADW Cleaner, JRT, Rkill, SpyBot search and destroy and finally RogueKiller

 

SpyBot search and destroy===> I prefer to uninstall it!

You can read this informations : http://thepcsecurity.com/spybot-search-destroy-review-spybot-sd-antispyware-malware-protection/

--------------------

Sure your computer is infected, you can do this :

Farbar Recovery Scan Tool (FRST):



#3 Oldspice999

Oldspice999
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 11 March 2015 - 03:22 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by cellu_000 (administrator) on MARCELLUS-PC on 11-03-2015 13:18:24
Running from C:\Users\cellu_000\Downloads
Loaded Profiles: cellu_000 (Available profiles: Marcellus & UpdatusUser & cellu_000 & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
() C:\Program Files (x86)\Opera\27.0.1689.76\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
() C:\Program Files\RogueKiller\RogueKiller.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.76\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-2302895933-267773978-581884848-1005\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2302895933-267773978-581884848-1005\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59855;https=127.0.0.1:59855
HKU\S-1-5-21-2302895933-267773978-581884848-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\cellu_000\AppData\Roaming\Mozilla\Firefox\Profiles\71j6mcd1.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-05]
CHR Extension: (Google Docs) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-05]
CHR Extension: (Google Drive) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-05]
CHR Extension: (YouTube) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-05]
CHR Extension: (Google Search) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-05]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-11-05]
CHR Extension: (Google Sheets) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-05]
CHR Extension: (FancyChrome) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lihmacdfkjijpiignlhcapcednklceog [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-05]
CHR Extension: (Gmail) - C:\Users\cellu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-05]
 
Opera: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ChromeEnhancer; C:\Program Files\ChromeEnhancer\ChromeEnhancer.exe [47104 2015-01-30] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-03-10] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 13:18 - 2015-03-11 13:18 - 00011958 _____ () C:\Users\cellu_000\Downloads\FRST.txt
2015-03-11 13:17 - 2015-03-11 13:18 - 00000000 ____D () C:\FRST
2015-03-11 13:17 - 2015-03-11 13:17 - 02095616 _____ (Farbar) C:\Users\cellu_000\Downloads\FRST64.exe
2015-03-11 13:17 - 2015-03-11 13:17 - 01135104 _____ (Farbar) C:\Users\cellu_000\Downloads\FRST.exe
2015-03-11 04:44 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 04:44 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 20:20 - 2015-03-10 20:20 - 00000871 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-10 20:20 - 2015-03-10 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-10 20:20 - 2015-03-10 20:20 - 00000000 ____D () C:\Program Files\RogueKiller
2015-03-10 20:18 - 2015-03-11 13:16 - 02345892 _____ (Adlice Software ) C:\Users\cellu_000\Downloads\setup (1).exe
2015-03-10 20:18 - 2015-03-10 20:19 - 17408824 _____ (Adlice Software ) C:\Users\cellu_000\Downloads\setup.exe
2015-03-09 09:38 - 2015-03-09 09:38 - 00000085 _____ () C:\WINDOWS\wininit.ini
2015-03-08 22:37 - 2015-03-08 22:40 - 18732632 _____ () C:\Users\cellu_000\Downloads\RogueKillerX64.exe
2015-03-08 22:29 - 2015-03-10 20:20 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-03-08 22:29 - 2015-03-08 22:40 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-08 20:36 - 2015-03-08 20:36 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-08 20:26 - 2015-03-08 20:31 - 15568472 _____ () C:\Users\cellu_000\Downloads\RogueKiller.exe
2015-03-08 20:26 - 2015-03-08 20:27 - 00852604 _____ () C:\Users\cellu_000\Downloads\SecurityCheck.exe
2015-03-08 13:00 - 2015-03-11 01:00 - 00000000 ____D () C:\Program Files\Nightly
2015-03-05 08:32 - 2015-03-08 20:35 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-05 08:30 - 2015-03-08 20:35 - 00000000 ____D () C:\Users\cellu_000\Desktop\mbar
2015-03-05 08:27 - 2015-03-05 08:28 - 16502728 _____ (Malwarebytes Corp.) C:\Users\cellu_000\Downloads\mbar-1.09.1.1004.exe
2015-03-05 06:18 - 2015-03-05 06:18 - 00000000 _____ () C:\autoexec.bat
2015-03-05 06:09 - 2015-03-05 06:09 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\cellu_000\Downloads\SpyHunter-Installer.exe
2015-03-05 06:03 - 2015-03-05 06:16 - 10995632 _____ (SurfRight B.V.) C:\Users\cellu_000\Downloads\HitmanPro_x64(1).exe
2015-03-05 05:57 - 2015-03-05 05:57 - 00003828 _____ () C:\Users\cellu_000\Desktop\Rkill.txt
2015-03-05 05:57 - 2015-03-05 05:57 - 00000000 ____D () C:\Users\cellu_000\Desktop\rkill
2015-03-05 05:55 - 2015-03-05 05:57 - 05612482 _____ (Swearware) C:\Users\cellu_000\Downloads\ComboFix.exe
2015-03-05 05:55 - 2015-03-05 05:55 - 00001413 _____ () C:\Users\cellu_000\Desktop\JRT.txt
2015-03-05 05:54 - 2015-03-05 05:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\cellu_000\Downloads\tdsskiller(1).exe
2015-03-05 05:54 - 2015-03-05 05:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\cellu_000\Downloads\rkill.exe
2015-03-05 05:53 - 2015-03-05 05:53 - 02126848 _____ () C:\Users\cellu_000\Downloads\AdwCleaner(1).exe
2015-03-05 05:52 - 2015-03-05 05:53 - 02126848 _____ () C:\Users\cellu_000\Downloads\AdwCleaner.exe
2015-03-05 05:51 - 2015-03-05 05:51 - 01388333 _____ (Thisisu) C:\Users\cellu_000\Downloads\JRT(1).exe
2015-02-24 12:33 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-24 12:33 - 2014-12-13 14:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-24 12:33 - 2014-10-28 18:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-24 12:33 - 2014-10-28 18:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-24 12:33 - 2014-10-28 18:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-24 12:33 - 2014-10-28 18:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-22 08:22 - 2015-02-22 08:22 - 00001032 _____ () C:\Users\cellu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinHex.lnk
2015-02-22 08:10 - 2015-02-22 08:22 - 00000000 ____D () C:\Program Files (x86)\WinHex
2015-02-22 08:09 - 2015-02-22 08:10 - 02357913 _____ () C:\Users\cellu_000\Downloads\winhex.zip
2015-02-19 00:40 - 2015-02-19 00:41 - 00000000 ____D () C:\BP2K
2015-02-19 00:40 - 2015-02-19 00:40 - 00000399 _____ () C:\Users\Public\Desktop\BidPlus Millennium.lnk
2015-02-19 00:40 - 2015-02-19 00:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-19 00:40 - 2015-02-19 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BidPlus
2015-02-19 00:40 - 2000-07-26 08:00 - 00995383 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc44538.rra
2015-02-19 00:37 - 2015-02-19 00:37 - 05557670 _____ (companyname) C:\Users\cellu_000\Downloads\bpmm9000.exe
2015-02-13 21:50 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 21:50 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 00:52 - 2015-02-11 00:52 - 00002160 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-02-11 00:52 - 2015-02-05 10:57 - 00621384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-02-11 00:50 - 2015-02-05 14:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-11 00:50 - 2015-02-05 14:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00833680 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-11 00:50 - 2015-02-05 14:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-11 00:25 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 00:25 - 2015-01-10 02:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 00:25 - 2015-01-10 01:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 00:25 - 2015-01-10 00:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 00:25 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 00:25 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 00:25 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 00:25 - 2014-10-28 19:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 00:25 - 2014-10-28 19:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 00:25 - 2014-10-28 18:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 00:25 - 2014-10-28 18:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 00:25 - 2014-10-28 18:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 00:25 - 2014-10-28 18:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 00:25 - 2014-10-28 18:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 00:25 - 2014-10-28 18:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 00:24 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 00:24 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 00:24 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 00:24 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 00:24 - 2015-01-13 15:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 00:24 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 00:24 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 00:24 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 00:24 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 00:24 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 00:24 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 00:24 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 00:24 - 2014-12-08 16:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 00:24 - 2014-10-28 19:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 00:24 - 2014-10-28 19:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 00:24 - 2014-10-28 19:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 00:24 - 2014-10-28 19:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 00:24 - 2014-10-28 18:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 00:23 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 00:23 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 00:23 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 00:23 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 00:23 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 00:23 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 00:23 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 00:23 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 00:23 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 00:23 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 00:23 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 00:23 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 00:23 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 00:23 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 00:23 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 00:23 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 00:23 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 00:23 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 00:23 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 00:23 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 00:23 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 00:23 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 00:23 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 00:23 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 00:23 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 00:23 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 00:23 - 2015-01-11 18:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 00:23 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 00:23 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 00:23 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 00:23 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 00:23 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 00:23 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 00:23 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 00:23 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 00:23 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 00:23 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 00:23 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-11 13:13 - 2015-02-07 11:11 - 00003836 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1423332579
2015-03-11 13:13 - 2015-02-07 11:09 - 00001158 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-03-11 13:13 - 2015-02-07 11:09 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-11 13:13 - 2014-11-07 12:01 - 00000000 ____D () C:\Users\cellu_000\AppData\Roaming\vlc
2015-03-11 13:07 - 2014-05-13 00:07 - 01770652 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-11 13:04 - 2014-05-13 03:47 - 00003958 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6A8923B4-AEDD-44E9-AEB4-8A10E2E6D590}
2015-03-11 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-11 12:49 - 2014-11-06 00:13 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-03-11 12:32 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-11 11:52 - 2015-02-07 10:24 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 07:06 - 2014-05-12 23:07 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2302895933-267773978-581884848-1005
2015-03-11 05:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-11 05:32 - 2014-05-12 20:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 05:31 - 2014-05-12 20:13 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-09 09:38 - 2015-02-01 12:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-09 09:38 - 2015-02-01 12:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-08 22:54 - 2014-03-18 03:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-08 22:51 - 2014-05-13 00:41 - 00000000 ___DO () C:\Users\cellu_000\OneDrive
2015-03-08 22:50 - 2014-11-05 23:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-08 22:50 - 2014-05-13 00:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-08 22:50 - 2014-03-18 02:54 - 00067916 _____ () C:\WINDOWS\PFRO.log
2015-03-08 22:50 - 2013-08-22 07:46 - 00427599 _____ () C:\WINDOWS\setupact.log
2015-03-08 22:50 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-08 22:50 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-08 20:23 - 2015-02-07 10:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-05 09:21 - 2014-11-07 09:58 - 00000000 ____D () C:\Users\cellu_000\AppData\Roaming\uTorrent
2015-03-05 05:55 - 2014-11-07 11:57 - 00000000 ____D () C:\AdwCleaner
2015-03-03 06:17 - 2014-05-12 20:12 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-02-21 23:33 - 2013-08-22 07:46 - 00000618 _____ () C:\WINDOWS\setuperr.log
2015-02-21 23:26 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-13 22:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 21:44 - 2013-08-22 07:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-13 01:56 - 2014-12-10 07:26 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-13 01:56 - 2014-11-08 16:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2015-02-01 12:40 - 2015-02-01 12:40 - 0000004 _____ () C:\Users\cellu_000\AppData\Roaming\.lockfile
 
Some content of TEMP:
====================
C:\Users\cellu_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\cellu_000\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\cellu_000\AppData\Local\Temp\Quarantine.exe
C:\Users\cellu_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-07 07:14
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by cellu_000 at 2015-03-11 13:18:56
Running from C:\Users\cellu_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2302895933-267773978-581884848-1005\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
BidPlus Millennium (HKLM-x32\...\{209F1840-FF45-11D3-85B3-0050DA772BCA}) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
InfiniteCrisis_7C9F5EC32A45 (HKLM-x32\...\InfiniteCrisis_7C9F5EC32A45) (Version:  - Turbine, Inc)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0a1 - Mozilla)
Nightly 39.0a1 (x64 en-US) (HKLM\...\Nightly 39.0a1 (x64 en-US)) (Version: 39.0a1 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 28.0.1750.40 (HKLM-x32\...\Opera 28.0.1750.40) (Version: 28.0.1750.40 - Opera Software ASA)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinHex (HKLM-x32\...\WinHex) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
21-02-2015 09:22:29 Scheduled Checkpoint
25-02-2015 07:00:34 Windows Update
07-03-2015 12:13:29 Scheduled Checkpoint
11-03-2015 05:27:17 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2015-02-01 15:54 - 00450796 ____N C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 .psf
0.0.0.0 psf
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {211FD53C-6BE4-4369-9868-3F0398E45291} - \GPUP No Task File <==== ATTENTION
Task: {B37FD86A-616D-4AA4-ACD9-AAACEF31D0FC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {E55D4548-6E6A-41A7-A131-3E273FE39BC5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {F09BC3C0-5317-43C7-8CF9-9E60D73FF11C} - System32\Tasks\Opera scheduled Autoupdate 1423332579 => C:\Program Files (x86)\Opera\launcher.exe [2015-03-10] (Opera Software)
Task: {FBDC5830-94D4-435A-AC4D-B14052A6B3C8} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-12-11 03:55 - 2015-02-05 12:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-08 11:23 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2015-02-27 00:39 - 2015-02-25 08:06 - 00552056 _____ () C:\Program Files (x86)\Opera\27.0.1689.76\opera_crashreporter.exe
2015-03-10 20:20 - 2015-03-10 10:21 - 18789464 _____ () C:\Program Files\RogueKiller\RogueKiller.exe
2014-11-08 11:23 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2015-02-27 00:39 - 2015-02-25 08:06 - 00157816 _____ () C:\Program Files (x86)\Opera\27.0.1689.76\message_center_win8.dll
2015-02-27 00:39 - 2015-02-25 08:06 - 01408632 _____ () C:\Program Files (x86)\Opera\27.0.1689.76\libglesv2.dll
2015-02-27 00:39 - 2015-02-25 08:06 - 00219256 _____ () C:\Program Files (x86)\Opera\27.0.1689.76\libegl.dll
2015-02-27 00:39 - 2015-02-25 08:06 - 09510520 _____ () C:\Program Files (x86)\Opera\27.0.1689.76\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\cellu_000\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21191073.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21191073.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2302895933-267773978-581884848-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\cellu_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ChromeEnhancer => 2
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2302895933-267773978-581884848-500 - Administrator - Enabled) => C:\Users\Administrator
cellu_000 (S-1-5-21-2302895933-267773978-581884848-1005 - Administrator - Enabled) => C:\Users\cellu_000
Guest (S-1-5-21-2302895933-267773978-581884848-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2302895933-267773978-581884848-1002 - Limited - Enabled)
Marcellus (S-1-5-21-2302895933-267773978-581884848-1001 - Administrator - Disabled) => C:\Users\Marcellus
UpdatusUser (S-1-5-21-2302895933-267773978-581884848-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: DATA
Description: ST2000DM001-9YN164
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: WPD FileSystem Volume Driver
Description: WPD FileSystem Volume Driver
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Elements
Description: Elements 107C   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: WD      
Service: WUDFWpdFs
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2015 06:22:23 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
 
System errors:
=============
Error: (03/08/2015 10:29:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (03/05/2015 08:20:03 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 08:19:43 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (03/05/2015 08:19:33 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 07:30:59 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 06:55:07 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 06:54:37 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 06:40:34 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 06:40:04 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (03/05/2015 06:39:34 AM) (Source: DCOM) (EventID: 10010) (User: MARCELLUS-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2015 06:22:23 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-07 11:06:39.409
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 11:06:39.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 11:06:38.973
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 11:06:38.837
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:51.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:51.748
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:21.498
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:21.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:21.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-02-21 08:22:21.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 6143.05 MB
Available physical RAM: 4048.37 MB
Total Pagefile: 7551.05 MB
Available Pagefile: 4814.4 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (Windows 8.1) (Fixed) (Total:111.79 GB) (Free:72.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:801.2 GB) (Free:501.05 GB) exFAT
Drive g: (Elements) (Fixed) (Total:3725.99 GB) (Free:3674.68 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================


#4 Fish66

Fish66

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 AM

Posted 12 March 2015 - 02:40 AM

Hi,

You can do the steps below!  :thumbsup2: 

 

@+


Edited by Fish66, 12 March 2015 - 03:53 AM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,616 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:52 AM

Posted 12 March 2015 - 06:31 AM

Hello OldSpice999,

As Fish66 is not allowed to offer FRST assistance I move the topic to the correct forum and will work with you from here. My apologies for any confusion this may have caused.

 

Please press Windows key + R, type notepad and press enter. Copy/paste the following text into Notepad and save it as fixlist.txt in the same location as frst.txt <-- IMPORTANT


GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:59855;https=127.0.0.1:59855

Now rerun FRST and click the Fix button. When finished this will create a log, please post that in your next reply and let me know how your computer is running now.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users