Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd Explorer.exe Behaviour continued - Log Request by Louis


  • This topic is locked This topic is locked
4 replies to this topic

#1 juggss6

juggss6

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 10 April 2015 - 12:49 PM

Continued from here. Logs requested by Louis.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by schneider (administrator) on SCHNEIDER-PC on 10-04-2015 12:41:36
Running from C:\Users\schneider\Desktop
Loaded Profiles: schneider (Available profiles: schneider)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [818096 2015-04-10] (Webroot)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1994752 2014-02-20] (Wondershare)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11196224 2015-02-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\MountPoints2: {12bb79cd-b112-11e2-b416-bc5ff41fda98} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\...\MountPoints2: {e24d95d4-670c-11e2-ad4b-bc5ff41fda98} - F:\Autorun.exe
Startup: C:\Users\schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3477173454-3408011083-523321305-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3477173454-3408011083-523321305-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-04-10] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-04-10] (Webroot)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation)
DPF: HKLM-x32 {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} https://connect.taylorcorp.com/public/download/f5opswati.cab#Version=3,6,7821,2
DPF: HKLM-x32 {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} https://connect.taylorcorp.com/public/download/f5opswati.cab#Version=3,6,7821,2
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\SCHNEI~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {49EC7987-E331-44E3-B170-748B58A268B9} https://connect.taylorcorp.com/public/download/f5opswati.cab#Version=3,6,7821,2
DPF: HKLM-x32 {EBDC91CB-F23F-477D-B152-3F7243760D04} https://connect.taylorcorp.com/public/download/f5opswati.cab#Version=3,6,7821,2
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-06-17] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C548D3A2-CA9F-462C-96DA-F8016981B17C}: [NameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\schneider\AppData\Roaming\Mozilla\Firefox\Profiles\v29b8o4f.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-17] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-02] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-06-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-06-17] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3477173454-3408011083-523321305-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\schneider\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-25] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3477173454-3408011083-523321305-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-03-03]
FF Extension: Widevine Media Optimizer - C:\Users\schneider\AppData\Roaming\Mozilla\Firefox\Profiles\v29b8o4f.default\Extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d} [2015-01-09]
FF Extension: F5 Networks Host Plugin - C:\Users\schneider\AppData\Roaming\Mozilla\Firefox\Profiles\v29b8o4f.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-10-30]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-04-10]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> https://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (F5 Networks Plugin Host) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjhelpopbdbnlfmjkbkfkbfmbneaeob [2014-03-21]
CHR Extension: (YouTube) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-04-10]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2013-12-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2013-04-15]
CHR Extension: (Gmail) - C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-04-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-18] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-09] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-03-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-21] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [818096 2015-04-10] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [48808 2015-02-03] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [22696 2015-02-03] (Corsair)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-16] (Qualcomm Atheros Co., Ltd.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-10] (BitDefender S.R.L.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-03-31] (Acronis)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2015-04-10] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-04-10] (Webroot)
S1 ZAM; C:\Windows\System32\drivers\zam64.sys [103752 2015-04-10] (Zemana Ltd.)
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 12:41 - 2015-04-10 12:41 - 00020901 _____ () C:\Users\schneider\Desktop\FRST.txt
2015-04-10 12:41 - 2015-04-10 12:41 - 00000000 ____D () C:\FRST
2015-04-10 12:38 - 2015-04-10 12:38 - 02095616 _____ (Farbar) C:\Users\schneider\Desktop\FRST64.exe
2015-04-10 07:34 - 2015-04-10 09:41 - 00041095 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 07:16 - 2015-04-10 12:41 - 00000000 ____D () C:\ProgramData\WRData
2015-04-10 07:16 - 2015-04-10 07:16 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-04-10 07:16 - 2015-04-10 07:16 - 00116736 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-04-10 07:16 - 2015-04-10 07:16 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-04-10 07:16 - 2015-04-10 07:16 - 00041040 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-04-10 07:16 - 2015-04-10 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-04-10 07:16 - 2015-04-10 07:16 - 00000000 ____D () C:\Program Files\Webroot
2015-04-10 07:14 - 2015-04-10 07:14 - 00818096 _____ (Webroot) C:\Users\schneider\Downloads\wsainstall.exe
2015-04-10 06:31 - 2015-04-10 06:31 - 00347816 _____ (Microsoft Corporation) C:\Users\schneider\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-04-10 06:31 - 2015-04-10 06:31 - 00000000 ____D () C:\MATS
2015-04-10 06:03 - 2015-04-10 06:05 - 00466319 _____ () C:\Users\schneider\Downloads\avgremover.log
2015-04-10 06:00 - 2015-04-10 06:00 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\schneider\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-04-10 01:25 - 2015-04-10 01:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-10 01:18 - 2015-04-10 07:30 - 00000000 ____D () C:\Windows\pss
2015-04-10 00:36 - 2015-04-10 00:36 - 00103752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-04-10 00:35 - 2015-04-10 00:35 - 00000000 ____D () C:\Users\schneider\AppData\Local\Zemana
2015-04-10 00:25 - 2015-04-10 00:25 - 04675824 _____ (Zemana Ltd. ) C:\Users\schneider\Downloads\ZAMv2.10.2.18.Setup.exe
2015-04-10 00:10 - 2015-04-10 00:10 - 20268265 _____ () C:\Windows\REGBK00.ZIP
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Windows\logo_1.exe
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Users\schneider\Downloads\TempBK
2015-04-10 00:03 - 2015-04-10 00:48 - 00000056 _____ () C:\Windows\Lic.xxx
2015-04-10 00:03 - 2015-04-10 00:03 - 00350160 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-04-10 00:02 - 2015-04-10 00:02 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-04-10 00:02 - 2015-04-10 00:02 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2015-04-10 00:02 - 2015-04-10 00:02 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-04-10 00:02 - 2015-04-10 00:02 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2015-04-10 00:02 - 2015-04-10 00:02 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2015-04-10 00:02 - 2015-04-10 00:02 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-04-10 00:00 - 2015-04-10 00:01 - 158158304 _____ () C:\Users\schneider\Downloads\mwav.exe
2015-04-09 23:24 - 2015-04-09 23:24 - 01708032 _____ () C:\Users\schneider\Downloads\ZHPCleaner.exe
2015-04-09 23:11 - 2015-04-10 06:27 - 00018402 _____ () C:\Users\schneider\Downloads\Result.txt
2015-04-09 23:10 - 2015-04-09 23:10 - 00402944 _____ (Farbar) C:\Users\schneider\Downloads\MiniToolBox.exe
2015-04-09 23:08 - 2015-04-09 23:08 - 00588816 _____ () C:\Users\schneider\Downloads\Autoruns.zip
2015-04-09 22:58 - 2015-04-09 22:59 - 00776280 _____ (Toolwiz.com. ) C:\Users\schneider\Downloads\Setup_SmartDefrag.exe
2015-04-09 22:51 - 2015-04-10 07:37 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2015-04-09 22:51 - 2015-04-09 22:51 - 00120000 _____ () C:\Users\schneider\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-09 22:46 - 2015-04-09 22:46 - 00546456 _____ (www.privacyroot.com) C:\Users\schneider\Downloads\setup_wipe.exe
2015-04-09 22:42 - 2015-04-09 22:42 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-09 22:42 - 2015-04-09 22:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-09 22:42 - 2015-04-09 22:42 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-09 20:26 - 2015-04-09 20:26 - 00060416 _____ () C:\Users\schneider\Downloads\20051111090800656_SM204B.exe
2015-04-09 20:16 - 2013-07-16 11:00 - 00129224 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x64.sys
2015-04-09 20:13 - 2015-04-09 20:13 - 00209025 _____ () C:\Users\schneider\Downloads\win7-l1c-2.1.0.21-whql.zip
2015-04-09 17:26 - 2015-04-09 17:26 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\schneider\Downloads\rkill64.exe
2015-04-09 17:23 - 2015-04-09 17:23 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\schneider\Downloads\rkill.exe
2015-04-07 19:03 - 2015-04-07 19:05 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\PFStaticIP
2015-04-07 18:38 - 2015-04-07 19:05 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\PortForward.com
2015-04-07 18:38 - 2015-04-07 18:38 - 03618904 _____ (Portforward, LLC) C:\Users\schneider\Downloads\setup-network-utilities.exe
2015-04-05 01:18 - 2015-04-05 01:18 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 01:18 - 2015-04-05 01:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 18:18 - 2015-04-03 18:18 - 00034816 _____ () C:\Users\schneider\Downloads\K Sunrise Prairie.xls
2015-03-30 19:24 - 2015-03-30 19:24 - 02811464 _____ (Coupons.com Incorporated) C:\Users\schneider\Downloads\CouponPrinterCPS.exe
2015-03-28 18:49 - 2015-03-28 18:49 - 00000000 ____D () C:\Users\schneider\AppData\Local\next car game technology sneak peek
2015-03-28 18:17 - 2015-03-28 18:17 - 07186992 _____ (Microsoft Corporation) C:\Users\schneider\Downloads\vcredist_x64.exe
2015-03-28 18:17 - 2015-03-28 18:17 - 00889416 _____ (Microsoft Corporation) C:\Users\schneider\Downloads\dotNetFx40_Full_setup.exe
2015-03-28 18:17 - 2015-03-28 18:17 - 00292184 _____ (Microsoft Corporation) C:\Users\schneider\Downloads\dxwebsetup.exe
2015-03-28 18:16 - 2015-03-28 18:16 - 07878008 _____ (Microsoft Corporation) C:\Users\schneider\Downloads\Xbox360_64Eng.exe
2015-03-28 17:38 - 2015-03-28 17:40 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\InputMapper
2015-03-28 10:49 - 2015-03-28 10:49 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-24 15:58 - 2015-03-13 10:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-24 15:56 - 2015-03-13 14:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-24 15:56 - 2015-03-13 14:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-24 15:56 - 2015-03-13 14:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-21 18:38 - 2015-03-21 18:38 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\Corsair
2015-03-21 18:38 - 2015-03-21 18:38 - 00000000 ____D () C:\Users\schneider\AppData\Local\Corsair
2015-03-21 18:38 - 2015-03-21 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-03-21 18:38 - 2015-03-21 18:38 - 00000000 ____D () C:\Program Files (x86)\Corsair
2015-03-21 18:37 - 2015-03-21 18:37 - 00000000 ____D () C:\Users\schneider\Downloads\Corsair-Utility-Engine-v1.5.80
2015-03-21 18:26 - 2015-03-21 18:27 - 00000000 ____D () C:\Users\schneider\Documents\BFH
2015-03-16 16:05 - 2015-04-10 06:43 - 00000000 ____D () C:\ProgramData\boost_interprocess
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-10 07:50 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-10 07:50 - 2009-07-13 23:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-10 07:36 - 2009-07-14 00:13 - 00816622 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 07:31 - 2013-01-08 14:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-10 07:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 07:30 - 2013-11-25 21:02 - 00000000 ____D () C:\Users\schneider\AppData\Local\NVIDIA Corporation
2015-04-10 07:30 - 2013-01-08 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-10 07:30 - 2013-01-08 14:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-10 07:30 - 2013-01-08 14:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-10 07:30 - 2013-01-08 14:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-10 06:55 - 2014-01-18 21:49 - 00000000 ____D () C:\Users\schneider\Documents\DayZ
2015-04-10 06:54 - 2015-01-16 00:35 - 00001408 _____ () C:\Users\schneider\AppData\Roaming\BreakingPoint_Options.ini
2015-04-10 06:53 - 2015-01-16 00:35 - 00000297 _____ () C:\Users\schneider\AppData\Roaming\BreakingPoint_Login.ini
2015-04-10 06:37 - 2014-12-13 14:53 - 00014168 _____ () C:\Windows\SysWOW64\debug.log
2015-04-10 06:13 - 2009-07-14 00:08 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-10 06:05 - 2013-01-08 17:12 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-10 06:01 - 2014-12-04 21:42 - 00000000 ____D () C:\Users\schneider\AppData\Local\AvgSetupLog
2015-04-10 06:01 - 2014-11-04 14:22 - 00000000 ____D () C:\ProgramData\AVG
2015-04-10 00:03 - 2009-07-13 21:34 - 00000820 _____ () C:\Windows\win.ini
2015-04-09 23:35 - 2013-01-08 15:36 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\TS3Client
2015-04-09 23:33 - 2014-02-19 20:45 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {D4580967-3CD0-45C8-ABF3-0F6D5EA607CB}.job
2015-04-09 23:33 - 2014-02-19 20:45 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {D4580967-3CD0-45C8-ABF3-0F6D5EA607CB}.job
2015-04-09 23:33 - 2014-02-19 20:42 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {5F5607A2-6839-4FD8-B7F2-4A8365398AE6}.job
2015-04-09 23:33 - 2014-02-19 20:42 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {5F5607A2-6839-4FD8-B7F2-4A8365398AE6}.job
2015-04-09 23:33 - 2013-02-15 00:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 23:33 - 2013-01-08 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 23:33 - 2013-01-08 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 23:32 - 2013-01-08 14:58 - 00000000 ____D () C:\ProgramData\Origin
2015-04-09 23:26 - 2014-12-13 14:53 - 00000000 ____D () C:\Users\schneider\AppData\Local\AVG Web TuneUp
2015-04-09 23:26 - 2014-12-13 14:52 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-04-09 23:23 - 2014-11-04 14:34 - 00003706 _____ () C:\Windows\System32\Tasks\Java™ Platform SE Auto Updater
2015-04-09 23:23 - 2014-11-04 14:34 - 00003696 _____ () C:\Windows\System32\Tasks\Adobe Reader and Acrobat Manager
2015-04-09 23:23 - 2014-02-19 20:45 - 00003980 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Update {D4580967-3CD0-45C8-ABF3-0F6D5EA607CB}
2015-04-09 23:23 - 2014-02-19 20:45 - 00003794 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {D4580967-3CD0-45C8-ABF3-0F6D5EA607CB}
2015-04-09 23:23 - 2014-02-19 20:42 - 00003980 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Update {5F5607A2-6839-4FD8-B7F2-4A8365398AE6}
2015-04-09 23:23 - 2014-02-19 20:42 - 00003794 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {5F5607A2-6839-4FD8-B7F2-4A8365398AE6}
2015-04-09 23:23 - 2013-01-08 17:13 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-04-09 23:23 - 2013-01-08 14:37 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-09 23:23 - 2013-01-08 14:37 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-09 23:22 - 2014-12-23 17:53 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-04-09 23:22 - 2013-02-15 00:34 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-09 22:57 - 2013-01-08 14:25 - 00000000 ____D () C:\Users\schneider
2015-04-09 22:43 - 2013-06-27 21:35 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\Ventrilo
2015-04-09 22:43 - 2013-01-25 13:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-09 22:43 - 2013-01-25 13:10 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\DAEMON Tools Lite
2015-04-09 21:12 - 2015-03-04 20:56 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-09 21:09 - 2013-01-08 14:57 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-09 20:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 20:23 - 2013-01-08 14:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-09 19:57 - 2013-04-11 18:48 - 00000000 ____D () C:\Program Files (x86)\Sony
2015-04-09 11:13 - 2014-09-05 23:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 21:34 - 2013-01-08 16:17 - 00226680 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-08 14:29 - 2013-07-07 15:00 - 00000000 ____D () C:\Users\schneider\Documents\Euro Truck Simulator 2
2015-04-07 18:38 - 2013-01-08 23:18 - 00000000 ____D () C:\Users\schneider\AppData\Local\Downloaded Installations
2015-03-28 18:18 - 2013-05-24 22:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-28 17:40 - 2015-02-20 14:57 - 00000000 ____D () C:\ProgramData\DSDCS
2015-03-28 17:38 - 2015-02-20 14:54 - 00000000 ____D () C:\Program Files (x86)\DSDCS
2015-03-28 17:37 - 2015-02-20 14:40 - 00000000 ____D () C:\Users\schneider\AppData\Roaming\DSDCS
2015-03-28 17:01 - 2013-01-08 14:36 - 00000000 ____D () C:\Users\schneider\AppData\Local\Deployment
2015-03-28 10:50 - 2014-02-19 20:42 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-03-28 10:49 - 2014-09-05 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-28 10:49 - 2014-09-05 23:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-28 10:49 - 2014-02-19 20:43 - 00000000 ____D () C:\Program Files (x86)\epson
2015-03-28 10:49 - 2014-02-19 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-03-21 02:12 - 2015-03-04 20:56 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-21 02:12 - 2013-01-08 16:00 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-03-21 02:12 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 01:10 - 2013-01-08 15:00 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-17 17:24 - 2014-06-17 16:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-13 14:41 - 2015-02-10 17:39 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 14:41 - 2014-01-24 00:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-13 14:41 - 2013-10-01 19:59 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 14:41 - 2013-02-26 00:32 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 14:41 - 2013-02-26 00:32 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-13 14:41 - 2013-01-08 14:37 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 14:41 - 2013-01-08 14:37 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 14:41 - 2012-10-10 22:22 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 11:16 - 2013-01-08 14:37 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 11:16 - 2013-01-08 14:37 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 11:16 - 2013-01-08 14:37 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 11:16 - 2013-01-08 14:37 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 11:16 - 2013-01-08 14:37 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 11:16 - 2013-01-08 14:37 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-12 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 20:04 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 18:17 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 18:09 - 2009-07-13 23:45 - 00470168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 18:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 18:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 08:10 - 2013-01-08 14:37 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2015-01-16 00:35 - 2015-04-10 06:53 - 0000297 _____ () C:\Users\schneider\AppData\Roaming\BreakingPoint_Login.ini
2015-01-16 00:35 - 2015-04-10 06:54 - 0001408 _____ () C:\Users\schneider\AppData\Roaming\BreakingPoint_Options.ini
2014-08-04 18:31 - 2014-08-04 18:38 - 0000099 _____ () C:\Users\schneider\AppData\Roaming\LauncherSettings_live.cfg
2013-05-17 11:33 - 2014-03-09 12:26 - 0893239 _____ () C:\Users\schneider\AppData\Local\a.zip
2013-05-17 11:33 - 2014-03-09 12:26 - 2162416 _____ (Catalina Marketing Corp) C:\Users\schneider\AppData\Local\BcsKtYcHW.dll
2013-01-26 19:09 - 2013-01-26 19:09 - 0026900 _____ () C:\Users\schneider\AppData\Local\dt.dat
2013-09-07 20:15 - 2013-09-07 20:15 - 0002000 _____ () C:\Users\schneider\AppData\Local\recently-used.xbel
2013-04-07 10:47 - 2015-02-04 14:34 - 0001225 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\schneider\AppData\Local\Temp\avcuf32.dll
C:\Users\schneider\AppData\Local\Temp\avcuf64.dll
C:\Users\schneider\AppData\Local\Temp\avxdisk.dll
C:\Users\schneider\AppData\Local\Temp\bdc.exe
C:\Users\schneider\AppData\Local\Temp\bdcore.dll
C:\Users\schneider\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\schneider\AppData\Local\Temp\bdnimbus32.dll
C:\Users\schneider\AppData\Local\Temp\bdnimbus64.dll
C:\Users\schneider\AppData\Local\Temp\bdupdateservice.dll
C:\Users\schneider\AppData\Local\Temp\DEVCON.EXE
C:\Users\schneider\AppData\Local\Temp\eEmpty.exe
C:\Users\schneider\AppData\Local\Temp\encdec.dll
C:\Users\schneider\AppData\Local\Temp\esupdate.exe
C:\Users\schneider\AppData\Local\Temp\FSSync.dll
C:\Users\schneider\AppData\Local\Temp\Getvlist.exe
C:\Users\schneider\AppData\Local\Temp\ikave.dll
C:\Users\schneider\AppData\Local\Temp\ipc.dll
C:\Users\schneider\AppData\Local\Temp\kave.dll
C:\Users\schneider\AppData\Local\Temp\kavvlg.dll
C:\Users\schneider\AppData\Local\Temp\msvclnt.dll
C:\Users\schneider\AppData\Local\Temp\msvcp80.dll
C:\Users\schneider\AppData\Local\Temp\msvcp90.dll
C:\Users\schneider\AppData\Local\Temp\msvcr80.dll
C:\Users\schneider\AppData\Local\Temp\msvcr90.dll
C:\Users\schneider\AppData\Local\Temp\msvl64.dll
C:\Users\schneider\AppData\Local\Temp\msvlclnt.dll
C:\Users\schneider\AppData\Local\Temp\mwavdwnl.exe
C:\Users\schneider\AppData\Local\Temp\MWAVL.exe
C:\Users\schneider\AppData\Local\Temp\mwunzip.dll
C:\Users\schneider\AppData\Local\Temp\prLoader.dll
C:\Users\schneider\AppData\Local\Temp\red32.dll
C:\Users\schneider\AppData\Local\Temp\Reload.exe
C:\Users\schneider\AppData\Local\Temp\scan.dll
C:\Users\schneider\AppData\Local\Temp\ScanningProcess.exe
C:\Users\schneider\AppData\Local\Temp\setpriv.exe
C:\Users\schneider\AppData\Local\Temp\test2.exe
C:\Users\schneider\AppData\Local\Temp\trufos.dll
C:\Users\schneider\AppData\Local\Temp\unregx.exe
C:\Users\schneider\AppData\Local\Temp\UPDLL10.DLL
C:\Users\schneider\AppData\Local\Temp\viewtcp.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-07 15:34
 
==================== End Of Log ============================

Attached Files


Edited by juggss6, 10 April 2015 - 12:52 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 12 April 2015 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Remove this process usng the Add/Remove Programs applet.
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
SearchScopes: HKU\S-1-5-21-3477173454-3408011083-523321305-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3477173454-3408011083-523321305-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-03-03]
CHR DefaultSuggestURL: Default -> https://toolbar.avg.com/acp?q={searchTerms}&o=1
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X].
C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 juggss6

juggss6
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 12 April 2015 - 08:13 PM

Thank you for the help nasdaq. Here is the information you requested.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2015
Ran by schneider at 2015-04-12 20:05:13 Run:1
Running from C:\Users\schneider\Desktop
Loaded Profiles: schneider (Available profiles: schneider)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
ShortcutTarget: Wipe Tray Agent.lnk -> C:\Program Files\Wipe\Wipe.exe (No File)
SearchScopes: HKU\S-1-5-21-3477173454-3408011083-523321305-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3477173454-3408011083-523321305-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-02-14] (Catalina Marketing Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-03-03]
CHR DefaultSuggestURL: Default -> https://toolbar.avg.com/acp?q={searchTerms}&o=1
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X].
C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1
 
End
*****************
 
Processes closed successfully.
C:\Program Files\Wipe\Wipe.exe not found.
"HKU\S-1-5-21-3477173454-3408011083-523321305-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found. 
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-3477173454-3408011083-523321305-1000\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => Moved successfully.
Chrome DefaultSuggestURL not detected.
NvStreamKms => Service deleted successfully.
nvvad_WaveExtensible => Service deleted successfully.
C:\Users\SCHNEI~1\AppData\Roaming\CATALI~1 => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:05:13 ====
 
# AdwCleaner v4.201 - Logfile created 12/04/2015 at 20:08:47
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : schneider - SCHNEIDER-PC
# Running from : C:\Users\schneider\Desktop\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\schneider\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Deleted : C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v41.0.2272.118
 
[C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\schneider\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : chfdnecihphmhljaaejmgoiahnihplgn
 
*************************
 
AdwCleaner[R0].txt - [3188 bytes] - [12/04/2015 20:07:01]
AdwCleaner[S0].txt - [3153 bytes] - [12/04/2015 20:08:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3212  bytes] ##########

 

===

 

Computer was running fine after my initial thread. Another member helped me, I saw a few things were cleaned up during the time he was helping but eventually I found the program causing the original issue on my own. I saw that Louis wanted me to post a thread here so I thought maybe he saw something in the logs I posted that warranted follow up. ;)


Edited by juggss6, 12 April 2015 - 08:23 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 13 April 2015 - 06:44 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:48 PM

Posted 19 April 2015 - 07:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users