Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure, Video display gets corrupted, a user I can't get rid of, winsock entries


  • This topic is locked This topic is locked
7 replies to this topic

#1 Lucian1215

Lucian1215

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 13 April 2015 - 11:04 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Lucian (administrator) on ACADIA on 13-04-2015 23:44:14
Running from E:\installers\Security
Loaded Profiles: Lucian (Available profiles: boinc_master & Lucian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Sonix) C:\Windows\vspc1300.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\TabletDriver\TabletDriver.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [spc1300] => C:\Windows\vspc1300.exe [675840 2010-01-26] (Sonix)
HKLM\...\Run: [TabletDriver] => C:\Program Files\TabletDriver\TabletDriver.exe [1141464 2015-02-05] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1489912394-3794689602-3272471746-1005\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-06-16] (Yahoo! Inc.)
HKU\S-1-5-21-1489912394-3794689602-3272471746-1005\...\MountPoints2: {1456cfb6-c1cb-11e3-ab52-78843ce866c7} - D:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1489912394-3794689602-3272471746-1005\...\MountPoints2: {f5d54f43-2f72-11e1-842c-d2da181c864d} - D:\TL-Bootstrap.exe
HKU\S-1-5-21-1489912394-3794689602-3272471746-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1489912394-3794689602-3272471746-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1489912394-3794689602-3272471746-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-14] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1489912394-3794689602-3272471746-1005: @tools.google.com/Google Update;version=3 -> C:\Users\Lucian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1489912394-3794689602-3272471746-1005: @tools.google.com/Google Update;version=9 -> C:\Users\Lucian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-1489912394-3794689602-3272471746-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lucian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\Extensions\artur.dubovoy@gmail.com [2015-04-09]
FF Extension: Ghostery - C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: MEGA - C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\Extensions\firefox@mega.co.nz.xpi [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-26]
FF HKLM-x32\...\Firefox\Extensions: [infoatoms@infoatoms.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2015-04-13]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2015-04-13]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://yahoo.com/"
CHR Profile: C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-22]
CHR Extension: (No Name) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-01-21]
CHR Extension: (No Name) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-21]
CHR Extension: (Norton Identity Safe) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-27]
CHR Extension: (No Name) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-23]
CHR Extension: (No Name) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-11-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 BOINC; C:\Program Files (x86)\BOINC\boinc.exe [529152 2010-05-27] (World Community Grid)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S3 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [61440 2013-07-02] (Digital Delivery Networks, Inc.) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
S3 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 wRAPPER; C:\Program Files (x86)\NTWrapperLite\NTWrapper.exe [532280 2008-11-12] (DuoData™ Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-08-25] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
U3 EraserUtilDrv11411; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [142640 2014-11-25] (Symantec Corporation)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [57688 2011-07-07] (Focusrite Audio Engineering Limited.)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20140717.001\IDSVia64.sys [525016 2014-08-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150413.001\ENG64.SYS [129752 2014-11-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20150413.001\EX64.SYS [2137304 2014-11-15] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-03-13] (NVIDIA Corporation)
S3 phaudlwr; C:\Windows\System32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-23] ()
S3 SPC1300; C:\Windows\System32\DRIVERS\spc1300.sys [3251968 2010-01-26] ()
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-04-13] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-04-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [10752 2014-09-16] (Windows ® Win 7 DDK provider)
S3 PTSimBus; system32\DRIVERS\PTSimBus.sys [X]
S3 PTSimHid; system32\DRIVERS\PTSimHid.sys [X]
S3 w4shwdrv; \??\C:\Users\Lucian\AppData\Local\Temp\w4sAD35.tmp [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 23:44 - 2015-04-13 23:44 - 00000000 ____D () C:\FRST
2015-04-13 23:09 - 2015-04-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-04-13 23:06 - 2015-04-13 23:06 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2015-04-13 23:06 - 2015-04-13 23:06 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2015-04-13 23:05 - 2015-04-13 23:05 - 00002571 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-04-13 23:05 - 2015-04-13 23:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-04-13 23:05 - 2015-04-13 23:05 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2015-04-13 22:56 - 2015-04-13 23:09 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-04-13 22:56 - 2015-04-13 22:58 - 00001251 _____ () C:\Users\Lucian\Desktop\Norton Installation Files.lnk
2015-04-13 22:23 - 2015-04-13 22:23 - 00896048 _____ () C:\Users\Lucian\Desktop\Norton_Removal_Tool.exe
2015-04-09 21:55 - 2015-04-09 21:55 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-08 16:46 - 2015-04-08 16:46 - 00001050 _____ () C:\Users\Lucian\Desktop\GeDoSaToTool.exe - Shortcut.lnk
2015-04-08 16:45 - 2015-04-08 16:45 - 00000778 _____ () C:\Users\Lucian\Desktop\TK17-114.001_mod.exe.lnk
2015-04-08 15:59 - 2015-04-08 16:03 - 00000000 ____D () C:\Users\Lucian\AppData\Local\NVIDIA
2015-04-08 15:56 - 2015-04-08 16:05 - 00001375 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-04-08 15:56 - 2015-04-08 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-08 15:56 - 2015-03-27 23:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-08 15:56 - 2015-03-27 23:44 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-08 15:56 - 2015-03-27 23:43 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-08 15:56 - 2015-03-27 23:43 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-08 15:55 - 2015-04-13 23:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-08 15:55 - 2015-04-08 15:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-04-08 15:55 - 2015-03-13 11:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-08 15:54 - 2015-03-13 15:41 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-08 15:54 - 2015-03-13 15:41 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-08 15:54 - 2015-03-13 12:16 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 15:54 - 2015-03-13 12:16 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 15:54 - 2015-03-13 12:16 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 15:54 - 2015-03-13 12:16 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 15:54 - 2015-03-13 12:16 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 15:54 - 2015-03-13 12:16 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 15:54 - 2015-03-11 09:10 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-08 15:53 - 2015-03-13 15:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-08 15:53 - 2015-03-13 15:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-08 15:53 - 2015-03-13 15:41 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-08 15:53 - 2015-03-13 15:41 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-08 15:53 - 2015-03-13 15:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 15:50 - 2015-04-08 15:50 - 00000000 ____D () C:\NVIDIA
2015-04-07 21:35 - 2015-04-07 21:35 - 00000000 ____D () C:\NPE
2015-04-07 21:29 - 2015-04-07 22:37 - 00000000 ____D () C:\Users\Lucian\AppData\Local\NPE
2015-04-07 21:17 - 2015-04-07 21:18 - 00001794 _____ () C:\Users\Lucian\Documents\cc_20150407_211755.reg
2015-04-07 20:22 - 2015-04-09 21:56 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 23:15 - 2015-04-05 23:15 - 00005122 _____ () C:\Users\Lucian\AppData\Local\recently-used.xbel
2015-04-02 23:06 - 2015-04-07 23:57 - 00000000 ____D () C:\BinariesNew
2015-03-31 20:19 - 2015-04-08 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2015-03-31 20:16 - 2015-04-13 23:35 - 00003819 _____ () C:\Windows\setupact.log
2015-03-31 20:16 - 2015-03-31 20:16 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 20:15 - 2015-04-13 22:38 - 00430430 _____ () C:\Windows\PFRO.log
2015-03-31 19:42 - 2015-04-13 21:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-31 19:41 - 2015-04-13 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-31 19:41 - 2015-04-13 19:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-31 19:41 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-31 19:41 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-31 19:37 - 2015-04-13 23:41 - 00487589 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 23:58 - 2015-03-29 23:58 - 00173290 _____ () C:\penny.mp3.reapeaks
2015-03-29 23:50 - 2015-03-29 23:50 - 02154810 _____ () C:\Voice 005.m4a
2015-03-28 12:00 - 2015-03-28 13:35 - 00000000 ____D () C:\Users\Lucian\Desktop\pictures for dylan
2015-03-24 17:21 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 17:21 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 17:21 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 17:21 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 17:21 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 17:21 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 17:21 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 17:21 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 23:28 - 2015-04-08 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 21:35 - 2015-03-20 21:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-03-20 21:29 - 2015-03-20 21:29 - 00000894 _____ () C:\Users\Public\Desktop\TabletDriver.lnk
2015-03-20 21:29 - 2015-03-20 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TabletDriver
2015-03-20 21:29 - 2015-03-20 21:29 - 00000000 ____D () C:\Program Files\TabletDriver
2015-03-20 21:29 - 2015-02-05 16:31 - 00042200 _____ (Graphics Tablet) C:\Windows\system32\wintab32.dll
2015-03-20 21:29 - 2015-02-05 16:31 - 00037592 _____ (Graphics Tablet) C:\Windows\SysWOW64\wintab32.dll
2015-03-20 21:29 - 2014-09-16 18:47 - 00010752 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vmulti.sys
2015-03-20 21:29 - 2014-09-16 18:47 - 00007680 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2015-03-20 21:29 - 2012-06-01 15:35 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUsbCoInstaller2.dll
2015-03-20 18:59 - 2015-03-20 19:20 - 00001419 _____ () C:\Windows\Tablet10000x6250M.ini
2015-03-20 18:41 - 2015-03-20 21:28 - 00000000 ____D () C:\Windows\SysWOW64\TabletPmt
2015-03-18 21:19 - 2015-03-18 21:28 - 00000000 ____D () C:\TinyTake
2015-03-18 21:19 - 2015-03-18 21:19 - 00003566 _____ () C:\Windows\System32\Tasks\TinyTakeUpgrade
2015-03-17 23:41 - 2014-11-27 10:03 - 00050688 _____ () C:\Users\Lucian\Desktop\TKPoseEditTool.exe
2015-03-17 23:12 - 2015-03-17 23:12 - 00000000 ____D () C:\Xstory3
2015-03-17 21:32 - 2015-04-07 22:17 - 00000000 ____D () C:\Users\Lucian\AppData\Local\X Moon Productions

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 23:45 - 2009-07-14 00:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 23:45 - 2009-07-14 00:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 23:38 - 2013-11-11 22:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 23:35 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 23:09 - 2011-07-29 21:49 - 00000000 ____D () C:\ProgramData\Norton
2015-04-13 23:07 - 2015-01-21 18:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1489912394-3794689602-3272471746-1005UA.job
2015-04-13 23:06 - 2012-03-16 07:37 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-04-13 23:06 - 2011-07-29 21:50 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-04-13 23:05 - 2011-07-29 21:49 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2015-04-13 22:57 - 2013-11-11 22:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 22:56 - 2012-12-12 19:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 22:56 - 2012-03-14 22:27 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-04-13 22:11 - 2011-08-08 07:45 - 00000000 ____D () C:\Users\Lucian\AppData\Local\CrashDumps
2015-04-13 19:10 - 2015-02-12 11:13 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 18:54 - 2013-08-26 18:21 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\vlc
2015-04-13 17:59 - 2014-12-22 19:34 - 00000000 ____D () C:\TKCustomBodyTool_II
2015-04-13 17:24 - 2015-01-21 18:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1489912394-3794689602-3272471746-1005Core.job
2015-04-13 17:19 - 2011-08-05 18:27 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1DBD0FA-4CB9-4F40-885A-B5230BBA7AD6}
2015-04-08 20:56 - 2011-08-05 20:00 - 00000000 ____D () C:\Users\Lucian\Documents\BSR Photos
2015-04-08 20:29 - 2014-12-22 00:30 - 00000000 ____D () C:\TheKlub17
2015-04-08 16:46 - 2015-02-03 18:48 - 00000000 ____D () C:\TK17_GeDoSaTo
2015-04-08 16:18 - 2011-08-05 22:32 - 00000000 ____D () C:\Program Files\REAPER (x64)
2015-04-08 16:00 - 2014-12-31 19:11 - 00000000 ____D () C:\Users\Lucian\AppData\Local\NVIDIA Corporation
2015-04-08 16:00 - 2011-07-29 20:42 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-08 15:56 - 2011-07-29 20:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-08 15:56 - 2011-07-29 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-08 15:55 - 2011-11-14 22:35 - 00000000 ____D () C:\Temp
2015-04-08 15:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2015-04-08 01:00 - 2015-03-03 23:42 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Audacity
2015-04-08 01:00 - 2015-02-12 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-04-08 01:00 - 2014-12-10 18:50 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 01:00 - 2014-05-08 17:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 01:00 - 2013-11-30 10:07 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\VERIZON
2015-04-08 01:00 - 2012-05-10 20:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-08 01:00 - 2011-08-05 22:32 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\REAPER
2015-04-08 01:00 - 2011-08-05 18:55 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\IrfanView
2015-04-08 01:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-08 00:58 - 2011-08-05 19:17 - 00000000 ____D () C:\Users\Lucian\AppData\Local\Mozilla
2015-04-08 00:57 - 2015-02-12 11:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-08 00:48 - 2015-02-12 11:13 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Malwarebytes
2015-04-07 23:57 - 2011-03-14 22:36 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-07 22:19 - 2011-07-29 21:06 - 00000000 ____D () C:\Users\boinc_master
2015-04-07 22:17 - 2014-09-22 01:02 - 00000000 ____D () C:\Program Files (x86)\Xilisoft
2015-04-07 21:12 - 2011-08-05 18:22 - 00000000 ____D () C:\Users\Lucian
2015-04-05 23:18 - 2014-09-24 23:19 - 00000000 ____D () C:\Users\Lucian\.gimp-2.8
2015-04-05 14:26 - 2013-11-11 22:20 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 19:37 - 2012-08-20 18:59 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Azureus
2015-03-31 19:37 - 2011-12-26 15:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-31 19:37 - 2011-09-28 04:18 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Media Player Classic
2015-03-30 18:57 - 2012-01-01 19:20 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-03-21 16:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-20 18:41 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 23:22 - 2014-08-24 13:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-17 23:12 - 2014-12-26 16:55 - 00000000 ____D () C:\Users\Lucian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Moon Productions
2015-03-17 06:15 - 2015-02-12 11:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2012-10-24 13:24 - 2012-10-24 13:24 - 0082991 _____ () C:\Program Files (x86)\Uninstal.exe
2015-03-08 00:14 - 2015-03-08 00:56 - 0000128 _____ () C:\Users\Lucian\AppData\Roaming\licecap.ini
2011-08-05 18:58 - 2012-07-26 18:44 - 0014336 _____ () C:\Users\Lucian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-05 23:15 - 2015-04-05 23:15 - 0005122 _____ () C:\Users\Lucian\AppData\Local\recently-used.xbel
2011-08-05 22:27 - 2014-12-16 00:09 - 0007598 _____ () C:\Users\Lucian\AppData\Local\resmon.resmoncfg
2011-07-29 20:32 - 2011-07-29 20:32 - 0000226 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\Lucian\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Lucian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lucian\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-27 03:45

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 17 April 2015 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

a user I can't get rid of, winsock entries

You should never remove winsock entries it's an important part of your access to the internet.
Why do you want to do this.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [infoatoms@infoatoms.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 PTSimBus; system32\DRIVERS\PTSimBus.sys [X]
S3 PTSimHid; system32\DRIVERS\PTSimHid.sys [X]
S3 w4shwdrv; \??\C:\Users\Lucian\AppData\Local\Temp\w4sAD35.tmp [X]
C:\Users\Lucian\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Lucian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lucian\AppData\Local\Temp\nvStInst.exe
AlternateDataStreams: C:\Nissan.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Nissan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7
AlternateDataStreams: C:\ProgramData\TEMP:8DAF83BD
AlternateDataStreams: C:\ProgramData\TEMP:92A815D8
AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C
AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA
AlternateDataStreams: C:\ProgramData\TEMP:B8791731
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34
AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72
AlternateDataStreams: C:\ProgramData\TEMP:F9F58B80
C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Lucian1215

Lucian1215
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 April 2015 - 11:34 AM

Hi nasdaq,

First, thank you for the time you took to help me. As for my problems, It usually takes 5 to 15 minutes for the video dispay corruption symptoms to show up after reboot  but so far so good.

Here are the 2 logs, hopefully I am clean.

 

NOTE: After running these utilities, I opened firefox with bleeping computer being the only page open. While posting these logs, Norton Antivirus notified me the following dlls where safe. It downloaded them all to C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\extensions\staged\artur.dubovoy@gmail.com\modules\ffmpeg

 

avcodec-55.dll

avfilter-3.dll

avformat-55.dll

avutil-52.dll

ffmpeg.exe

swresample-0.dll

there is also a folder called macros with a file ffmpeg in it. no extension

 

And now the video corruption is back. Tried to paste in images from Snipping tool but the site doesn't like that

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-04-2015 01
Ran by Lucian at 2015-04-18 11:49:45 Run:1
Running from E:\installers\Security
Loaded Profiles: Lucian (Available profiles: boinc_master & Lucian)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF HKLM-x32\...\Firefox\Extensions: [infoatoms@infoatoms.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 PTSimBus; system32\DRIVERS\PTSimBus.sys [X]
S3 PTSimHid; system32\DRIVERS\PTSimHid.sys [X]
S3 w4shwdrv; \??\C:\Users\Lucian\AppData\Local\Temp\w4sAD35.tmp [X]
C:\Users\Lucian\AppData\Local\Temp\LiveUpdater.exe
C:\Users\Lucian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Lucian\AppData\Local\Temp\nvStInst.exe
AlternateDataStreams: C:\Nissan.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Nissan.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7
AlternateDataStreams: C:\ProgramData\TEMP:8DAF83BD
AlternateDataStreams: C:\ProgramData\TEMP:92A815D8
AlternateDataStreams: C:\ProgramData\TEMP:A0921B2C
AlternateDataStreams: C:\ProgramData\TEMP:A6D6E537
AlternateDataStreams: C:\ProgramData\TEMP:B6E6C4EA
AlternateDataStreams: C:\ProgramData\TEMP:B8791731
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34
AlternateDataStreams: C:\ProgramData\TEMP:E40AB54F
AlternateDataStreams: C:\ProgramData\TEMP:F9689B72
AlternateDataStreams: C:\ProgramData\TEMP:F9F58B80
C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com

End
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\infoatoms@infoatoms.com => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
PTSimBus => Service deleted successfully.
PTSimHid => Service deleted successfully.
w4shwdrv => Service deleted successfully.
C:\Users\Lucian\AppData\Local\Temp\LiveUpdater.exe => Moved successfully.
C:\Users\Lucian\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Lucian\AppData\Local\Temp\nvStInst.exe => Moved successfully.
"C:\Nissan.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Nissan.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\ProgramData\TEMP => ":6B709AD7" ADS removed successfully.
C:\ProgramData\TEMP => ":8DAF83BD" ADS removed successfully.
C:\ProgramData\TEMP => ":92A815D8" ADS removed successfully.
C:\ProgramData\TEMP => ":A0921B2C" ADS removed successfully.
C:\ProgramData\TEMP => ":A6D6E537" ADS removed successfully.
C:\ProgramData\TEMP => ":B6E6C4EA" ADS removed successfully.
C:\ProgramData\TEMP => ":B8791731" ADS removed successfully.
C:\ProgramData\TEMP => ":CAC06C34" ADS removed successfully.
C:\ProgramData\TEMP => ":E40AB54F" ADS removed successfully.
C:\ProgramData\TEMP => ":F9689B72" ADS removed successfully.
C:\ProgramData\TEMP => ":F9F58B80" ADS removed successfully.
"C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 11:49:49 ====

 

 

 

 

# AdwCleaner v4.201 - Logfile created 18/04/2015 at 12:02:30
# Updated 08/04/2015 by Xplode
# Database : 2015-04-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucian - ACADIA
# Running from : C:\Users\Lucian\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Save
Folder Deleted : C:\Tutorials
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lucian\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394281950374");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_secureddownload_15_04_ff&cd=2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0ByCtAzz0C0A0F0FtB0CtN0D0Tzu0StCtCtCyCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutC[...]
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_secureddownload_15_04_ff&cd=2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0ByCtAzz0C0A0F0FtB0CtN0D0Tzu0StCtCtCyCtN1L2XzutAtFyBtFtBtFtCtN1L1Czu[...]
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_secureddownload_15_04_ff&cd=2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0ByCtAzz0C0A0F0FtB0CtN0D0Tzu0StCtCtCyCtN1L2XzutAtFyBtFtBtFtCtN1L1C[...]
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1366866102285");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1366685420562");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1365825177491");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent136", "1364584540987");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1366154031301");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent101", "1366590246801");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1366774464633");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1366849666111");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1366669305620");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1366849666119");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1366846961457");
[vlyfww6x.default-1357439055341\prefs.js] - Line Deleted : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1366849666128");

-\\ Google Chrome v42.0.2311.90

[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_15_04_ff&cd=2XzuyEtN2Y1L1Qzu0C0C0A0FyBzz0ByCtAzz0C0A0F0FtB0CtN0D0Tzu0StCtCtCyCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtA0BtCzyyE0DtBtGyEtAzyzytG0AyD0ByCtG0EyBtByBtGtCtBtAzz0FtAyBtD0BzzyDyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0DtA0CyDzz0A0EtGyB0FtBzztGyEyDzzyDtG0AyB0BzytGzy0CtAyDyEyEtDtC0C0BtD0B2Q&cr=34318072&ir=
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hhbgpoakplhahbklhkcfbpicgjcaoglk
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\Lucian\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

*************************

AdwCleaner[R0].txt - [14980 bytes] - [18/04/2015 11:58:05]
AdwCleaner[S0].txt - [14790 bytes] - [18/04/2015 12:02:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14850  bytes] ##########
 



#4 Lucian1215

Lucian1215
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 April 2015 - 11:47 AM

I rebooted so I could get a few mins of time to post this, not sure if it helps. The video corruption is it copies areas of the screen to the top left area where there seems to be a cmd prompt listing things underneath the desktop witht he test popping through, if that makes sense. the screen gets very messy as it does repaints very slowly with all sorts of artifacts...screenshot attached

 

Attached File  Capture.PNG   55.36KB   0 downloads


Edited by Lucian1215, 18 April 2015 - 11:49 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 18 April 2015 - 01:18 PM

NOTE: After running these utilities, I opened firefox with bleeping computer being the only page open. While posting these logs, Norton Antivirus notified me the following dlls where safe. It downloaded them all to C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\extensions\staged\artur.dubovoy@gmail.com\modules\ffmpeg

avcodec-55.dll
avfilter-3.dll
avformat-55.dll
avutil-52.dll
ffmpeg.exe
swresample-0.dll
there is also a folder called macros with a file ffmpeg in it. no extension

And now the video corruption is back. Tried to paste in images from Snipping tool but the site doesn't like that


I'm not so sure about this.
This what we have in out database.
http://www.systemlookup.com/FF_Extensions/130-artur_dubovoy_gmail_com_xpi.html

The extensions\staged\artur.dubovoy@gmail.com\ is not safe.
===

I suggest you remove it from your FireFox Extension.

FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Lucian\AppData\Roaming\Mozilla\Firefox\Profiles\vlyfww6x.default-1357439055341\Extensions\artur.dubovoy@gmail.com [2015-04-09]

===

Your video problem may be caused by a bad or old driver.

I suggest you check the manufacturer's site of your Graphics Card and find out if a new driver is available.

#6 Lucian1215

Lucian1215
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 April 2015 - 01:46 PM

OK, other than that extension everything else looks good? Supposedly this is the latest driver. I will redownload and install. I just uninstalled it

 

While looking in device manager, I noticed this under network adaptors:

uninstalled it

Attached File  Capture.PNG   10.37KB   0 downloads

 

 

Rebooted with reinstalled driver, I will let this run for a few hours.

If all turns out well, I want to thank you again for your valuable help and assistance.


Edited by Lucian1215, 18 April 2015 - 02:32 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 24 April 2015 - 10:51 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:33 AM

Posted 30 April 2015 - 08:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users