Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with: PC Helper - Chromium (32 bits) and more.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Azriel

Azriel

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 18 May 2015 - 05:17 PM

Good afternoon,

 

I am infected with multiple Malware after my kids downloaded a mod for mine-craft.  

 

  1. PC Helper pop-ups
  2. Pasta something sending me information about the best pasta in town??? (I'm not even joking)
  3. A ninja program I keep uninstalling.
  4. Any protect

I've tried uninstalling, running spy bot seak and destroy, Norton, Defender... nothing works.

 

Here are the logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2015 02
Ran by franc_000 (administrator) on BAGUERRA on 18-05-2015 18:08:31
Running from C:\Users\franc_000\Desktop
Loaded Profiles: franc_000 (Available profiles: franc_000 & Kids)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\jnszEC4A.tmp
() C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\hnsnDE.tmp
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.4016\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5765\Battle.net.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\nsa4441.tmp
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\franc_000\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [fst_ca_162] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [mbot_ca_501] => [X]
HKLM-x32\...\RunOnce: [Update] => C:\Users\franc_000\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\Run: [iLivid] => "C:\Users\franc_000\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\Run: [Facebook Update] => "C:\Users\franc_000\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\Run: [Windows Media Player Network Sharing Service] => rundll32 "C:\Users\franc_000\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll",_EntryPoint_RunDll32@16
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\Run: [GoogleChromeAutoLaunch_8379CDF622713D1B1AFDA8C394944FB6] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-05-05] (Google Inc.)
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\...\MountPoints2: {5bbec6b0-bcc7-11e3-bea0-2cd05ace6f21} - "J:\autorun.exe" 
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [589312 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [94088 2014-07-14] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-11]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\franc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-16]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{63abafbe-0669-05f9-63ab-bafbe066bef8}\hqghumeaylnlf.exe (PC Utilities Software Limited)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1431985900&z=ff9f4b8e7239466ddfbaddeg8zdc3g6tbbaw7t7e3g&from=cmi&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S398263482634
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1431985900&z=ff9f4b8e7239466ddfbaddeg8zdc3g6tbbaw7t7e3g&from=cmi&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S398263482634
HKU\S-1-5-21-3393436258-272874947-3774456233-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1431794395&z=03c3269c39a3d221c3c1fb0g3z5cag9mft0zfc9t6w&from=cmi&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S398263482634&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-16] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-05-17] (Thinknice Co. Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-16] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-05-16] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-05-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-3393436258-272874947-3774456233-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-03-04] (NVIDIA Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-11-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3393436258-272874947-3774456233-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\franc_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=sy&ts=1431985905&z=614c17f169f00db50f4aec2gez8ccg1tebewft0edw&from=cmi&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S398263482634
CHR StartupUrls: Default -> "https://www.google.ca/", "hxxp://www.oursurfing.com/?type=hp&ts=1431985900&z=ff9f4b8e7239466ddfbaddeg8zdc3g6tbbaw7t7e3g&from=cmi&uid=WDCXWD10EZEX-60ZF5A0_WD-WCC1S398263482634"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-16]
CHR Extension: (Google Docs) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-16]
CHR Extension: (Google Drive) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-16]
CHR Extension: (YouTube) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-16]
CHR Extension: (Google Search) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-16]
CHR Extension: (Google Sheets) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-16]
CHR Extension: (Bookmark Manager) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-16]
CHR Extension: (Google Wallet) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-16]
CHR Extension: (Gmail) - C:\Users\franc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-07] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 cdc5517a; c:\Program Files (x86)\Optimizer Pro 3.91\OptProMon.dll [1827368 2015-05-16] () <==== ATTENTION
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-17] (XTab system)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-02-10] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [337064 2015-05-16] (SysTool PasSame LIMITED) <==== ATTENTION
R2 xixynyko; C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\jnszEC4A.tmp [235520 2015-05-16] () [File not signed]
R2 xoxyjowi; C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\nsa4441.tmp [161280 2015-05-18] () [File not signed]
R2 xygefuzu; C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE\hnsnDE.tmp [396288 2015-05-16] () [File not signed]
S2 servervo; C:\Users\franc_000\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7480496 2013-09-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-20] (Broadcom Corporation.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-02-10] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64; C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys [61112 2014-07-12] (StdLib)
S1 ssnfd_1_10_0_5; system32\drivers\ssnfd_1_10_0_5.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 18:08 - 2015-05-18 18:08 - 00030532 _____ () C:\Users\franc_000\Desktop\FRST.txt
2015-05-18 18:07 - 2015-05-18 18:07 - 02107392 _____ (Farbar) C:\Users\franc_000\Downloads\FRST64 (1).exe
2015-05-18 18:07 - 2015-05-18 18:07 - 02107392 _____ (Farbar) C:\Users\franc_000\Desktop\FRST64 (1).exe
2015-05-18 18:06 - 2015-05-18 18:08 - 00000000 ____D () C:\FRST
2015-05-18 18:06 - 2015-05-18 18:06 - 02107392 _____ (Farbar) C:\Users\franc_000\Downloads\FRST64.exe
2015-05-18 17:52 - 2015-05-18 17:54 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-05-18 17:52 - 2015-05-18 17:54 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-05-18 17:52 - 2015-05-18 17:52 - 00000000 ____D () C:\Users\franc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-05-18 17:51 - 2015-05-18 17:52 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-05-18 17:51 - 2015-05-18 17:51 - 00613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsk6528.tmp
2015-05-18 17:51 - 2015-05-18 17:51 - 00000000 ____D () C:\Users\franc_000\AppData\Roaming\oursurfing
2015-05-18 02:40 - 2015-05-18 02:40 - 00790984 _____ (Internet app ) C:\Users\franc_000\Downloads\Unconfirmed 591238.crdownload
2015-05-17 21:24 - 2015-05-18 17:41 - 00001151 _____ () C:\Users\franc_000\Desktop\Continue Live Installation.lnk
2015-05-17 15:03 - 2015-05-17 15:04 - 13751816 _____ ( ) C:\Users\franc_000\Downloads\Unconfirmed 549225.crdownload
2015-05-17 10:29 - 2015-05-18 17:46 - 00000000 ____D () C:\Users\franc_000\AppData\Local\Ninja Loader
2015-05-17 10:28 - 2015-05-17 17:23 - 00000000 ____D () C:\ProgramData\{63abafbe-0669-05f9-63ab-bafbe066bef8}
2015-05-16 16:35 - 2015-05-17 11:09 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BD9261D-E95A-4890-8055-99637E8E9E88}
2015-05-16 16:35 - 2015-05-16 16:35 - 00000000 ____D () C:\Users\Kids\AppData\Local\Google
2015-05-16 13:04 - 2015-05-17 10:33 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3393436258-272874947-3774456233-1006
2015-05-16 12:59 - 2015-05-16 12:59 - 00000000 ____D () C:\Users\Kids\Documents\Bluetooth Exchange Folder
2015-05-16 12:59 - 2015-05-16 12:59 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\DAEMON Tools Pro
2015-05-16 12:59 - 2015-05-16 12:59 - 00000000 ____D () C:\Users\Kids\AppData\Local\NVIDIA Corporation
2015-05-16 12:59 - 2015-05-16 12:59 - 00000000 ____D () C:\Users\Kids\AppData\Local\Broadcom
2015-05-16 12:58 - 2015-05-17 18:16 - 00000000 ____D () C:\Users\Kids
2015-05-16 12:58 - 2015-05-17 06:03 - 00000000 ____D () C:\Users\Kids\AppData\Local\Packages
2015-05-16 12:58 - 2015-05-16 12:58 - 00001449 _____ () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-16 12:58 - 2015-05-16 12:58 - 00000020 ___SH () C:\Users\Kids\ntuser.ini
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Adobe
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Users\Kids\AppData\Local\VirtualStore
2015-05-16 12:58 - 2015-05-16 12:58 - 00000000 ____D () C:\Users\Kids\AppData\Local\NVIDIA
2015-05-16 12:58 - 2015-03-23 17:19 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-16 12:58 - 2015-03-23 17:18 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-16 12:58 - 2015-03-23 17:18 - 00000000 ___RD () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-16 12:58 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-16 12:58 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-16 12:58 - 2014-02-01 12:10 - 00000000 ____D () C:\Users\Kids\Documents\hp.system.package.metadata
2015-05-16 12:58 - 2014-02-01 12:10 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Macromedia
2015-05-16 12:58 - 2014-02-01 12:10 - 00000000 ____D () C:\Users\Kids\AppData\Local\Microsoft Help
2015-05-16 12:58 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-16 12:53 - 2015-05-16 12:53 - 00003162 _____ () C:\WINDOWS\System32\Tasks\{0F0F3860-8CFB-4AA3-9245-112769B56182}
2015-05-16 12:49 - 2015-05-16 12:49 - 00613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsa9398.tmp
2015-05-16 12:43 - 2015-05-18 17:54 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-05-16 12:43 - 2015-05-18 17:54 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-05-16 12:43 - 2015-05-18 17:54 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-05-16 12:43 - 2015-05-18 17:54 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-05-16 12:43 - 2015-05-18 17:51 - 00002381 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-16 12:42 - 2015-05-17 17:21 - 00002724 _____ () C:\WINDOWS\Tasks\temp_6bb308da-8cf4-4df8-8415-6c5441a2ba9e-1-6.job
2015-05-16 12:42 - 2015-05-16 12:42 - 00004848 _____ () C:\WINDOWS\System32\Tasks\temp_6bb308da-8cf4-4df8-8415-6c5441a2ba9e-1-6
2015-05-16 12:41 - 2015-05-18 17:52 - 00000000 ____D () C:\Program Files (x86)\Edu App
2015-05-16 12:41 - 2015-05-16 12:41 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-05-16 12:40 - 2015-05-18 17:52 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-05-16 12:40 - 2015-05-16 12:40 - 00613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsgB439.tmp
2015-05-16 12:40 - 2015-05-16 12:40 - 00000000 __SHD () C:\Users\franc_000\AppData\Roaming\AnyProtectEx
2015-05-16 12:40 - 2015-05-16 12:40 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-05-16 12:31 - 2015-05-16 12:36 - 00000000 ____D () C:\Users\franc_000\AppData\Local\E8395158-1431779493-B71B-1AE2-4296766CEBDE
2015-05-16 12:28 - 2015-05-18 17:23 - 00000000 ____D () C:\Users\franc_000\AppData\Roaming\E8395158-1431793705-B71B-1AE2-4296766CEBDE
2015-05-16 12:28 - 2014-08-25 10:17 - 00000000 _____ () C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-05-16 10:08 - 2015-05-16 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-16 10:07 - 2015-05-16 10:07 - 00000000 ____D () C:\Users\franc_000\AppData\Local\Deployment
2015-05-16 10:07 - 2015-05-16 10:07 - 00000000 ____D () C:\Users\franc_000\AppData\Local\Apps\2.0
2015-05-16 09:56 - 2015-05-16 09:56 - 00000000 ____D () C:\Program Files (x86)\less2pay
2015-05-16 09:44 - 2015-05-16 09:44 - 00065813 _____ () C:\WINDOWS\wininit.ini
2015-05-16 09:28 - 2015-05-16 09:28 - 00543032 _____ (BetOnSoft N.V.) C:\Users\franc_000\Downloads\Unconfirmed 962857.crdownload
2015-05-16 09:27 - 2015-05-16 09:27 - 00543032 _____ (BetOnSoft N.V.) C:\Users\franc_000\Downloads\Unconfirmed 618247.crdownload
2015-05-16 09:26 - 2015-05-16 09:26 - 00543032 _____ (BetOnSoft N.V.) C:\Users\franc_000\Downloads\Unconfirmed 567687.crdownload
2015-05-16 09:26 - 2015-05-16 09:26 - 00543032 _____ (BetOnSoft N.V.) C:\Users\franc_000\Downloads\Unconfirmed 237422.crdownload
2015-05-16 09:22 - 2015-05-16 09:22 - 00000000 ____D () C:\Program Files (x86)\FFlexiibleShoppeer
2015-05-16 08:58 - 2015-05-16 09:59 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-05-16 08:58 - 2015-05-16 08:58 - 00000000 ____D () C:\Users\franc_000\AppData\Local\PCTuner1
2015-05-16 08:30 - 2015-05-18 08:30 - 00001028 _____ () C:\WINDOWS\Tasks\jmgbWNXsJ2k.job
2015-05-16 08:30 - 2015-05-17 17:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-16 08:30 - 2015-05-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.91
2015-05-16 08:30 - 2015-05-17 17:55 - 00003270 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2015-05-16 08:30 - 2015-05-16 10:21 - 00000000 ____D () C:\ProgramData\{ff260a9c-fe0c-69b1-ff26-60a9cfe02a73}
2015-05-16 08:30 - 2015-05-16 08:30 - 00004042 _____ () C:\WINDOWS\System32\Tasks\jmgbWNXsJ2k
2015-05-16 08:30 - 2015-05-16 08:30 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Crossbrowse
2015-05-16 08:30 - 2015-05-16 08:30 - 00000000 ____D () C:\Users\Guest\AppData\Local\Crossbrowse
2015-05-16 08:30 - 2015-05-16 08:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Crossbrowse
2015-05-16 08:29 - 2015-05-16 12:47 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-16 08:29 - 2015-05-16 12:42 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-16 08:29 - 2015-05-16 08:59 - 00003690 _____ () C:\WINDOWS\System32\Tasks\IEError
2015-05-16 08:29 - 2015-05-16 08:59 - 00003506 _____ () C:\WINDOWS\System32\Tasks\AI_Updater
2015-05-16 08:29 - 2015-05-16 08:29 - 00000000 ____D () C:\Users\franc_000\AppData\Local\globalUpdate
2015-05-16 08:28 - 2015-05-17 17:22 - 00000356 _____ () C:\WINDOWS\Tasks\QHWXXQN1.job
2015-05-16 08:28 - 2015-05-17 10:30 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-05-16 08:28 - 2015-05-16 10:00 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp
2015-05-16 08:28 - 2015-05-16 09:59 - 00000000 ____D () C:\Program Files (x86)\PCMATICPLUSSOL
2015-05-16 08:28 - 2015-05-16 08:59 - 00003692 _____ () C:\WINDOWS\System32\Tasks\boosterpop
2015-05-16 08:28 - 2015-05-16 08:28 - 00003992 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-05-16 08:28 - 2015-05-16 08:28 - 00003660 _____ () C:\WINDOWS\System32\Tasks\IE_ERR4WDR
2015-05-16 08:28 - 2015-05-16 08:28 - 00003636 _____ () C:\WINDOWS\System32\Tasks\HDNINSTSCHD
2015-05-16 08:28 - 2015-05-16 08:28 - 00003574 _____ () C:\WINDOWS\System32\Tasks\RMYGRR
2015-05-16 08:28 - 2015-05-16 08:28 - 00003502 _____ () C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR
2015-05-16 08:28 - 2015-05-16 08:28 - 00002870 _____ () C:\WINDOWS\System32\Tasks\QHWXXQN1
2015-05-16 08:28 - 2015-05-16 08:28 - 00001939 _____ () C:\Users\Public\Desktop\PCMATICPLUS.lnk
2015-05-16 08:28 - 2015-05-16 08:28 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-05-16 08:28 - 2015-05-16 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCMATICPLUS
2015-05-16 08:28 - 2015-05-16 08:28 - 00000000 ____D () C:\ProgramData\41d2ca6adb7c4b5585247b56fff3ec4c
2015-05-16 08:28 - 2015-05-16 08:28 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-16 08:27 - 2015-05-16 08:28 - 00000000 ____D () C:\Users\franc_000\Documents\vlc
2015-05-14 18:59 - 2015-05-14 18:59 - 00000000 ___RD () C:\Users\franc_000\OneDrive
2015-05-10 12:10 - 2015-05-10 12:10 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-04-28 18:05 - 2015-04-28 18:05 - 00000000 ____D () C:\Users\franc_000\AppData\Local\Blizzard
2015-04-28 17:59 - 2015-05-14 14:26 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-04-28 17:59 - 2015-04-28 17:59 - 00001200 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-04-28 17:59 - 2015-04-28 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-04-20 22:07 - 2015-04-20 22:07 - 00007368 _____ () C:\Users\franc_000\Desktop\20150420220715.qfx
2015-04-20 18:08 - 2015-04-20 18:08 - 00000000 ____D () C:\Users\franc_000\Downloads\Game of Thrones S05E04 WEBRip XviD-FUM[ettv]
2015-04-20 18:07 - 2015-04-20 18:22 - 388899911 _____ () C:\Users\franc_000\Downloads\Game.of.Thrones.S05E02.HDTV.x264-Xclusive.mp4
2015-04-20 18:07 - 2015-04-20 18:08 - 00000000 ____D () C:\Users\franc_000\Downloads\Game of Thrones S05E03 WEBRip XviD-FUM[ettv]
2015-04-20 18:05 - 2015-04-20 18:05 - 02374320 _____ (PeerBlock, LLC ) C:\Users\franc_000\Desktop\PeerBlock-Setup_v1.2_r693.exe
2015-04-20 10:05 - 2015-04-20 10:05 - 01579520 _____ () C:\Users\franc_000\AppData\Roaming\jmgbWNXsJ2k.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 00005872 _____ () C:\Users\franc_000\AppData\Roaming\jmgbWNXsJ2k
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-18 18:08 - 2014-08-25 20:32 - 00000000 ____D () C:\Users\franc_000\AppData\Local\Battle.net
2015-05-18 18:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-18 17:56 - 2013-10-06 09:21 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3393436258-272874947-3774456233-1001
2015-05-18 17:51 - 2014-11-28 21:12 - 00001747 _____ () C:\Users\franc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-18 17:47 - 2013-10-09 20:17 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Pro
2015-05-18 17:44 - 2014-02-01 12:03 - 01256641 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-18 17:22 - 2013-12-25 10:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-18 17:17 - 2013-10-06 10:19 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-18 16:59 - 2014-02-01 12:58 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1CAB3E20-44D5-4734-88D6-EF992A454F03}
2015-05-18 16:15 - 2014-07-14 19:23 - 00000370 _____ () C:\WINDOWS\Tasks\bench-sys.job
2015-05-18 15:57 - 2014-04-19 09:52 - 00000962 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3393436258-272874947-3774456233-1001UA.job
2015-05-18 15:38 - 2014-07-14 19:23 - 00000370 _____ () C:\WINDOWS\Tasks\bench-S-1-5-21-3393436258-272874947-3774456233-1001.job
2015-05-18 13:02 - 2014-09-25 07:48 - 00000000 ____D () C:\Users\franc_000\Documents\Outlook Files
2015-05-18 10:17 - 2013-10-06 10:19 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-18 09:57 - 2014-04-19 09:52 - 00000940 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3393436258-272874947-3774456233-1001Core.job
2015-05-18 07:35 - 2013-11-10 10:18 - 00000000 ____D () C:\Users\franc_000\AppData\Roaming\.minecraft
2015-05-18 06:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-18 04:45 - 2014-09-27 11:33 - 00004986 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BAGUERRA-franc_000 Baguerra
2015-05-17 20:22 - 2014-09-06 16:58 - 00000000 ____D () C:\Users\franc_000\Downloads\Windows 8.1 Pro VL X86 MULTI6 Pre-Activated May 2014
2015-05-17 17:31 - 2014-02-01 12:27 - 00000000 ___DO () C:\Users\franc_000\SkyDrive
2015-05-17 17:28 - 2013-11-14 03:28 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-17 17:27 - 2014-07-14 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-17 17:22 - 2014-02-01 12:07 - 00000000 ____D () C:\Users\franc_000
2015-05-17 17:21 - 2014-02-01 12:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-17 17:21 - 2013-11-14 03:20 - 00039566 _____ () C:\WINDOWS\PFRO.log
2015-05-17 17:21 - 2013-08-22 10:46 - 00373451 _____ () C:\WINDOWS\setupact.log
2015-05-17 17:21 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-17 09:46 - 2013-12-05 20:31 - 00000000 ____D () C:\Users\franc_000\Downloads\Microsoft.Visio.Professional.2013.x86-iNDiSO
2015-05-16 12:59 - 2013-10-06 09:14 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-05-16 12:58 - 2013-10-19 10:49 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-16 12:48 - 2013-05-11 14:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-05-16 12:48 - 2013-05-11 14:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-16 12:44 - 2013-05-11 14:43 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-16 12:43 - 2014-02-10 21:06 - 00000000 ____D () C:\Program Files (x86)\AmUStor
2015-05-16 10:19 - 2015-04-03 14:15 - 00000000 __HDC () C:\ProgramData\~0
2015-05-16 10:19 - 2014-11-25 22:37 - 00000000 ____D () C:\Users\franc_000\AppData\Local\ArcadeYum
2015-05-16 10:19 - 2014-08-23 03:52 - 00000000 ____D () C:\ProgramData\less2pay
2015-05-16 10:19 - 2014-08-09 13:59 - 00000000 ____D () C:\ProgramData\FFlexiibleShoppeer
2015-05-16 10:19 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-16 10:12 - 2013-10-06 10:19 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 10:12 - 2013-10-06 10:19 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 10:08 - 2013-10-06 10:19 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-16 09:56 - 2014-07-14 05:50 - 00000000 ____D () C:\ProgramData\771826198174e318
2015-05-16 09:21 - 2013-10-06 10:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-16 08:30 - 2014-07-14 05:50 - 00000000 ____D () C:\Program Files (x86)\SupTab
2015-05-15 20:55 - 2013-10-10 20:01 - 00002254 ____H () C:\Users\franc_000\Documents\Default.rdp
2015-05-15 19:21 - 2014-03-03 20:56 - 00003188 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForfranc_000
2015-05-15 19:21 - 2014-03-03 20:56 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForfranc_000.job
2015-05-15 05:35 - 2014-01-09 20:16 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-05-11 19:21 - 2013-10-07 19:40 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-05-11 14:22 - 2014-08-25 20:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-10 05:39 - 2014-11-03 07:21 - 00000000 ____D () C:\Users\franc_000\Desktop\École
2015-04-26 19:32 - 2015-03-21 09:20 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
 
==================== Files in the root of some directories =======
 
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\franc_000\AppData\Roaming\jmgbWNXsJ2k
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\franc_000\AppData\Roaming\jmgbWNXsJ2k.exe
2013-12-28 20:28 - 2014-05-09 08:18 - 0004608 _____ () C:\Users\franc_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 12:49 - 2015-05-16 12:49 - 0613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsa9398.tmp
2015-05-16 12:40 - 2015-05-16 12:40 - 0613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsgB439.tmp
2015-05-18 17:51 - 2015-05-18 17:51 - 0613255 _____ (CMI Limited) C:\Users\franc_000\AppData\Local\nsk6528.tmp
2014-07-14 19:23 - 2014-07-14 19:39 - 0000003 _____ () C:\Users\franc_000\AppData\Local\proxy.log
 
Some content of TEMP:
====================
C:\Users\franc_000\AppData\Local\Temp\Extract.exe
C:\Users\franc_000\AppData\Local\Temp\jue1BB2.exe
C:\Users\franc_000\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-17 17:36
 
==================== End Of Log ============================
 
 
 
 


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 19 May 2015 - 03:18 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The Addition.txt is missing. Please re-run FRST and post the log.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 22 May 2015 - 02:50 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:30 AM

Posted 24 May 2015 - 05:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users