Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Facebook.MSIL//explorer.exe crash//credui.dll missing//potential rootkit?


  • This topic is locked This topic is locked
27 replies to this topic

#1 Altruism

Altruism

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 June 2015 - 12:37 PM

I am posting this in response to an event that just happened about an hour ago on my computer; Unfortunately it is not unusal for my computer to have occasional hiccups (bluescreens once in a while, unsure as to the cause, last one was prompted by trying to play a video file while also loading up a game) but this time around it was more serious..


Fresh Hijack this log: Attached File  hijackthis6.11.15.txt   9.17KB   1 downloads
Addition.txt log: Attached File  Addition.txt   50.02KB   2 downloads
Summary of what happened:

{

When attempting to launch Chrome: "The program can't start because credui.dll is missing from your computer. Try reinstalling the program to fix this problem."

This happened right before the computer threw a bunch of 0x0000000## (registry?) errors and messages stating "so-and-so program couldn't start because so-and-so file is missing" etc. etc.

After this occurred, explorer.exe crashed and I was not able to start task manager via Ctrl+Shift+Esc; said that a file (unfortunately, I didn't catch which) was missing from my system32 folder.

AT THE SAME TIME THAT ALL THIS WAS HAPPENING, MalwareBytes kept blocking Trojan.Facebook.MSIL; still caught and sitting in my malwarebytes quarantine vault and not processed/deleted yet..--> C:\Windows\System32\tquery.dll ; C:\Windows\System32\CRYPTBASE.dll ; C:\Windows\System32\taskhost.exe ; ALSO something that ends in: ...fa396087175ac9ac\comctl32.dll

I just noticed this, but Microsoft Security Essentials just caught a HackTool:Win32/KeyGen (At the current moment I am running in safe mode with networking, and probably will continue to do so until my infection is cleared up.. Please advise on this!)
}


Please and thank you for your help! I don't know what I would end up doing without you all, barring a full reinstall of windows :). You are all AWESOME!

Let me know if there is ANYTHING else I can do.. Thanks again!



FRST.txt Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by ZO Gaming (administrator) on THEBLACKBBOX on 11-06-2015 12:16:35
Running from C:\Users\ZO Gaming\Desktop
Loaded Profiles: ZO Gaming (Available Profiles: ZO Gaming & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Trend Micro Inc.) C:\Users\ZO Gaming\Downloads\HijackThis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [Google Update] => C:\Users\ZO Gaming\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-29] (Google Inc.)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [Spotify Web Helper] => C:\Users\ZO Gaming\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2021944 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [Spotify] => C:\Users\ZO Gaming\AppData\Roaming\Spotify\Spotify.exe [7323192 2015-05-30] (Spotify Ltd)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\MountPoints2: {27eddc6c-945d-11e3-abd1-002522f93b73} - F:\HTC_Sync_Manager_PC.exe
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL => C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [250504 2013-02-09] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1943862705-960094055-2634794358-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> DefaultScope {6574640B-7D5B-4412-A143-CD91D538E882} URL =
SearchScopes: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> {6574640B-7D5B-4412-A143-CD91D538E882} URL =
SearchScopes: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> {78E9E970-F441-4684-B957-C7AD607D5D52} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> {AE3DE4B9-A6B9-4230-8B46-666335466736} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-02-09] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1943862705-960094055-2634794358-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ZO Gaming\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1943862705-960094055-2634794358-1000: @talk.google.com/O1DPlugin -> C:\Users\ZO Gaming\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1943862705-960094055-2634794358-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ZO Gaming\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-1943862705-960094055-2634794358-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ZO Gaming\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin HKU\S-1-5-21-1943862705-960094055-2634794358-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ZO Gaming\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-05-11] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\user.js [2013-07-13]
FF user.js: detected! => C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ee2ihiw5.default-1372299540671\user.js [2013-07-13]
FF Plugin ProgramFiles/Appdata: C:\Users\ZO Gaming\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ZO Gaming\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\searchplugins\BrowserDefender.xml [2013-07-13]
FF Extension: Firebug - C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-01]
FF Extension: Reddit Enhancement Suite - C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-02-19]
FF Extension: Buffer - C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\Extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi [2013-01-18]
FF Extension: Adblock Plus - C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-03]

Chrome:
=======
CHR Profile: C:\Users\ZO Gaming\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dropbox for Gmail (Beta)) - C:\Users\ZO Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-27]
CHR Extension: (Kindle Cloud Reader) - C:\Users\ZO Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-06-06]
CHR Extension: (Google Wallet) - C:\Users\ZO Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
S2 HomeGuard AMC; C:\Program Files\HomeGuard_x64\vglset.exe [1152512 2013-05-25] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2015-02-12] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-15] (DT Soft Ltd)
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-04-08] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-04-08] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31400 2014-04-08] (Razer Inc)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 ALSysIO; \??\C:\Users\ZOGAMI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 12:16 - 2015-06-11 12:16 - 00020104 _____ C:\Users\ZO Gaming\Desktop\FRST.txt
2015-06-11 12:16 - 2015-06-11 12:16 - 00000000 ____D C:\FRST
2015-06-11 12:14 - 2015-06-11 12:14 - 05628161 _____ (Swearware) C:\Users\ZO Gaming\Desktop\ComboFix.exe
2015-06-11 12:13 - 2015-06-11 12:13 - 02108928 _____ (Farbar) C:\Users\ZO Gaming\Desktop\FRST64.exe
2015-06-11 12:08 - 2015-06-11 12:08 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\ZO Gaming\Downloads\cbSetup.exe
2015-06-11 12:04 - 2015-06-11 12:04 - 00010507 _____ C:\Users\ZO Gaming\Downloads\hijackthis.log
2015-06-11 12:03 - 2015-06-11 12:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\ZO Gaming\Downloads\HijackThis.exe
2015-06-10 20:48 - 2015-06-10 20:48 - 117560485 _____ C:\Users\ZO Gaming\Desktop\testBuild.apk
2015-06-10 10:12 - 2015-06-10 10:12 - 06560026 _____ C:\Users\ZO Gaming\Downloads\gloob hammer test.mov
2015-06-09 22:49 - 2015-06-09 22:49 - 00000000 _____ C:\Users\ZO Gaming\Downloads\download
2015-06-09 19:59 - 2015-06-09 19:59 - 00295696 _____ C:\Windows\Minidump\060915-41855-01.dmp
2015-06-09 19:58 - 2015-06-11 02:00 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task efe51c80-9818-4c29-853f-4efdf84cb395.job
2015-06-09 19:58 - 2015-06-09 19:58 - 00003608 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task efe51c80-9818-4c29-853f-4efdf84cb395
2015-06-09 18:43 - 2015-06-09 19:59 - 00000000 ____D C:\SUPERDelete
2015-06-06 22:57 - 2015-06-06 22:57 - 01089752 _____ (Unity Technologies ApS) C:\Users\ZO Gaming\Downloads\UnityWebPlayer.exe
2015-06-03 18:19 - 2015-06-03 18:19 - 05675101 _____ C:\Users\ZO Gaming\Downloads\Cartoon FX Pack 4.unitypackage
2015-06-03 16:07 - 2015-06-03 16:07 - 00000627 _____ C:\Users\Public\Desktop\Unity 5.0.2f1 (64-bit).lnk
2015-06-03 16:07 - 2015-06-03 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.0.2f1 (64-bit)
2015-06-03 15:52 - 2015-06-03 15:52 - 00653952 _____ C:\Users\ZO Gaming\Downloads\UnityDownloadAssistant-5.0.2f1.exe
2015-06-03 11:36 - 2015-06-03 21:31 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\TortoiseSVN
2015-05-31 18:31 - 2015-05-31 18:31 - 00342096 _____ C:\Users\ZO Gaming\Downloads\FizzyIdleTest (1).fbx
2015-05-30 20:25 - 2015-05-30 20:25 - 00324639 _____ C:\Users\Apps\local-files-desktop.spa
2015-05-29 11:58 - 2015-05-29 11:58 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-05-29 11:58 - 2015-05-29 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-27 20:16 - 2015-05-27 20:16 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\TortoiseSVN
2015-05-27 19:36 - 2015-05-27 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2015-05-27 19:36 - 2015-05-27 19:36 - 00000000 ____D C:\Program Files\TortoiseSVN
2015-05-27 19:36 - 2015-05-27 19:36 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2015-05-27 19:27 - 2015-05-27 19:27 - 19603456 _____ C:\Users\ZO Gaming\Downloads\TortoiseSVN-1.8.11.26392-x64-svn-1.8.13.msi
2015-05-27 18:54 - 2015-05-27 18:54 - 00342096 _____ C:\Users\ZO Gaming\Downloads\FizzyIdleTest.fbx
2015-05-26 19:32 - 2015-05-26 19:32 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\openvr
2015-05-26 18:49 - 2015-05-26 18:49 - 00000219 _____ C:\Users\ZO Gaming\Desktop\Team Fortress 2.url
2015-05-26 18:48 - 2015-05-26 18:48 - 00000221 _____ C:\Users\ZO Gaming\Desktop\Sniper Elite V2.url
2015-05-26 18:47 - 2015-05-26 18:49 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-26 18:47 - 2015-05-26 18:47 - 00000221 _____ C:\Users\ZO Gaming\Desktop\Amnesia The Dark Descent.url
2015-05-26 18:47 - 2015-05-26 18:47 - 00000219 _____ C:\Users\ZO Gaming\Desktop\Left 4 Dead 2.url
2015-05-26 17:10 - 2015-05-30 20:25 - 00145701 _____ C:\Users\Apps\hub.spa

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 12:06 - 2009-07-14 01:13 - 00787060 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-11 12:01 - 2014-05-29 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-11 11:55 - 2015-02-07 19:57 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\TSVNCache
2015-06-11 11:55 - 2014-12-06 18:15 - 00000000 ____D C:\Program Files (x86)\LSI
2015-06-11 11:55 - 2014-11-11 13:04 - 06056834 _____ C:\Windows\setupact.log
2015-06-11 11:55 - 2013-06-30 17:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 11:55 - 2012-08-29 14:38 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\Spotify
2015-06-11 11:55 - 2012-08-27 16:13 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-11 11:55 - 2012-08-27 14:09 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-11 11:55 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-11 11:00 - 2012-10-31 21:14 - 01058110 _____ C:\Windows\WindowsUpdate.log
2015-06-11 10:39 - 2012-08-26 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-11 10:33 - 2013-12-29 07:15 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1943862705-960094055-2634794358-1000UA.job
2015-06-11 10:11 - 2013-06-30 17:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 09:49 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-11 09:49 - 2009-07-14 00:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-11 09:42 - 2014-12-06 18:16 - 00003250 _____ C:\Windows\System32\Tasks\Run LSI
2015-06-11 09:42 - 2012-08-29 14:35 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\Spotify
2015-06-11 02:00 - 2012-08-27 14:03 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\Adobe
2015-06-10 21:56 - 2012-08-28 22:29 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\Skype
2015-06-10 19:33 - 2013-12-29 07:15 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1943862705-960094055-2634794358-1000Core.job
2015-06-10 19:26 - 2014-06-10 19:14 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\Battle.net
2015-06-10 18:53 - 2012-12-05 12:10 - 00000000 ____D C:\ProgramData\Unity
2015-06-10 15:40 - 2015-02-10 16:58 - 00000518 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task cf8631e1-b92a-4187-9ec2-56d8002a3298.job
2015-06-10 03:13 - 2013-06-30 17:29 - 00002213 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 00:39 - 2012-08-26 20:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 00:39 - 2012-08-26 20:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 00:39 - 2012-08-26 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-09 19:59 - 2014-09-25 13:05 - 00000000 ____D C:\Windows\Minidump
2015-06-09 19:59 - 2014-06-09 12:38 - 00075382 _____ C:\Windows\PFRO.log
2015-06-09 18:52 - 2013-06-15 13:59 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2015-06-09 18:44 - 2013-09-19 10:51 - 00000000 ____D C:\Program Files\HomeGuard_x64
2015-06-06 19:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-04 00:25 - 2012-12-05 12:09 - 00000000 ____D C:\Users\ZO Gaming\AppData\Local\Unity
2015-06-02 12:08 - 2014-07-09 13:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-01 17:42 - 2014-06-10 19:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-01 17:41 - 2012-08-28 22:29 - 00000000 ____D C:\ProgramData\Skype
2015-06-01 15:12 - 2012-11-06 00:24 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\vlc
2015-05-30 20:25 - 2015-04-24 10:33 - 41287224 _____ C:\Users\libcef.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 10457856 _____ C:\Users\icudtl.dat
2015-05-30 20:25 - 2015-04-24 10:33 - 07323192 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-05-30 20:25 - 2015-04-24 10:33 - 04253463 _____ C:\Users\devtools_resources.pak
2015-05-30 20:25 - 2015-04-24 10:33 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 02314260 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 02157552 _____ C:\Users\Apps\glue-resources.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 02021944 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-05-30 20:25 - 2015-04-24 10:33 - 02018406 _____ C:\Users\cef.pak
2015-05-30 20:25 - 2015-04-24 10:33 - 01488440 _____ C:\Users\libGLESv2.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 00968248 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 00828468 _____ C:\Users\Apps\zlink.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00777272 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-05-30 20:25 - 2015-04-24 10:33 - 00713882 _____ C:\Users\Apps\browse.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00598403 _____ C:\Users\cef_200_percent.pak
2015-05-30 20:25 - 2015-04-24 10:33 - 00532827 _____ C:\Users\Apps\notification-center.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00523578 _____ C:\Users\Apps\collection.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00505562 _____ C:\Users\Apps\genre.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00502734 _____ C:\Users\Apps\collection-artist.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00489222 _____ C:\Users\Apps\discover.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00463102 _____ C:\Users\Apps\collection-album.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00444515 _____ C:\Users\cef_100_percent.pak
2015-05-30 20:25 - 2015-04-24 10:33 - 00436638 _____ C:\Users\Apps\article.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00419994 _____ C:\Users\Apps\messages.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00408845 _____ C:\Users\Apps\album.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00385462 _____ C:\Users\Apps\social-feed.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00363379 _____ C:\Users\Apps\collection-songs.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00361920 _____ C:\Users\Apps\charts.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00357199 _____ C:\Users\Apps\artist.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00345753 _____ C:\Users\Apps\social-chart.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00344387 _____ C:\Users\Apps\buddy-list.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00331084 _____ C:\Users\Apps\playlist-desktop.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00299819 _____ C:\Users\Apps\radio.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00285287 _____ C:\Users\Apps\folder.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00251227 _____ C:\Users\Apps\profile.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00246374 _____ C:\Users\Apps\share.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00233679 _____ C:\Users\Apps\chart.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00209721 _____ C:\Users\Apps\findfriends.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00191376 _____ C:\Users\Apps\search.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00178608 _____ C:\Users\Apps\settings.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00177470 _____ C:\Users\Apps\suggest.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00162516 _____ C:\Users\Apps\zlink-queue.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00158229 _____ C:\Users\Apps\follow.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00124472 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-05-30 20:25 - 2015-04-24 10:33 - 00112424 _____ C:\Users\Apps\zlogin.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00086386 _____ C:\Users\Apps\about.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00079928 _____ C:\Users\libEGL.dll
2015-05-30 20:25 - 2015-04-24 10:33 - 00073272 _____ C:\Users\wow_helper.exe
2015-05-30 20:25 - 2015-04-24 10:33 - 00053462 _____ C:\Users\Apps\ad.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00040253 _____ C:\Users\Apps\licenses.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00038320 _____ C:\Users\Apps\error.spa
2015-05-30 20:25 - 2015-04-24 10:33 - 00013506 _____ C:\Users\locales\en-US.pak
2015-05-30 20:25 - 2015-04-24 10:33 - 00007047 _____ C:\Users\locales\el.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006945 _____ C:\Users\locales\ru.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006203 _____ C:\Users\locales\ja.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006086 _____ C:\Users\locales\fr-CA.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006079 _____ C:\Users\locales\hu.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006022 _____ C:\Users\locales\fr.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006007 _____ C:\Users\locales\fi.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00006006 _____ C:\Users\locales\pl.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005947 _____ C:\Users\locales\es-419.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005914 _____ C:\Users\locales\nl.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005872 _____ C:\Users\locales\es.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005868 _____ C:\Users\locales\zsm.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005868 _____ C:\Users\locales\de.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005859 _____ C:\Users\locales\tr.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005859 _____ C:\Users\locales\it.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005858 _____ C:\Users\locales\zh-Hant.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005852 _____ C:\Users\locales\pt-BR.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005808 _____ C:\Users\locales\sv.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005694 _____ C:\Users\locales\arb.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00005623 _____ C:\Users\locales\en.mo
2015-05-30 20:25 - 2015-04-24 10:33 - 00000020 _____ C:\Users\inst_ver.dat
2015-05-30 20:25 - 2015-04-24 10:33 - 00000000 ____D C:\Users\locales
2015-05-30 20:25 - 2015-04-24 10:33 - 00000000 _____ C:\Users\ZO.redir
2015-05-29 11:58 - 2013-01-07 17:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-05-24 20:43 - 2014-06-10 19:15 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-05-24 20:06 - 2013-06-30 17:29 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 20:06 - 2013-06-30 17:29 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 19:28 - 2013-12-29 07:15 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1943862705-960094055-2634794358-1000UA
2015-05-24 19:28 - 2013-12-29 07:15 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1943862705-960094055-2634794358-1000Core
2015-05-24 03:45 - 2012-10-31 21:06 - 00000000 ____D C:\Users\ZO Gaming
2015-05-24 03:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-05-21 22:05 - 2014-08-04 15:53 - 00000000 ____D C:\Users\ZO Gaming\AppData\Roaming\dvdcss
2015-05-17 14:53 - 2014-12-06 14:38 - 00000000 ____D C:\Users\ZO Gaming\Documents\storiesANDpoetry
2015-05-17 14:52 - 2012-09-06 11:29 - 00000000 ____D C:\Users\ZO Gaming\Documents\School
2015-05-17 02:30 - 2012-10-29 21:20 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-17 02:30 - 2012-10-29 21:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-17 02:30 - 2012-10-29 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-17 02:30 - 2012-10-29 21:18 - 00002155 _____ C:\Windows\epplauncher.mif

==================== Files in the root of some directories =======

2014-11-14 21:46 - 2015-03-11 13:40 - 0000132 _____ () C:\Users\ZO Gaming\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-07-13 18:20 - 2013-07-13 18:20 - 0000000 _____ () C:\Users\ZO Gaming\AppData\Roaming\bitlord_log.txt
2012-11-14 16:32 - 2013-02-02 18:35 - 0703117 _____ () C:\Users\ZO Gaming\AppData\Roaming\technic-launcher.jar
2012-11-14 16:32 - 2013-01-10 17:51 - 0582227 _____ () C:\Users\ZO Gaming\AppData\Roaming\technic-launcher.jar.bak
2013-12-04 18:39 - 2013-12-04 18:39 - 0011069 _____ () C:\Users\ZO Gaming\AppData\Local\CleanupUninstall.txt
2015-03-20 18:39 - 2015-03-20 18:39 - 0002403 _____ () C:\Users\ZO Gaming\AppData\Local\recently-used.xbel
2013-05-07 16:45 - 2013-05-07 16:45 - 0000017 _____ () C:\Users\ZO Gaming\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 01:42

==================== End of log ============================


 


Edited by xXToffeeXx, 11 June 2015 - 01:07 PM.
Removed formatting~


BC AdBot (Login to Remove)

 


#2 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 13 June 2015 - 02:20 PM

Is there a "bump" system?

Bump?



#3 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 14 June 2015 - 11:37 AM

Help please :(


Is there anything more I can do to help?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 15 June 2015 - 08:28 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1943862705-960094055-2634794358-1000\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL => C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL File not found
Toolbar: HKU\S-1-5-21-1943862705-960094055-2634794358-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF user.js: detected! => C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\user.js [2013-07-13]
FF user.js: detected! => C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\ee2ihiw5.default-1372299540671\user.js [2013-07-13]
FF SearchPlugin: C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\searchplugins\BrowserDefender.xml [2013-07-13]
S4 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 ALSysIO; \??\C:\Users\ZOGAMI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]
C:\Users\ZO Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\z9jnzzqs.default\searchplugins\BrowserDefender.xml

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

What problem persists with this computer.

#5 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 17 June 2015 - 11:50 AM

Hello Nasdaq!

I apologize about the delayed response, I flew to the West coast and just got back today.

Well, it seems like those pesky adware/search engine things are all gone. Wonderful, thank you!

Now, it seems like the only issues I'm having are with missing start-up files. I'm attaching snips of the error messages that I could find, though i'm not sure if there are more.

Let me know if there is anything more i can do to help you!

Thanks again,

Altruism

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 17 June 2015 - 01:46 PM

Click the Window Icon on the bottom tool bar.

Search for CMD.EXE

When find Right click the file and run it as an Administrator.

Type REGSVR32 credui.dll at the DOS PROMPT.

next

Type REGSVR32 MSVCR100.dll at the DOS PROMPT.


If you get a message indicating a problem please post the extact text.

Type EXIT to get out of the command prompt.



===

MSVCR100.dll is missing.please reinstall
http://answers.microsoft.com/en-us/windows/forum/windows_7-performance/msvcr100dll-is-missingplease-reinstall/67744b65-4a02-4042-b360-59b0e37c6a32

You may need to reinstall the Microsoft Visual C++ library.

Keep me posted.

#7 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 17 June 2015 - 06:12 PM

Still getting the credui.dll issue...

Reinstalled the 2010 and 2013 packages, no change..

What's next?

(thank you for your help!)

Attached Files



#8 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 17 June 2015 - 08:01 PM

Oh! I fixed the one.. my credui.dll is no longer missing. the other one is still broken though. I'm attaching this.. in elevated cmd sfc /scannow

Attached File  CBS.log   2.16MB   2 downloads


Edited by Altruism, 17 June 2015 - 08:01 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 18 June 2015 - 07:56 AM


The CBS.log is very large and hard to read.

From the DOS prompt execute this command.

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Post the sfcdetails.txt file for my review.

===

Let see if you have a good copy of MSVCR100.dll on you computer.

Please run the Farbar Recovery Scan Tool. Enter MSVCR100.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>

#10 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 21 June 2015 - 03:16 PM

here you are! I'm dreadfully sorry about the response time.

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 22 June 2015 - 06:54 AM

Please run the Farbar Recovery Scan Tool. Enter MSVCR100.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

===

Many of the files that are listed and not repaired are from 3rd party software.

Check the availability of newer drivers

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 28 June 2015 - 07:51 AM

Are you still with me?

#13 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 28 June 2015 - 06:24 PM

Oh my goodness, I am literally the worst client of a free help site ever. I apologize profusely about the communication. 

You are wonderful. Please try to overlook my rudeness thus far. I will most definitely have to buy you a drink after all this..


Here is the file. 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:05 AM

Posted 29 June 2015 - 06:55 AM


Lets replace the file in the System32 folder with the latest version.


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:


Replace: C:\Program Files (x86)\Java\jre1.8.0_40\bin\msvcr100.dll C:\Windows\System32\msvcr100.dll

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#15 Altruism

Altruism
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 30 June 2015 - 06:18 PM

No change..
 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by ZO Gaming at 2015-06-30 19:12:53 Run:2
Running from C:\Users\ZO Gaming\Downloads
Loaded Profiles: ZO Gaming (Available Profiles: ZO Gaming & UpdatusUser & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
 
Replace: C:\Program Files
(x86)\Java\jre1.8.0_40\bin\msvcr100.dll C:\Windows\System32\msvcr100.dll
 
End
*****************
 
Processes closed successfully.
"Replace: C:\Program Files" not found
(x86)\Java\jre1.8.0_40\bin\msvcr100.dll C:\Windows\System32\msvcr100.dll => Error: No automatic fix found for this entry.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:12:53 ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users