Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaning computer with Trojans, Root, Worms, Malware, and Adware


  • This topic is locked This topic is locked
2 replies to this topic

#1 merb2

merb2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 10 June 2015 - 03:18 PM

Fixing a computer for a friend.  Had been running some scans but I'm not sure if everything is gone.  I used Hijackthis to check if the problem was fixed and it directed me to here to use Farbar and put the log in.  All help is appreciated.  I think i got most of the stuff off of the computer, but it is hard to tell because I'm not exactly an expert.

I have ran Kaspersky TDSSKiller, Spybot Search and Destory, Clamwin, Malwarebytes, and Windows Malicious Software Removal Tool.  I'm sorry, I've never done this before so  I didn't think to copy the exact name of all the trojans and malware and everything.

Prior to that I believe Adaware, regpair, and Hitman were used (the owner ran those). 

I started working on this laptop not too long ago and Search and Destroy came up with malware and Clamwin came up with multiple trojans, a worm, a root, and some adware.  The computer was super slow (like load homepage on browser in 30 seconds).  This is a nice gaming laptop that is relatively new so 30 seconds is kind of extreme. Thank you again. =]

FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Sarah (administrator) on SARAHSLAPPY on 10-06-2015 16:00:31
Running from C:\Users\Sarah\Downloads
Loaded Profiles: UpdatusUser & Sarah (Available Profiles: UpdatusUser & Sarah)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Sarah\AppData\Roaming\pushbullet\pushbullet_105\pushbullet_app.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(PortableApps.com) F:\Useful Apps\Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(PortableApps.com) F:\Useful Apps\Apps\PortableApps\HijackThisPortable\HijackThisPortable.exe
(Trend Micro Inc.) F:\Useful Apps\Apps\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4261237529-152683450-2376084549-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\...\Run: [Pushbullet] => C:\Program Files (x86)\Pushbullet\pushbullet_app.exe [822320 2014-10-03] ()
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1371456 2015-04-30] (Lavasoft)
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\...\Run: [Spybot-S&D Cleaning] => F:\Useful Apps\Apps\PortableApps\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\...\MountPoints2: {1b16d1c8-9a2c-11e3-be82-6036dd968cbd} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\...\MountPoints2: {1b16d1d2-9a2c-11e3-be82-6036dd968cbd} - "D:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4261237529-152683450-2376084549-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-12-10] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-10] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-07-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Classic Start Menu Settings.lnk [2013-11-22]
ShortcutTarget: Classic Start Menu Settings.lnk -> C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4261237529-152683450-2376084549-1002] =>
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4261237529-152683450-2376084549-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4261237529-152683450-2376084549-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4261237529-152683450-2376084549-1002 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_digitalrivercomparativelp_150523&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4261237529-152683450-2376084549-1002 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_digitalrivercomparativelp_150523&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [347976 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [347976 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [347976 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [347976 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [347976 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [429392 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [429392 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [429392 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [429392 2015-05-22] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [429392 2015-05-22] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\6uw80cvk.default-1404694202652
FF DefaultSearchEngine: Ad-Aware SecureSearch
FF DefaultSearchEngine.US: Google Default
FF SelectedSearchEngine: Ad-Aware SecureSearch
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-07-07] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\6uw80cvk.default-1404694202652\searchplugins\google-default.xml [2015-05-23]
FF Extension: Pushbullet - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\6uw80cvk.default-1404694202652\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2014-10-14]
FF Extension: Adblock Plus - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\6uw80cvk.default-1404694202652\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-09]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-20]
CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-20]
CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-20]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-20]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [2748720 2015-04-30] (Lavasoft Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-04-30] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-09] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-10] (NVIDIA Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 16:00 - 2015-06-10 16:01 - 00023122 _____ C:\Users\Sarah\Downloads\FRST.txt
2015-06-10 16:00 - 2015-06-10 16:00 - 00000000 ____D C:\FRST
2015-06-10 15:59 - 2015-06-10 15:59 - 02108928 _____ (Farbar) C:\Users\Sarah\Downloads\FRST64.exe
2015-06-09 21:12 - 2015-06-09 21:13 - 52822240 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\Windows-KB890830-x64-V5.25.exe
2015-06-09 19:29 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-09 19:29 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-09 19:29 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-09 19:29 - 2015-04-08 18:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-09 19:29 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-09 19:29 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-09 12:47 - 2015-06-09 12:47 - 00817072 _____ (Webroot) C:\Users\Sarah\Downloads\wsainstall.exe
2015-06-09 12:47 - 2015-06-09 12:47 - 00000000 ____D C:\ProgramData\WRData
2015-06-06 21:39 - 2015-06-06 21:39 - 00000000 ____D C:\Users\Sarah\AppData\Local\GWX
2015-06-03 22:08 - 2015-06-09 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-24 00:56 - 2015-05-24 00:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-05-24 00:56 - 2015-05-24 00:56 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2015-05-24 00:55 - 2015-05-24 00:55 - 07878008 _____ (Microsoft Corporation) C:\Users\Sarah\Downloads\Xbox360_64Eng.exe
2015-05-23 12:01 - 2015-05-23 12:04 - 686050798 _____ C:\Users\Sarah\Downloads\SkyDragon.zip
2015-05-23 11:58 - 2015-05-23 11:58 - 00000005 _____ C:\WINDOWS\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2015-05-23 11:43 - 2015-05-23 11:43 - 00000256 _____ C:\Users\Sarah\Downloads\Unlock_code.bin
2015-05-23 11:35 - 2015-05-23 11:59 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\HTC
2015-05-23 11:35 - 2015-05-23 11:35 - 00000000 ____D C:\Users\Sarah\Documents\HTC
2015-05-23 11:34 - 2015-05-23 11:34 - 00000000 ____D C:\Users\Sarah\AppData\Local\Downloaded Installations
2015-05-23 11:32 - 2015-05-23 11:59 - 00000000 ____D C:\ProgramData\HTC
2015-05-23 11:32 - 2015-05-23 11:32 - 00000000 ____D C:\Temp
2015-05-23 11:10 - 2015-05-23 11:59 - 00000000 ____D C:\Program Files (x86)\HTC
2015-05-23 11:10 - 2015-05-23 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-05-23 11:10 - 2015-05-23 11:10 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2015-05-23 11:08 - 2015-05-23 11:08 - 17891984 _____ (HTC Corporation ) C:\Users\Sarah\Downloads\HTC_Driver_4.16.0.001.exe
2015-05-23 04:59 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-23 04:59 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-23 04:59 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-23 04:59 - 2015-03-17 13:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-23 04:59 - 2015-03-08 22:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-23 04:59 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-23 04:59 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-23 04:59 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-23 04:59 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-23 04:58 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-23 04:58 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-23 04:58 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-23 04:58 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-23 04:58 - 2015-03-13 00:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-23 04:58 - 2015-03-13 00:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-23 04:58 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-23 04:58 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-23 04:58 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-23 04:58 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-23 04:58 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-23 04:58 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-23 04:58 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-23 04:58 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-23 04:57 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-23 04:57 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-23 04:57 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-22 23:19 - 2015-05-22 23:17 - 00514560 _____ C:\Users\Sarah\Desktop\Launcher.exe
2015-05-22 23:10 - 2015-05-22 23:16 - 00000000 ____D C:\Users\Sarah\Downloads\FIFA 15 final crack [working] by 3DM
2015-05-22 23:04 - 2015-05-22 23:04 - 51651978 _____ C:\Users\Sarah\Downloads\Tribler_6.4.3.exe
2015-05-22 22:49 - 2015-05-22 23:20 - 00000803 _____ C:\Users\Public\Desktop\FIFA 15.lnk
2015-05-22 22:49 - 2015-05-22 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2015-05-22 22:47 - 2015-05-22 23:22 - 00000000 ____D C:\Users\Sarah\Documents\FIFA 15
2015-05-22 22:38 - 2015-05-22 22:38 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\LavasoftStatistics
2015-05-22 22:38 - 2015-05-22 22:38 - 00000000 ____D C:\Users\Sarah\AppData\Local\Lavasoft
2015-05-22 22:37 - 2015-05-25 14:19 - 00002976 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-22 22:37 - 2015-05-25 14:19 - 00002976 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-05-22 22:37 - 2015-05-22 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-22 22:37 - 2015-05-22 22:37 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-05-22 22:37 - 2015-04-30 10:50 - 00429392 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-05-22 22:37 - 2015-04-30 10:50 - 00347976 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-05-22 22:36 - 2015-05-22 22:37 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Lavasoft
2015-05-22 22:36 - 2015-05-22 22:37 - 00000000 ____D C:\ProgramData\Lavasoft
2015-05-22 22:36 - 2015-05-22 22:36 - 02057008 _____ C:\Users\Sarah\Downloads\Adaware_Installer.exe
2015-05-22 22:36 - 2015-05-22 22:36 - 00000000 ____D C:\Program Files\Lavasoft
2015-05-22 22:36 - 2015-05-22 22:36 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-05-22 22:34 - 2015-05-22 22:34 - 05154304 _____ C:\Users\Sarah\Downloads\WindowsDefender.msi
2015-05-22 22:20 - 2015-05-22 22:20 - 01285128 _____ (Developer Tribe (Pvt) Ltd. ) C:\Users\Sarah\Downloads\setup_rr.exe
2015-05-22 22:18 - 2015-05-22 22:18 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-05-22 21:44 - 2015-06-09 12:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-22 21:44 - 2015-05-22 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-22 21:44 - 2015-05-22 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-05-22 21:44 - 2015-05-22 21:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-22 21:44 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-22 21:44 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-22 21:44 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-22 21:43 - 2015-05-22 21:46 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2015-05-22 21:43 - 2015-05-22 21:43 - 00001045 _____ C:\Users\UpdatusUser\Desktop\Free Window Registry Repair.lnk
2015-05-22 21:43 - 2015-05-22 21:43 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-05-22 21:43 - 2015-05-22 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-05-22 21:42 - 2015-05-22 21:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.1.6.1022(1).exe
2015-05-22 21:42 - 2015-05-22 21:42 - 00805196 _____ C:\Users\Sarah\Downloads\RegpairSetup.exe
2015-05-22 21:42 - 2015-05-22 21:42 - 00805196 _____ C:\Users\Sarah\Downloads\RegpairSetup(1).exe
2015-05-22 21:41 - 2015-05-22 21:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-22 21:38 - 2015-05-22 21:43 - 00000000 ____D C:\ProgramData\HitmanPro
2015-05-22 21:37 - 2015-05-22 21:38 - 11024496 _____ (SurfRight B.V.) C:\Users\Sarah\Downloads\HitmanProBeta_x64.exe
2015-05-22 21:10 - 2015-05-22 21:10 - 00000000 ____D C:\Users\Sarah\Desktop\FIFA_15
2015-05-16 17:00 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 17:00 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-16 16:26 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-16 16:26 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-16 16:26 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-16 16:26 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-16 16:26 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-16 16:26 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-16 16:26 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-16 16:26 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-16 16:26 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-16 16:26 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-16 16:26 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-16 16:25 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-16 16:25 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-16 16:25 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-16 16:25 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-16 16:25 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-16 16:25 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-16 16:25 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-16 16:25 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-16 16:25 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-16 16:25 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-16 16:25 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-16 16:25 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-16 16:25 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-16 16:25 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-16 16:25 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-16 16:25 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-16 16:25 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-16 16:25 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-16 16:25 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-16 16:25 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-16 16:25 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-16 16:25 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-16 16:25 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-16 16:25 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-16 16:25 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-16 16:25 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-16 16:25 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-16 16:25 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-16 16:25 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-16 16:25 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-16 16:25 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-16 16:25 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-16 16:25 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-16 16:25 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-16 16:25 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-16 16:25 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-16 16:25 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-16 16:25 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-16 16:25 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-10 16:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-10 15:58 - 2013-11-22 23:57 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\ClassicShell
2015-06-10 15:32 - 2015-01-30 20:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-10 15:16 - 2013-11-23 03:01 - 01459411 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-10 13:34 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-10 13:10 - 2014-10-14 21:12 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\pushbullet
2015-06-10 13:09 - 2013-11-21 22:30 - 00000522 _____ C:\Users\Sarah\AppData\Roaming\sp_data.sys
2015-06-10 13:01 - 2013-11-23 03:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-10 13:01 - 2013-09-29 23:55 - 00072326 _____ C:\WINDOWS\PFRO.log
2015-06-10 13:01 - 2013-08-22 10:46 - 00388139 _____ C:\WINDOWS\setupact.log
2015-06-10 13:01 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-09 19:57 - 2013-11-23 00:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-09 19:22 - 2013-11-23 03:30 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{343620B3-913C-4F1E-9CB8-B38BFEC3B8F7}
2015-06-09 12:41 - 2013-09-30 00:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-09 12:35 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\InputMethod
2015-06-09 12:35 - 2013-08-22 10:44 - 00496192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-09 12:35 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-09 12:02 - 2015-01-30 20:30 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-09 12:02 - 2013-11-24 00:22 - 00000000 ____D C:\Users\Sarah\AppData\Local\Adobe
2015-06-09 11:55 - 2013-11-21 22:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-09 11:36 - 2014-08-19 20:41 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 19:58 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-07 15:18 - 2013-11-21 22:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4261237529-152683450-2376084549-1002
2015-06-03 12:18 - 2015-04-26 11:20 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2015-04-26 11:20 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-29 18:59 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-05-27 00:04 - 2013-11-23 00:39 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-26 20:34 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-05-25 13:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-05-25 13:49 - 2015-04-05 03:08 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-25 13:49 - 2015-04-05 03:08 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-24 00:56 - 2012-11-23 11:08 - 00076880 _____ C:\WINDOWS\DirectX.log
2015-05-23 12:10 - 2014-03-30 14:35 - 00000000 ____D C:\Users\Sarah\.android
2015-05-23 11:35 - 2014-09-04 21:28 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\Apple Computer
2015-05-23 11:35 - 2014-09-04 21:28 - 00000000 ____D C:\Users\Sarah\AppData\Local\Apple Computer
2015-05-23 11:33 - 2014-04-11 18:16 - 00000000 ____D C:\Users\Sarah\AppData\Roaming\uTorrent
2015-05-23 11:10 - 2012-12-25 12:39 - 00028244 _____ C:\WINDOWS\DPINST.LOG
2015-05-22 23:20 - 2014-02-20 21:45 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-05-22 22:51 - 2014-02-20 21:45 - 00000000 ____D C:\ProgramData\Origin
2015-05-22 22:48 - 2013-11-21 23:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-22 22:19 - 2012-11-23 11:09 - 00001392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-05-22 22:19 - 2012-11-23 11:09 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-05-22 22:03 - 2015-03-16 16:47 - 00000000 ____D C:\Program Files (x86)\dowanloaditkeepi
2015-05-22 22:03 - 2015-01-06 17:03 - 00000000 ____D C:\ProgramData\PriceDoWNNlOadier
2015-05-22 22:03 - 2014-08-02 21:54 - 00000000 ____D C:\ProgramData\SmmArtCoMpArie
2015-05-22 21:31 - 2014-06-30 23:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 16:55 - 2013-09-29 23:51 - 00000000 ____D C:\Program Files\Windows Journal

==================== Files in the root of some directories =======

2015-05-09 19:19 - 2015-05-09 19:19 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-02-08 17:16 - 2015-02-08 17:16 - 0000004 _____ () C:\Users\Sarah\AppData\Roaming\appdataFr2.bin
2015-02-12 19:29 - 2015-02-12 19:30 - 0000020 _____ () C:\Users\Sarah\AppData\Roaming\appdataFr3.bin
2015-01-02 17:33 - 2015-01-02 17:33 - 0000021 _____ () C:\Users\Sarah\AppData\Roaming\my_intel.sys
2013-11-21 22:30 - 2015-06-10 13:09 - 0000522 _____ () C:\Users\Sarah\AppData\Roaming\sp_data.sys
2014-08-02 17:37 - 2015-02-17 11:37 - 0000101 _____ () C:\Users\Sarah\AppData\Roaming\WB.CFG
2012-11-23 11:07 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS


Some files in TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\09db3cdf-6a03-4bf8-9e4e-de6b05b198f5.exe
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Sarah\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sarah\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Sarah\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Sarah\AppData\Local\Temp\mssinstaller.exe
C:\Users\Sarah\AppData\Local\Temp\NGMDll.dll
C:\Users\Sarah\AppData\Local\Temp\NGMResource.dll
C:\Users\Sarah\AppData\Local\Temp\optprosetup.exe
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe
C:\Users\Sarah\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Sarah\AppData\Local\Temp\setacl.exe
C:\Users\Sarah\AppData\Local\Temp\unicows.dll
C:\Users\Sarah\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-08 19:48

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 14 June 2015 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File not found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4261237529-152683450-2376084549-1002] =>
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-4261237529-152683450-2376084549-1002 -> DefaultScope {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_digitalrivercomparativelp_150523&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4261237529-152683450-2376084549-1002 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = http://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10140_digitalrivercomparativelp_150523&q={searchTerms}
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,531 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 19 June 2015 - 08:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users