Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This .exe file keeps reappearing even after I delete it.


  • This topic is locked This topic is locked
18 replies to this topic

#1 Atronax

Atronax

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 14 June 2015 - 12:50 AM

Hi, there is this .exe file in my C:\Users\-------\AppData\Local\Temp folder named Bhop Script.exe. I tried deleting it but after I shut off my PC and turn it back on it reappears.

 

EDIT: Now every time I delete the .exe file it starts to lag my Steam Client, which is a client to play games on. While I'm in game it makes all the controls lag like if I take my finder of the "D" key which is to move right, it still moves right for a second.


Edited by Atronax, 14 June 2015 - 10:06 AM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 09:16 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.


Edited by jntkwx, 15 June 2015 - 09:16 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 11:59 AM

Hello Jason, 

 

Here are the files.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015

Ran by DaBestBear (administrator) on BEAR on 15-06-2015 12:34:59

Running from C:\Users\DaBestBear\Downloads

Loaded Profiles: DaBestBear (Available Profiles: DaBestBear)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\System32\PnkBstrA.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\DaBestBear\AppData\Local\Temp\chrome.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Skillbrains) C:\Users\DaBestBear\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe

(Dxtory Software) C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcchhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saui.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.491.0\McCSPServiceHost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)

HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [LightShot] => C:\Users\DaBestBear\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-17] (Electronic Arts)

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

SearchScopes: HKU\S-1-5-21-3013266560-2021061939-3607471477-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 

SearchScopes: HKU\S-1-5-21-3013266560-2021061939-3607471477-1001 -> {A65E6BEB-FF1C-435F-85AA-43558B6FDDFD} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-17] (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-17] (Oracle Corporation)

BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-31] (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-31] (Oracle Corporation)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-06-04] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-06-04] (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{13F867A1-8A26-4260-AFC2-0BF26A4CA4B4}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4

 

FireFox:

========

FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)

FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-17] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-17] (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-31] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-31] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-25]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

 

Chrome: 

=======

CHR Profile: C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-25]

CHR Extension: (Google Drive) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-25]

CHR Extension: (YouTube) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-25]

CHR Extension: (Adblock Plus) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-17]

CHR Extension: (Google Search) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-25]

CHR Extension: (SiteAdvisor) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-26]

CHR Extension: (Auto HD For YouTube™) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-07-07]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]

CHR Extension: (Google Wallet) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]

CHR Extension: (Gmail) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-25]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-05-23] (altPUG LLC)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)

S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.491.0\McCSPServiceHost.exe [207344 2015-05-28] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-26] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)

R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)

R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)

S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

S3 OSFMount; \??\C:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-15 12:34 - 2015-06-15 12:35 - 00000000 ____D C:\FRST

2015-06-15 12:34 - 2015-06-15 12:34 - 02109952 _____ (Farbar) C:\Users\DaBestBear\Downloads\FRST64.exe

2015-06-15 12:34 - 2015-06-15 12:34 - 00021533 _____ C:\Users\DaBestBear\Downloads\FRST.txt

2015-06-13 23:21 - 2015-06-15 12:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-06-13 23:21 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-06-13 23:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-06-13 23:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-06-13 23:20 - 2015-06-13 23:21 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\DaBestBear\Downloads\mbam-setup-2.1.6.1022.exe

2015-06-13 22:48 - 2015-06-15 12:32 - 00000000 ____D C:\Program Files (x86)\Steam

2015-06-13 22:48 - 2015-06-13 22:48 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk

2015-06-13 22:48 - 2015-06-13 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-06-13 22:47 - 2015-06-13 22:47 - 01142128 _____ C:\Users\DaBestBear\Downloads\SteamSetup.exe

2015-06-13 11:54 - 2015-06-13 11:55 - 00167034 _____ C:\Users\DaBestBear\Downloads\fileassassin-setup-1.06 (2).exe

2015-06-11 22:52 - 2015-06-11 22:52 - 00000000 ____D C:\Users\DaBestBear\AppData\Local\GWX

2015-06-11 21:36 - 2015-06-11 21:36 - 00167034 _____ C:\Users\DaBestBear\Downloads\fileassassin-setup-1.06 (1).exe

2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN

2015-06-11 18:15 - 2015-06-11 18:25 - 139277889 _____ C:\Users\DaBestBear\Desktop\Upload.wmv

2015-06-11 12:45 - 2015-06-11 12:45 - 00167034 _____ C:\Users\DaBestBear\Downloads\fileassassin-setup-1.06.exe

2015-06-11 12:40 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-06-11 12:40 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-06-11 12:40 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-06-11 12:40 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-06-11 12:40 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-06-11 12:40 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-06-11 12:40 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-06-11 12:40 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-06-11 12:40 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-06-11 12:40 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-06-11 12:40 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-06-11 12:40 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-06-11 12:40 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-06-11 12:40 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-06-11 12:40 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-06-11 12:40 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-06-11 12:40 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2015-06-11 12:40 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-06-11 12:40 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-06-11 12:40 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-06-11 12:40 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-06-11 12:40 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-06-11 12:40 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-06-11 12:40 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-06-11 12:40 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-06-11 12:40 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-06-11 12:40 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-06-11 12:40 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-06-11 12:40 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-06-11 12:40 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-06-11 12:40 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-06-11 12:40 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-06-11 12:40 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-06-11 12:40 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-06-11 12:40 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-06-11 12:40 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-06-11 12:40 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-06-11 12:40 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-06-11 12:40 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-06-11 12:40 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-06-11 12:40 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-06-11 12:40 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2015-06-11 12:40 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-06-11 12:40 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2015-06-11 12:40 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll

2015-06-11 12:40 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll

2015-06-11 12:40 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll

2015-06-11 12:40 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll

2015-06-11 12:40 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll

2015-06-11 12:40 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml

2015-06-11 12:40 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll

2015-06-11 12:40 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

2015-06-11 12:40 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2015-06-11 12:40 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2015-06-11 12:40 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2015-06-11 12:40 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2015-06-11 12:40 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2015-06-11 12:40 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2015-06-11 12:40 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2015-06-11 12:40 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2015-06-11 12:40 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2015-06-11 12:40 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2015-06-11 12:40 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2015-06-11 12:40 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2015-06-11 12:40 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2015-06-11 12:40 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll

2015-06-11 12:40 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll

2015-06-11 12:40 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll

2015-06-11 12:40 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2015-06-11 12:40 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll

2015-06-11 12:40 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll

2015-06-11 12:39 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-06-11 12:39 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-06-11 12:39 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-06-11 12:39 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-06-11 12:39 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-05-31 19:35 - 2015-05-31 19:35 - 00002153 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk

2015-05-31 19:34 - 2015-05-28 00:15 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2015-05-31 19:34 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2015-05-31 19:33 - 2015-05-31 19:33 - 00000000 ____D C:\ProgramData\boost_interprocess

2015-05-31 19:33 - 2015-05-28 03:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-05-31 19:33 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2015-05-31 19:33 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-05-31 19:33 - 2015-05-28 03:04 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2015-05-31 19:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys

2015-05-31 17:13 - 2015-06-14 00:05 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Imminent

2015-05-31 17:13 - 2015-05-31 17:13 - 00000000 ____D C:\Windows\System32\Tasks\Update

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-06-15 12:35 - 2014-03-19 15:56 - 00000000 __RDO C:\Users\DaBestBear\SkyDrive

2015-06-15 12:33 - 2014-01-25 15:03 - 01836990 _____ C:\Windows\WindowsUpdate.log

2015-06-15 12:32 - 2014-06-15 10:00 - 00000000 ____D C:\Users\DaBestBear\AppData\Local\Adobe

2015-06-15 12:32 - 2014-01-25 15:20 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-15 12:32 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru

2015-06-14 21:55 - 2013-08-22 10:46 - 00037433 _____ C:\Windows\setupact.log

2015-06-14 21:55 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-14 21:54 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\NVIDIA

2015-06-14 21:24 - 2014-01-27 15:43 - 00000420 _____ C:\Windows\Tasks\update-sys.job

2015-06-14 20:57 - 2014-01-25 15:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3013266560-2021061939-3607471477-1001

2015-06-14 20:55 - 2014-01-25 15:21 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-14 17:40 - 2014-01-26 18:28 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Skype

2015-06-14 00:23 - 2013-09-09 18:08 - 00093562 _____ C:\Windows\PFRO.log

2015-06-13 23:48 - 2014-01-25 15:18 - 00000000 ____D C:\ProgramData\APN

2015-06-13 22:36 - 2014-01-25 15:09 - 00000000 ____D C:\Users\DaBestBear

2015-06-13 22:36 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-06-13 22:16 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness

2015-06-12 21:36 - 2014-01-25 15:17 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\.minecraft

2015-06-12 21:16 - 2014-04-12 15:14 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\TS3Client

2015-06-12 16:52 - 2014-01-25 16:39 - 00000000 ____D C:\ProgramData\Skype

2015-06-11 22:36 - 2013-08-22 10:44 - 05003808 _____ C:\Windows\system32\FNTCACHE.DAT

2015-06-11 22:33 - 2014-12-13 01:04 - 00000000 ____D C:\Windows\system32\appraiser

2015-06-11 22:33 - 2014-07-09 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-06-11 22:33 - 2014-01-27 16:51 - 00000000 ____D C:\Windows\system32\MRT

2015-06-11 22:33 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData

2015-06-11 22:33 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions

2015-06-11 22:33 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp

2015-06-11 22:32 - 2014-01-27 16:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-06-11 14:48 - 2014-09-14 10:02 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\OBS

2015-06-11 12:55 - 2014-01-25 15:21 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-06-11 12:51 - 2014-01-30 21:51 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-06-11 12:25 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM

2015-06-03 12:18 - 2014-08-15 13:45 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-06-03 12:18 - 2014-08-15 13:45 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-05-31 19:42 - 2014-04-19 19:38 - 00000000 ____D C:\ProgramData\Origin

2015-05-31 19:40 - 2014-07-17 18:17 - 00000000 ____D C:\Program Files\WinRAR

2015-05-31 19:35 - 2014-02-08 14:49 - 00000000 ____D C:\temp

2015-05-31 19:35 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2015-05-31 19:35 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-05-31 19:34 - 2014-02-01 02:53 - 00000000 ____D C:\Program Files (x86)\Razer

2015-05-31 19:34 - 2014-01-25 15:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2015-05-31 19:33 - 2014-01-25 15:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2015-05-31 19:29 - 2014-08-10 10:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-05-31 19:29 - 2014-08-10 10:57 - 00000000 ____D C:\Program Files (x86)\Java

2015-05-31 19:29 - 2014-04-12 19:44 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-05-31 19:29 - 2014-04-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-05-31 19:14 - 2014-01-25 15:33 - 00000000 ____D C:\Program Files\Common Files\McAfee

2015-05-31 14:47 - 2014-01-25 15:12 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C80F9965-7A32-4151-956C-303FB29F06DD}

2015-05-29 19:28 - 2014-08-11 12:13 - 00000000 ____D C:\Users\DaBestBear\Documents\Euro Truck Simulator 2

2015-05-28 03:04 - 2014-01-25 15:15 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2015-05-28 03:04 - 2014-01-25 15:15 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-05-28 03:04 - 2014-01-25 15:14 - 00030966 _____ C:\Windows\system32\nvinfo.pb

2015-05-28 00:15 - 2014-01-25 15:15 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-05-28 00:15 - 2014-01-25 15:15 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2015-05-28 00:15 - 2014-01-25 15:15 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2015-05-28 00:15 - 2014-01-25 15:15 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-05-28 00:15 - 2014-01-25 15:15 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-05-27 06:48 - 2014-01-25 15:15 - 04408727 _____ C:\Windows\system32\nvcoproc.bin

2015-05-24 12:32 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache

2015-05-24 12:27 - 2015-04-06 22:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-05-24 12:27 - 2015-04-06 22:03 - 00000000 ___SD C:\Windows\system32\GWX

2015-05-23 16:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports

2015-05-17 15:50 - 2014-01-25 15:21 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-17 15:50 - 2014-01-25 15:21 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== Files in the root of some directories =======

 

2014-04-13 10:51 - 2014-04-13 10:51 - 0015488 _____ () C:\Users\DaBestBear\AppData\Local\CleanupUninstall.txt

2014-01-27 15:43 - 2014-01-27 15:43 - 0000003 _____ () C:\Users\DaBestBear\AppData\Local\updater.log

2014-01-27 15:43 - 2014-08-29 20:31 - 0000446 _____ () C:\Users\DaBestBear\AppData\Local\UserProducts.xml

 

Some files in TEMP:

====================

C:\Users\DaBestBear\AppData\Local\Temp\6_Offer_15.exe

C:\Users\DaBestBear\AppData\Local\Temp\Bhop Script.exe

C:\Users\DaBestBear\AppData\Local\Temp\chrome.exe

C:\Users\DaBestBear\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\DaBestBear\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\DaBestBear\AppData\Local\Temp\nvStereoApiI.dll

C:\Users\DaBestBear\AppData\Local\Temp\nvStInst.exe

C:\Users\DaBestBear\AppData\Local\Temp\SkypeSetup.exe

C:\Users\DaBestBear\AppData\Local\Temp\sonarinst.exe

C:\Users\DaBestBear\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\DaBestBear\AppData\Local\Temp\System.Data.SQLite14123.dll

C:\Users\DaBestBear\AppData\Local\Temp\System.Data.SQLite17342.dll

C:\Users\DaBestBear\AppData\Local\Temp\vcredist_x64.exe

C:\Users\DaBestBear\AppData\Local\Temp\xmlUpdater.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-06-13 22:14

 

==================== End of log ============================

Attached Files


Edited by jntkwx, 15 June 2015 - 12:01 PM.
Including log in post (easier to read)


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 12:15 PM

Just to review some Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.  :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started  :thumbup2:

===================================================

 

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

 

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

 

 

Do you recognize a program called Social Privacy DNS?

 

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    EmptyTemp:
    
  • Click FileSave As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.


After the Reboot:

Step 2

Please uninstall some programs:

  • Open Programs and Features by clicking the Start button hidden2.png  and then clicking Programs and Features.
  • Search and select the following programs one by one and click on Uninstall

    BrowserSafeguard

Step 3

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 4

frst.pngfrstscan.png

Start FRST with administrator privileges.

  • Make sure the following option is checkedaddition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 01:13 PM

I didn't manage to find a program called BrowserSafeGuard.

 

Here are the logs though.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by DaBestBear at 2015-06-15 13:54:22 Run:1
Running from C:\Users\DaBestBear\Desktop
Loaded Profiles: DaBestBear (Available Profiles: DaBestBear)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
EmptyTemp:
*****************
 
Processes closed successfully.
EmptyTemp: => 29.4 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:55:09 ====
 
# AdwCleaner v4.206 - Logfile created 15/06/2015 at 14:03:45
# Updated 01/06/2015 by Xplode
# Database : 2015-06-14.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : DaBestBear - BEAR
# Running from : C:\Users\DaBestBear\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Social Privacy  DNS
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\DaBestBear\AppData\Roaming\Systweak
File Deleted : C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
File Deleted : C:\END
 
***** [ Scheduled tasks ] *****
 
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-3013266560-2021061939-3607471477-1001
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserSafeguard]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dnsshield
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Google Chrome v43.0.2357.124
 
[C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M38255513-F4E1-465D-B33C-BDAD3AA956D5&SearchSource=55&CUI=&UM=6&UP=SP7DA31193-12B8-430B-AE3A-6470CE77F38F&SSPV=
[C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : D6D9D9BD8CFCDF805ABA910426EF9D18261CD5EE6924B54E0A1032ED779EBF51"},"software_reporter":{"prompt_reason":"B45DC09E17BB8696964D641FD691941494124B6D6E2C64AA8F9B4B65E615D14E","prompt_seed":"7FCA76E67442AA1EE1799FED92080230F50D37F050F5E084E8515E5EC1BD3B2D","prompt_version":"3C78EC31A71D4AE3583C492907D93BB5F98E355B1BE7D0E25C5185DC54F3AEB5"},"sync":{"remaining_rollback_tries":"684E91DAE28C1A59C519BC3153C2346EDEE1D8BDC8D7AFA1732CF4D8C87AE998"}},"super_mac":"E6A0AF51E581261610E625ADA25A2271FA322909965FC2B18C1AA1E6C50D01D9"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M38255513-F4E1-465D-B33C-BDAD3AA956D5&SearchSource=55&CUI=&UM=6&UP=SP7DA31193-12B8-430B-AE3A-6470CE77F38F&SSPV=
 
*************************
 
AdwCleaner[R0].txt - [3127 bytes] - [15/06/2015 14:01:55]
AdwCleaner[S0].txt - [2903 bytes] - [15/06/2015 14:03:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2962  bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by DaBestBear (administrator) on BEAR on 15-06-2015 14:07:28
Running from C:\Users\DaBestBear\Desktop
Loaded Profiles: DaBestBear (Available Profiles: DaBestBear)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Skillbrains) C:\Users\DaBestBear\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.491.0\McCSPServiceHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [LightShot] => C:\Users\DaBestBear\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3632472 2015-04-17] (Electronic Arts)
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3013266560-2021061939-3607471477-1001 -> {A65E6BEB-FF1C-435F-85AA-43558B6FDDFD} URL = https://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-17] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-17] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-31] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{13F867A1-8A26-4260-AFC2-0BF26A4CA4B4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-17] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-31] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Google Wallet) - C:\Users\DaBestBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-05-23] (altPUG LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-06-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.491.0\McCSPServiceHost.exe [207344 2015-05-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-26] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 OSFMount; \??\C:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 14:01 - 2015-06-15 14:03 - 00000000 ____D C:\AdwCleaner
2015-06-15 14:01 - 2015-06-15 14:01 - 02231296 _____ C:\Users\DaBestBear\Downloads\AdwCleaner.exe
2015-06-15 12:36 - 2015-06-15 12:54 - 00033597 _____ C:\Users\DaBestBear\Desktop\Addition.txt
2015-06-15 12:34 - 2015-06-15 14:07 - 00019394 _____ C:\Users\DaBestBear\Desktop\FRST.txt
2015-06-15 12:34 - 2015-06-15 14:07 - 00000000 ____D C:\FRST
2015-06-15 12:34 - 2015-06-15 12:34 - 02109952 _____ (Farbar) C:\Users\DaBestBear\Desktop\FRST64.exe
2015-06-13 23:21 - 2015-06-15 14:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-13 23:21 - 2015-06-13 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-13 23:21 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-13 23:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-13 23:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-13 22:48 - 2015-06-15 14:05 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-13 22:48 - 2015-06-13 22:48 - 00000979 _____ C:\Users\Public\Desktop\Steam.lnk
2015-06-13 22:48 - 2015-06-13 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-13 22:47 - 2015-06-13 22:47 - 01142128 _____ C:\Users\DaBestBear\Downloads\SteamSetup.exe
2015-06-11 22:52 - 2015-06-11 22:52 - 00000000 ____D C:\Users\DaBestBear\AppData\Local\GWX
2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2015-06-11 21:36 - 2015-06-11 21:36 - 00000000 ____D C:\Program Files (x86)\FileASSASSIN
2015-06-11 18:15 - 2015-06-11 18:25 - 139277889 _____ C:\Users\DaBestBear\Desktop\Upload.wmv
2015-06-11 12:40 - 2015-05-27 10:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-11 12:40 - 2015-05-27 10:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-11 12:40 - 2015-05-25 09:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 12:40 - 2015-05-25 09:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 12:40 - 2015-05-22 23:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-11 12:40 - 2015-05-22 23:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-11 12:40 - 2015-05-22 23:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-11 12:40 - 2015-05-22 23:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-11 12:40 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-11 12:40 - 2015-05-22 22:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-11 12:40 - 2015-05-22 22:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-11 12:40 - 2015-05-22 22:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-11 12:40 - 2015-05-22 22:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-11 12:40 - 2015-05-22 22:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-11 12:40 - 2015-05-22 22:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-11 12:40 - 2015-05-22 22:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-11 12:40 - 2015-05-22 22:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-11 12:40 - 2015-05-22 22:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-11 12:40 - 2015-05-22 22:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-11 12:40 - 2015-05-22 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-11 12:40 - 2015-05-22 15:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-11 12:40 - 2015-05-22 15:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-11 12:40 - 2015-05-22 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-11 12:40 - 2015-05-22 14:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-11 12:40 - 2015-05-22 14:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-11 12:40 - 2015-05-22 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-11 12:40 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-11 12:40 - 2015-05-22 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-11 12:40 - 2015-05-22 14:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-11 12:40 - 2015-05-22 14:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-11 12:40 - 2015-05-22 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-11 12:40 - 2015-05-22 14:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-11 12:40 - 2015-05-22 14:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-11 12:40 - 2015-05-22 13:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-11 12:40 - 2015-05-22 13:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-11 12:40 - 2015-05-22 13:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-11 12:40 - 2015-05-22 13:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-11 12:40 - 2015-05-22 13:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-11 12:40 - 2015-05-22 09:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-11 12:40 - 2015-05-21 09:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-11 12:40 - 2015-04-24 22:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-11 12:40 - 2015-04-24 22:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-11 12:40 - 2015-04-16 18:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-11 12:40 - 2015-04-16 02:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-11 12:40 - 2015-04-13 18:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-11 12:40 - 2015-04-13 18:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-11 12:40 - 2015-04-09 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-11 12:40 - 2015-04-09 20:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-11 12:40 - 2015-04-08 18:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-11 12:40 - 2015-04-08 18:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-11 12:40 - 2015-04-01 18:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-11 12:40 - 2015-04-01 18:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-11 12:40 - 2015-04-01 00:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-11 12:40 - 2015-04-01 00:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-11 12:40 - 2015-04-01 00:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-11 12:40 - 2015-04-01 00:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-11 12:40 - 2015-03-31 23:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-11 12:40 - 2015-03-31 23:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-11 12:40 - 2015-03-31 23:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-11 12:40 - 2015-03-31 22:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-11 12:40 - 2015-03-31 22:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-11 12:40 - 2015-03-31 22:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-11 12:40 - 2015-03-31 22:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-11 12:40 - 2015-03-31 22:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-11 12:40 - 2015-03-31 22:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-11 12:40 - 2015-03-19 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-11 12:40 - 2015-03-19 23:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-11 12:40 - 2015-03-19 22:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-11 12:40 - 2015-03-19 22:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-11 12:40 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-11 12:40 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-11 12:39 - 2015-05-22 22:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-11 12:39 - 2015-05-22 22:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-11 12:39 - 2015-05-22 14:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-11 12:39 - 2015-05-22 14:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-11 12:39 - 2015-05-21 12:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-31 19:35 - 2015-05-31 19:35 - 00002153 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-05-31 19:34 - 2015-05-28 00:15 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-31 19:34 - 2015-05-27 23:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-31 19:33 - 2015-05-31 19:33 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-05-31 19:33 - 2015-05-28 03:04 - 42719888 _____ C:\Windows\system32\nvcompiler.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 37741712 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-31 19:33 - 2015-05-28 03:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00878816 _____ C:\Windows\system32\nvmcumd.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-31 19:33 - 2015-05-28 03:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-31 19:33 - 2015-05-28 03:04 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-31 19:14 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-31 17:13 - 2015-06-14 00:05 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Imminent
2015-05-31 17:13 - 2015-05-31 17:13 - 00000000 ____D C:\Windows\System32\Tasks\Update
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-15 14:05 - 2014-03-19 15:56 - 00000000 ___DO C:\Users\DaBestBear\SkyDrive
2015-06-15 14:05 - 2014-01-25 15:20 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 14:04 - 2014-06-15 10:00 - 00000000 ____D C:\Users\DaBestBear\AppData\Local\Adobe
2015-06-15 14:04 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-15 14:04 - 2014-01-25 15:03 - 01923404 _____ C:\Windows\WindowsUpdate.log
2015-06-15 14:04 - 2013-08-22 10:46 - 00038129 _____ C:\Windows\setupact.log
2015-06-15 14:04 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-15 14:04 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-15 14:01 - 2014-01-25 15:17 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3013266560-2021061939-3607471477-1001
2015-06-15 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-15 13:55 - 2014-01-25 15:21 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 13:55 - 2013-09-09 18:08 - 00094152 _____ C:\Windows\PFRO.log
2015-06-14 17:40 - 2014-01-26 18:28 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Skype
2015-06-13 22:36 - 2014-01-25 15:09 - 00000000 ____D C:\Users\DaBestBear
2015-06-13 22:16 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-12 21:36 - 2014-01-25 15:17 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\.minecraft
2015-06-12 21:16 - 2014-04-12 15:14 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\TS3Client
2015-06-12 16:52 - 2014-01-25 16:39 - 00000000 ____D C:\ProgramData\Skype
2015-06-11 22:36 - 2013-08-22 10:44 - 05003808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 22:33 - 2014-12-13 01:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-11 22:33 - 2014-07-09 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-11 22:33 - 2014-01-27 16:51 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 22:33 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-11 22:33 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 22:33 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-11 22:32 - 2014-01-27 16:50 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-11 14:48 - 2014-09-14 10:02 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\OBS
2015-06-11 12:55 - 2014-01-25 15:21 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-11 12:51 - 2014-01-30 21:51 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-11 12:25 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-06-03 12:18 - 2014-08-15 13:45 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 12:18 - 2014-08-15 13:45 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-31 19:42 - 2014-04-19 19:38 - 00000000 ____D C:\ProgramData\Origin
2015-05-31 19:40 - 2014-07-17 18:17 - 00000000 ____D C:\Program Files\WinRAR
2015-05-31 19:35 - 2014-02-08 14:49 - 00000000 ____D C:\temp
2015-05-31 19:35 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-05-31 19:35 - 2014-01-25 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-31 19:34 - 2014-02-01 02:53 - 00000000 ____D C:\Program Files (x86)\Razer
2015-05-31 19:34 - 2014-01-25 15:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-05-31 19:33 - 2014-01-25 15:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-05-31 19:29 - 2014-08-10 10:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-31 19:29 - 2014-08-10 10:57 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-31 19:29 - 2014-04-12 19:44 - 00000000 ____D C:\Users\DaBestBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-31 19:29 - 2014-04-12 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-31 19:14 - 2014-01-25 15:33 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-05-31 14:47 - 2014-01-25 15:12 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C80F9965-7A32-4151-956C-303FB29F06DD}
2015-05-29 19:28 - 2014-08-11 12:13 - 00000000 ____D C:\Users\DaBestBear\Documents\Euro Truck Simulator 2
2015-05-28 03:04 - 2014-01-25 15:15 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-28 03:04 - 2014-01-25 15:15 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-28 03:04 - 2014-01-25 15:14 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-05-28 00:15 - 2014-01-25 15:15 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-28 00:15 - 2014-01-25 15:15 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-28 00:15 - 2014-01-25 15:15 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-28 00:15 - 2014-01-25 15:15 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-28 00:15 - 2014-01-25 15:15 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 06:48 - 2014-01-25 15:15 - 04408727 _____ C:\Windows\system32\nvcoproc.bin
2015-05-24 12:32 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-05-24 12:27 - 2015-04-06 22:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-24 12:27 - 2015-04-06 22:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-23 16:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-05-17 15:50 - 2014-01-25 15:21 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 15:50 - 2014-01-25 15:21 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-04-13 10:51 - 2014-04-13 10:51 - 0015488 _____ () C:\Users\DaBestBear\AppData\Local\CleanupUninstall.txt
2014-01-27 15:43 - 2014-01-27 15:43 - 0000003 _____ () C:\Users\DaBestBear\AppData\Local\updater.log
2014-01-27 15:43 - 2014-08-29 20:31 - 0000446 _____ () C:\Users\DaBestBear\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\DaBestBear\AppData\Local\Temp\Quarantine.exe
C:\Users\DaBestBear\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-13 22:14
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by DaBestBear at 2015-06-15 14:08:10
Running from C:\Users\DaBestBear\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3013266560-2021061939-3607471477-500 - Administrator - Disabled)
DaBestBear (S-1-5-21-3013266560-2021061939-3607471477-1001 - Administrator - Enabled) => C:\Users\DaBestBear
Guest (S-1-5-21-3013266560-2021061939-3607471477-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dxtory version 2.0.119 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.119 - Dxtory Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.11.1 - SCS Software)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Lightshot-5.1.4.6 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
14-05-2015 20:09:32 Windows Update
24-05-2015 12:22:41 Scheduled Checkpoint
31-05-2015 19:04:07 Scheduled Checkpoint
11-06-2015 12:51:40 Removed Magic Bullet Suite 64-bit
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {077403E1-918C-41EF-8924-C4BB7A733E73} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {10E76BAA-D20E-46D3-8BF8-53B0CFA2EB1B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {2F6D9CB6-6B75-4BDC-BFCB-FA6818716367} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {430799C7-479F-45A1-BDEC-56708A734394} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)
Task: {4B0690E7-B5B1-447C-9C25-34D0D5D6258C} - System32\Tasks\Update\Google Update => Chrome.exe  <==== ATTENTION
Task: {5C37407D-3A46-448D-9891-A75D6AA0C244} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3013266560-2021061939-3607471477-1001
Task: {A6C805BF-D986-49EC-9288-05EFD2911F8D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-xxpolararcticxx@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {A82C1E04-DF90-4240-9943-008AAF4A164D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {B64D58EF-0E49-4B74-898E-898BDDEA1CF9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {D146C7FE-54F3-41E1-9056-17082CE3236E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {D9E5DCAC-8B5D-4CA0-BB33-6CF90CAF13CE} - System32\Tasks\{DA9919A8-4A97-4C30-BDA6-5BD5C3113465} => pcalua.exe -a "C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe" -c /u /UserID=77d2fc46-ebbb-4b2d-a340-32b209946d00 /SourceID=browsersafeguard-rockettab-revenyou /ImplementationID=browsersafeguard-rockettab-revenyou
Task: {E58F1B11-9593-4968-BF1B-ECFD20C9A2F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
Task: {FFB9B7B8-9285-4168-8E07-8C61BDF591B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-01-25 15:15 - 2015-05-28 00:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-25 15:11 - 2013-07-04 07:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-11-26 21:34 - 2014-11-26 21:34 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-05-23 02:10 - 2014-05-23 02:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-01-25 15:11 - 2015-06-15 14:04 - 00025088 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-01-25 15:11 - 2013-07-04 07:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-05-12 22:22 - 2014-05-12 22:22 - 02217128 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
2015-06-11 12:55 - 2015-06-05 14:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-11 12:55 - 2015-06-05 14:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 00742816 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libglesv2.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 00136608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libegl.dll
2015-06-11 12:55 - 2015-06-05 14:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\DaBestBear\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\DaBestBear\SkyDrive.old:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "dnsshield"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3013266560-2021061939-3607471477-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9ECCB8C8-14C2-402D-A3D9-76E0603DF8CA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DAEC993D-D649-44B5-BCD9-64B33A6D30CE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BF9C18B4-ABC7-4B0A-900B-2A9578D38FB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{74144474-C96A-437A-A50B-F3C79A6245D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{56C5BA5A-806F-4FB2-ACCA-D7C51A151CB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3D4CB7E0-C3E5-496A-B9E0-510B773B61FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{90BACA70-E9F3-48AF-8479-C7FEAFDF8DE1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{634946A9-2C60-474B-84B1-1C6EA850F9A8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{9E2B9FF3-75CB-401C-BDB5-869F72C4F7A3}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{60155216-5E43-4318-860C-DB65A7BEEB83}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{E71AACE1-7B02-4A76-8C54-1094C102F1BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{265D5B3A-9D3D-41AF-8EF1-982E93162C38}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2316D574-5F9D-45AB-9B62-F4753F5A7AAD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4B4E23B7-2203-4D12-802C-7A2628E2BE53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6EEEDAE1-A54F-4DE3-8B66-BF6836CCA463}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{83C17E6C-C325-465E-BDCD-0D4EAD5225C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5CCB70B8-3B5B-4A54-B7DF-A7FC07B46FC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FC3C96DA-6C14-471E-B0C9-A4172BA52819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{D91B5D99-53D6-40F4-BE0E-DF44DEABCB45}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9CEBDC93-3906-4B50-BD3D-FC0B89EB334A}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{08504683-10C5-4770-8C33-85B9475260E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{040E43D1-A835-4C54-A5E5-4A47DC97B479}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1CA31E21-5794-4FFB-8ACC-1F3A3C17D5FD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{7A32039A-8286-467C-9B21-46487E19A6CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3FA3A5E1-D824-45CA-A31D-517D02A29569}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0DA425C2-416B-4CD2-B455-2A078CD55E3D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E598FC91-AE92-4D37-B848-7BD525DB730B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E347FA14-9A04-43C6-84DB-9C942BAC58B6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9C888CDC-FE4E-4B00-AEB4-8CA6717E5D4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E5A4B7E1-B58F-4110-B7C9-ABCD6355B859}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{81DAB2C9-9284-4E2B-A4D7-D32FE79D97B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Euro Truck Simulator 2 Demo\bin\win_x86\eurotrucks2.exe
FirewallRules: [{637395DD-574E-417F-80A6-CD3CEBDD9CF4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{0D2FF555-757E-45F5-BDFC-57583C5A952C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{8D5D3383-5301-43C6-9EB6-4D21034A91D6}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{4EBFFBE4-F964-4444-B12C-30DC6DC4EFD4}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{C214BF27-1974-4D37-81BF-1FEA3AD4B04A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2015 01:57:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion DCS server
 
Error: (06/13/2015 10:48:05 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (06/12/2015 04:50:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.81.34.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: a88
 
Start Time: 01d0a52f2c72a59e
 
Termination Time: 981
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id: 7ab06c52-1144-11e5-8301-74d02b9e609f
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/11/2015 00:50:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (05/31/2015 07:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/31/2015 06:59:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/31/2015 06:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileASSASSIN.exe, version: 1.6.0.0, time stamp: 0x463c0573
Faulting module name: explorerframe.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504c76
Exception code: 0xc0000005
Fault offset: 0x00144b00
Faulting process id: 0x1594
Faulting application start time: 0xFileASSASSIN.exe0
Faulting application path: FileASSASSIN.exe1
Faulting module path: FileASSASSIN.exe2
Report Id: FileASSASSIN.exe3
Faulting package full name: FileASSASSIN.exe4
Faulting package-relative application ID: FileASSASSIN.exe5
 
Error: (05/31/2015 05:54:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FileASSASSIN.exe version 1.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cf8
 
Start Time: 01d09bec2c4bd96b
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe
 
Report Id: a88a3436-07df-11e5-82fa-74d02b9e609f
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/29/2015 07:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: eurotrucks2.exe, version: 1.11.0.10, time stamp: 0x53d1381b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000001
Faulting process id: 0x6a8
Faulting application start time: 0xeurotrucks2.exe0
Faulting application path: eurotrucks2.exe1
Faulting module path: eurotrucks2.exe2
Report Id: eurotrucks2.exe3
Faulting package full name: eurotrucks2.exe4
Faulting package-relative application ID: eurotrucks2.exe5
 
Error: (05/25/2015 11:49:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (06/15/2015 02:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (06/15/2015 02:04:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (06/15/2015 02:04:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1062
 
Error: (06/15/2015 02:04:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (06/15/2015 02:03:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/15/2015 02:03:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/15/2015 02:03:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/15/2015 02:03:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/15/2015 02:03:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/15/2015 02:03:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (06/15/2015 01:57:37 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT AUTHORITY)
Description: -2147012889
 
Error: (06/13/2015 10:48:05 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to poke open firewall
 
Error: (06/12/2015 04:50:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.6a8801d0a52f2c72a59e981C:\Program Files (x86)\Steam\Steam.exe7ab06c52-1144-11e5-8301-74d02b9e609f
 
Error: (06/11/2015 00:50:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (05/31/2015 07:02:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Adobe\Adobe After Effects CC\Support Files\Plug-ins\MAXON CINEWARE AE\(CINEWARE Support)\bin\resource\modules\python\res\Python.win64.framework\Lib\distutils\command\wininst-8_d.exe
 
Error: (05/31/2015 06:59:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Adobe\Adobe After Effects CC\Support Files\Plug-ins\MAXON CINEWARE AE\(CINEWARE Support)\bin\resource\modules\python\res\Python.win64.framework\Lib\distutils\command\wininst-8_d.exe
 
Error: (05/31/2015 06:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FileASSASSIN.exe1.6.0.0463c0573explorerframe.dll_unloaded6.3.9600.1741554504c76c000000500144b00159401d09bedee9f512dC:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exeexplorerframe.dll75a0e292-07e1-11e5-82fa-74d02b9e609f
 
Error: (05/31/2015 05:54:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FileASSASSIN.exe1.6.0.0cf801d09bec2c4bd96b4C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exea88a3436-07df-11e5-82fa-74d02b9e609f
 
Error: (05/29/2015 07:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: eurotrucks2.exe1.11.0.1053d1381bunknown0.0.0.000000000c0000005000000016a801d09a6311c0522bC:\Program Files (x86)\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exeunknown6a448b4e-065a-11e5-82f7-74d02b9e609f
 
Error: (05/25/2015 11:49:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Adobe\Adobe After Effects CC\Support Files\Plug-ins\MAXON CINEWARE AE\(CINEWARE Support)\bin\resource\modules\python\res\Python.win64.framework\Lib\distutils\command\wininst-8_d.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770K CPU @ 3.50GHz
Percentage of memory in use: 12%
Total physical RAM: 16323.34 MB
Available physical RAM: 14265.77 MB
Total Pagefile: 18755.34 MB
Available Pagefile: 16512.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.67 GB) (Free:1739.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1F167E0C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.7 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#6 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 01:14 PM

Just noticed that he Bhop Script.exe seems to be gone and it looks like my Steam Client is running smoothly.



#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 01:20 PM

Just noticed that he Bhop Script.exe seems to be gone and it looks like my Steam Client is running smoothly.

 
Great! Before I let you go I'd like to scan your machine with ESET OnlineScan.

Since Eset could take up to an hour or even more depending on the size of your hard drive and the speed of your computer I suggest that you run this scan at night when you are not there and the computer is idle.

 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

Also let's check for outdated and vulnerable software on your PC

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

And then if there aren't any issues left I'll give you my final recommendations.

 

Let me know if there are remaining issues.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 01:26 PM

Here is the Security Check log. I'll make sure to do the ESET OnlineScan whenever my computer is idle.

 

 Results of screen317's Security Check version 1.004  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender                     
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65  
 Java 8 Update 25  
 Java 8 Update 45  
 Google Chrome (43.0.2357.124) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Edited by Atronax, 15 June 2015 - 01:31 PM.


#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 02:09 PM

Here is the Security Check log. I'll make sure to do the ESET OnlineScan whenever my computer is idle.

 
Ok, sounds good.
 

Your Java is out of date. Using Java is an unnecessary security risk...especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Although Java is commonly used in business environments and many VPN providers still use it, thaverage user does not need to install Java software.

Please follow these steps to remove older version of Java components and upgrade the application.
  • Download the latest version of Java SE 8.
  • Click the Java SE 8u45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 8 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-8u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
      Java 7 Update 65  
      Java 8 Update 25  
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-8u40-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading processClick Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click RunThe browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 02:41 PM

Exception encountered in module [JavaRa]
Message: Could not find a part of the path 'C:\Users\DaBestBear\Desktop\localizations'.
   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path, String searchPattern, SearchOption searchOption)
   at System.IO.Directory.GetFiles(String path)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindPaths(FileOrDirectory FileOrDirectory, String directory, String wildCard)
   at Microsoft.VisualBasic.FileIO.FileSystem.FindFilesOrDirectories(FileOrDirectory FileOrDirectory, String directory, SearchOption searchType, String[] wildcards, Collection`1 Results)
   at Microsoft.VisualBasic.MyServices.FileSystemProxy.GetFiles(String directory)
   at JavaRa.UI.Form1_Load(Object sender, EventArgs e)
 
== Cleaning JRE temporary files ==
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1218fa03
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1218fa03.idx
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-1f3cc2bc
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-1f3cc2bc.idx
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-52298ae0
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-52298ae0.idx
 
== Cleaning JRE temporary files ==
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1218fa03
Deleted file: C:\Users\DaBestBear\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-1218fa03.idx


#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 02:43 PM

Looking good. When you get a chance, run ESET and post the log. :thumbup2:


Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 02:44 PM

Looking good. When you get a chance, run ESET and post the log. :thumbup2:

It's at 83% right now so I'll post it as soon as it's done.


Edited by Atronax, 15 June 2015 - 02:45 PM.


#13 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 03:18 PM

Here are the results of the ESET OnlineScan.

 

C:\Users\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000 a variant of MSIL/Kryptik.BWG trojan
C:\Windows\Installer\MSI7ED8.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSIB8B2.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSIE41D.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application

Edited by Atronax, 15 June 2015 - 03:21 PM.


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:06:26 AM

Posted 15 June 2015 - 03:32 PM

Run a Scan with Malwarebytes (MBAM)

  • Open Malwarebytes, click the Settings button at the top of the window.
  • On the lefthand side, click Detection and Protection and make sure the window looks like this:
    Attached File  Screen Shot 2015-06-15 at 4.24.18 PM.png   56.01KB   0 downloads
  • Click the Dashboard button at the top, and click on the blue Scan Now button.
  • Malwarebytes should automatically check for updates and begin scanning your computer. This may take a while. Note that with some infections, you may see a message box that says Could not load DDA driver. Click Yes to this message to allow the driver to load after a restart.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes. (If you are not prompted to restart your computer, please restart anyway).
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 Atronax

Atronax
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 15 June 2015 - 03:52 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/15/2015
Scan Time: 4:36:52 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.15.06
Rootkit Database: v2015.06.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: DaBestBear
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343439
Time Elapsed: 9 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Stolen.Data, C:\Users\DaBestBear\AppData\Roaming\Imminent\Logs, Quarantined, [d2305863602ada5cac66b96c0ff5f50b], 
 
Files: 2
Stolen.Data, C:\Users\DaBestBear\AppData\Roaming\Imminent\Logs\14-06-2015, Quarantined, [d2305863602ada5cac66b96c0ff5f50b], 
Stolen.Data, C:\Users\DaBestBear\AppData\Roaming\Imminent\Logs\15-06-2015, Quarantined, [d2305863602ada5cac66b96c0ff5f50b], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users