Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware virus (Priceless/NoMore Ads). Redirects google search and displays popups


  • This topic is locked This topic is locked
6 replies to this topic

#1 Jpatt

Jpatt

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 June 2015 - 02:42 AM

I am infected with adware that displays junk results in my google searches as well as displays popups and sidebars on every godamn page I visit. I have run virus scans, used ccleaner, deleted the extension in chrome that seems to be the culprit, uninstalled software, Used ZOEK. You name it it keeps reinstalling itself and showing up as a browser extension.. I followed instructions using FRST to try find the problem.

 

Here is the result file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Jesse (administrator) on HAL on 23-06-2015 17:30:59
Running from C:\Users\Jesse\Downloads
Loaded Profiles: Jesse (Available Profiles: Jesse & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
 
Please help. Thanks. Jesse.

Attached Files



BC AdBot (Login to Remove)

 


#2 Jpatt

Jpatt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 June 2015 - 07:00 AM

anyone?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 AM

Posted 26 June 2015 - 08:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your FRST log is not complete.

Please run the tool one more time and post a complete log for my review.

#4 Jpatt

Jpatt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 26 June 2015 - 08:58 AM

Hello. Thanks for the help. Apologies... It must have not copy/pasted the entire thing. I have attached both of the files in this reply now...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Jesse (administrator) on HAL on 23-06-2015 17:30:59
Running from C:\Users\Jesse\Downloads
Loaded Profiles: Jesse (Available Profiles: Jesse & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Valve Corporation) C:\Steam\Steam.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-04] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [43008 2011-04-09] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\windows\AsScrPro.exe [3058304 2013-09-27] (ASUS)
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-12] (cyberlink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-03] (CyberLink)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\Run: [ISUSPM] => -scheduler
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-09] (Piriform Ltd)
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\Policies\system: []
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\MountPoints2: {4395e974-b198-11e4-979a-5404a61f6bfe} - G:\setup.exe
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\MountPoints2: {6cd288dc-0dc4-11e5-b70a-5404a61f6bfe} - G:\setup.exe
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\MountPoints2: {7e348736-2b87-11e3-b94c-742f68c9ea50} - J:\setup.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-10-30]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-13]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk [2013-10-02]
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-379377581-3068157461-3483420857-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-379377581-3068157461-3483420857-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-14] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-14] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-28] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-14] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-28] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\qej9bo0r.default
FF Homepage: hxxp://en.wikipedia.org/wiki/Special:Random
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll [2015-02-02] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-10-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-02-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-24] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-379377581-3068157461-3483420857-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Jesse\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-379377581-3068157461-3483420857-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: StumbleUpon - C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\qej9bo0r.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2013-10-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-14] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-14] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-11] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-13] (CyberLink)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-09-27] (Creative Labs) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S3 Disconnect Desktop Updater; C:\Program Files (x86)\Disconnect\Disconnect Desktop\Disconnect Desktop Updater.exe [358400 2014-12-24] (Disconnect)
S4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-11-08] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-12-17] (Hi-Rez Studios) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-06] (Electronic Arts)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-11-12] ()
S4 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-15] ()
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [194864 2011-02-13] (Avid Technology, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-09] (Disc Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-05-10] (Echobit, LLC)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-09] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-15] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.)
R3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [32944 2011-02-13] (Avid Technology, Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.)
S3 mcdevice; C:\Windows\System32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows ® Win 7 DDK provider)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-04] (Synaptics Incorporated)
S3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows ® Win 7 DDK provider)
S3 VCam_WDM; C:\Windows\System32\DRIVERS\VCam_WDM.sys [104120 2012-05-25] (e2eSoft)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
U3 swmidi; No ImagePath
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 17:30 - 2015-06-23 17:31 - 00022323 _____ C:\Users\Jesse\Downloads\FRST.txt
2015-06-23 17:30 - 2015-06-23 17:31 - 00000000 ____D C:\FRST
2015-06-23 17:29 - 2015-06-23 17:29 - 02109952 _____ (Farbar) C:\Users\Jesse\Downloads\FRST64.exe
2015-06-21 01:00 - 2015-06-23 14:15 - 00001232 _____ C:\windows\setupact.log
2015-06-21 01:00 - 2015-06-21 01:00 - 00000000 _____ C:\windows\setuperr.log
2015-06-19 12:19 - 2015-06-19 12:19 - 00305492 _____ C:\Users\Jesse\Documents\cc_20150619_121924.reg
2015-06-19 12:11 - 2015-06-19 12:11 - 00002780 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-06-19 12:11 - 2015-06-19 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-19 12:11 - 2015-06-19 12:11 - 00000000 ____D C:\Program Files\CCleaner
2015-06-14 21:34 - 2015-06-14 21:34 - 00000000 ____D C:\Users\Jesse\AppData\Local\PACE Anti-Piracy
2015-06-14 21:26 - 2015-06-14 21:04 - 00024064 _____ C:\windows\zoek-delete.exe
2015-06-14 21:07 - 2015-06-14 21:29 - 00021473 _____ C:\zoek-results.log
2015-06-14 21:04 - 2015-06-14 21:23 - 00000000 ____D C:\zoek_backup
2015-06-14 20:57 - 2015-06-14 20:58 - 01308672 _____ C:\Users\Jesse\Downloads\zoek.exe
2015-06-14 15:12 - 2015-06-14 15:12 - 00000201 _____ C:\Users\Jesse\Desktop\Total War SHOGUN 2.url
2015-06-14 14:54 - 2015-06-14 14:54 - 00001262 _____ C:\Users\Public\Desktop\This War of Mine v1.3.1.lnk
2015-06-14 14:54 - 2015-06-14 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine v1.3.1
2015-06-14 14:53 - 2015-06-14 14:54 - 00000000 ____D C:\Program Files (x86)\This War of Mine v1.3.1
2015-06-14 12:48 - 2015-06-22 18:52 - 00000024 _____ C:\Users\Jesse\AppData\Roaming\appdataFr25.bin
2015-06-13 22:51 - 2015-06-13 22:51 - 00001128 _____ C:\Users\Jesse\Desktop\Play UFO Aftermath.lnk
2015-06-13 22:51 - 2015-06-13 22:51 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DotEmu
2015-06-13 22:51 - 2015-06-13 22:51 - 00000000 ____D C:\Program Files (x86)\DotEmu
2015-06-13 22:39 - 2015-06-13 22:39 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-06-13 14:47 - 2015-06-23 16:32 - 00000000 ____D C:\Users\Jesse\AppData\Local\LogMeIn Hamachi
2015-06-13 14:46 - 2015-06-13 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-06-13 14:46 - 2015-06-13 14:46 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-06-09 16:58 - 2015-06-09 16:58 - 00000000 ____D C:\ProgramData\15e15b4000004867
2015-06-09 16:45 - 2015-06-09 16:45 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\MinMaxGames
2015-06-09 16:41 - 2015-06-23 16:41 - 00000340 _____ C:\windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-06-09 16:41 - 2015-06-09 22:41 - 00000000 ____D C:\ProgramData\{a87ce07c-4a85-526f-a87c-ce07c4a881f1}
2015-06-09 16:39 - 2015-06-09 16:39 - 00000000 ____D C:\Users\Jesse\AppData\Local\Disc_Soft_Ltd
2015-06-09 16:38 - 2015-06-23 16:38 - 00000324 _____ C:\windows\Tasks\Bidaily Synchronize Task[973b].job
2015-06-09 16:37 - 2015-06-09 16:37 - 00030264 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtlitescsibus.sys
2015-06-09 16:37 - 2015-06-09 16:37 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-06-09 16:23 - 2015-06-09 16:23 - 00013824 ___SH C:\Users\Jesse\Desktop\Thumbs.db
2015-06-09 16:23 - 2015-06-09 16:23 - 00011776 ___SH C:\Users\Jesse\Downloads\Thumbs.db
2015-06-08 22:54 - 2015-06-08 22:54 - 00000202 _____ C:\Users\Jesse\Desktop\XCOM Enemy Unknown.url
2015-06-08 21:22 - 2015-06-11 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2015-06-08 21:22 - 2015-06-11 12:53 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2015-06-08 20:23 - 2015-06-08 20:23 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2015-06-08 20:18 - 2015-06-08 20:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA Corporation
2015-06-08 20:17 - 2015-06-08 20:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-06-08 20:17 - 2015-06-08 20:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2015-06-08 20:17 - 2015-06-08 20:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-06-08 19:27 - 2015-06-08 19:27 - 00000000 ____D C:\Users\Jesse\Downloads\Autoruns
2015-06-08 16:02 - 2015-06-08 16:02 - 00001810 _____ C:\Users\Public\Desktop\GTRSolo 3.5.lnk
2015-06-08 15:56 - 2015-06-08 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2015-06-08 15:56 - 2015-06-08 16:03 - 00000000 ____D C:\Program Files\VSTPlugIns
2015-06-08 15:56 - 2015-06-08 15:56 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2015-06-08 15:56 - 2007-11-21 04:34 - 00007744 _____ (Altiris) C:\windows\SysWOW64\HookDll.dll
2015-06-08 15:56 - 2005-12-15 20:30 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFC71.dll
2015-06-08 15:55 - 2015-06-08 16:02 - 00000000 ____D C:\Program Files (x86)\Waves
2015-06-08 15:44 - 2015-06-08 15:44 - 00001975 _____ C:\Users\Public\Desktop\Pro Tools 10.lnk
2015-06-08 15:44 - 2015-06-08 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid
2015-06-08 15:30 - 2015-06-08 15:30 - 00000000 ____D C:\Program Files\Avid
2015-06-08 15:30 - 2015-06-08 15:30 - 00000000 ____D C:\Program Files (x86)\Avid
2015-06-08 15:22 - 2015-06-08 15:22 - 00002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk
2015-06-08 15:22 - 2015-06-08 15:22 - 00000000 ____D C:\Program Files (x86)\iLok License Manager
2015-06-07 16:34 - 2015-06-23 16:42 - 00000000 ____D C:\Steam
2015-06-06 18:26 - 2015-06-06 18:26 - 00000221 _____ C:\Users\Jesse\Desktop\Hearts of Iron III.url
2015-06-01 18:21 - 2015-06-09 15:31 - 00000000 ____D C:\Users\Jesse\Documents\Convoy
2015-06-01 18:21 - 2015-06-01 18:21 - 00000973 _____ C:\Users\Jesse\Desktop\Convoy.exe - Shortcut.lnk
2015-06-01 18:00 - 2015-06-01 18:00 - 00000000 ____D C:\Users\Jesse\AppData\Local\PaceAP
2015-05-24 13:34 - 2015-05-24 13:34 - 00000000 ____D C:\Users\Jesse\AppData\Local\Blizzard

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-23 15:24 - 2013-09-27 04:55 - 01175289 _____ C:\windows\WindowsUpdate.log
2015-06-23 14:17 - 2013-09-27 05:14 - 00045056 _____ C:\windows\system32\acovcnt.exe
2015-06-23 13:44 - 2009-07-14 14:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-23 13:44 - 2009-07-14 14:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-23 13:36 - 2013-09-27 05:04 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-23 13:36 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-06-23 11:06 - 2009-07-14 15:13 - 00006502 _____ C:\windows\system32\PerfStringBackup.INI
2015-06-19 16:02 - 2013-11-07 20:29 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\MultiBit
2015-06-19 14:17 - 2014-07-29 12:00 - 00000202 _____ C:\Users\Jesse\Desktop\Verdun.url
2015-06-19 12:15 - 2013-10-03 11:38 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\DAEMON Tools Lite
2015-06-19 12:15 - 2013-10-02 17:06 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\BitTorrent
2015-06-19 12:14 - 2013-10-03 23:09 - 00000000 ____D C:\Users\Jesse\AppData\Local\CrashDumps
2015-06-16 22:47 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF
2015-06-14 17:27 - 2013-09-27 05:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-13 23:02 - 2014-05-30 16:04 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-06-13 14:32 - 2014-05-16 13:59 - 00000000 ____D C:\Users\Jesse\Documents\Paradox Interactive
2015-06-13 12:31 - 2014-01-14 20:00 - 00000000 ____D C:\Users\Jesse\AppData\Local\DayZ
2015-06-11 13:45 - 2015-05-21 13:52 - 00000000 ____D C:\Users\Jesse\Documents\The Witcher 3
2015-06-08 20:17 - 2013-10-30 07:24 - 00117728 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 20:17 - 2013-10-30 07:23 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-08 20:17 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-08 16:07 - 2013-12-16 19:45 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Avid
2015-06-08 16:07 - 2013-10-12 13:37 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Waves Audio
2015-06-08 15:56 - 2014-06-19 15:18 - 00000000 ____D C:\Program Files\Common Files\VST3
2015-06-08 15:47 - 2013-10-02 16:57 - 00117728 _____ C:\Users\Jesse\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-08 15:46 - 2009-07-14 14:45 - 00431392 _____ C:\windows\system32\FNTCACHE.DAT
2015-06-08 15:13 - 2011-04-13 22:34 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-08 14:52 - 2013-11-11 11:48 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-06-08 14:52 - 2013-09-27 05:15 - 00000000 ____D C:\Program Files (x86)\Creative
2015-06-08 14:51 - 2013-09-27 05:15 - 00000078 ___RH C:\windows\ctfile.rfc
2015-06-08 14:37 - 2014-06-11 10:04 - 00000000 ____D C:\Users\Jesse\AppData\Local\Citrix
2015-06-07 16:46 - 2013-12-01 20:41 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\vlc
2015-06-05 19:19 - 2013-10-13 13:33 - 00000000 ____D C:\Users\Jesse\AppData\Roaming\Skype
2015-06-01 18:21 - 2014-06-18 00:20 - 00000000 ____D C:\Games
2015-06-01 18:21 - 2013-10-03 13:31 - 00000000 ____D C:\ProgramData\Steam
2015-05-24 13:34 - 2015-01-08 18:17 - 00000000 ____D C:\Users\Jesse\AppData\Local\Battle.net

==================== Files in the root of some directories =======

2015-06-14 12:48 - 2015-06-22 18:52 - 0000024 _____ () C:\Users\Jesse\AppData\Roaming\appdataFr25.bin
2014-12-21 16:47 - 2014-12-21 16:47 - 0000026 _____ () C:\Users\Jesse\AppData\Roaming\EV Nova License.lcs
2014-12-21 16:47 - 2014-12-23 18:43 - 0000140 _____ () C:\Users\Jesse\AppData\Roaming\EV Nova Prefs.prf
2014-11-10 23:15 - 2014-11-10 23:15 - 0081838 _____ () C:\Users\Jesse\AppData\Roaming\icarus-dxdiag.xml
2014-02-02 23:31 - 2014-02-02 23:31 - 0000037 ___SH () C:\Users\Jesse\AppData\Local\20986331705021ca58edc424.96250074
2014-06-25 22:20 - 2014-10-02 14:09 - 0003584 _____ () C:\Users\Jesse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 12:07 - 2014-05-27 17:38 - 0007626 _____ () C:\Users\Jesse\AppData\Local\Resmon.ResmonCfg
2011-04-13 22:54 - 2010-07-07 09:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2013-09-27 05:21 - 2013-09-27 05:22 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-27 05:21 - 2013-09-27 05:21 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 14:06

==================== End of log ============================

Attached Files


Edited by nasdaq, 26 June 2015 - 10:42 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 AM

Posted 26 June 2015 - 10:49 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-379377581-3068157461-3483420857-1000\...\Policies\system: []
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-379377581-3068157461-3483420857-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-379377581-3068157461-3483420857-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
U3 swmidi; No ImagePath
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
Task: {254BB157-5EBD-4D03-887A-10193F44FC73} - \Bidaily Synchronize Task[74c7] No Task File <==== ATTENTION
Task: {A2312082-70CE-494D-8694-7C320DD3A925} - \Bidaily Synchronize Task[973b] No Task File <==== ATTENTION
Task: C:\windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{a87ce07c-4a85-526f-a87c-ce07c4a881f1}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{5109ae37-a8a1-0661-5109-9ae37a8ab8de}\setup.exe <==== ATTENTION
c:\programdata\{a87ce07c-4a85-526f-a87c-ce07c4a881f1}
c:\programdata\{5109ae37-a8a1-0661-5109-9ae37a8ab8de}
AlternateDataStreams: C:\Users\Jesse\Cookies:9ByNqp86h7VL5iH7mG4L3Fg1
AlternateDataStreams: C:\Users\Jesse\Local Settings:EPqkasCBOet9DJjYId3ikeg
AlternateDataStreams: C:\Users\Jesse\Local Settings:K9ry1bA5Y9602RUPEGJ9YvqBnEylx
AlternateDataStreams: C:\Users\Jesse\Local Settings:KWvJVKYBN7xrmXwV6WVEdVlD
AlternateDataStreams: C:\Users\Jesse\Local Settings:PhU6tRfSraMZEPrpe3
AlternateDataStreams: C:\Users\Jesse\Local Settings:WoyKw7jC0hrtUBMzrDiCg6S
AlternateDataStreams: C:\Users\Jesse\AppData\Local:EPqkasCBOet9DJjYId3ikeg
AlternateDataStreams: C:\Users\Jesse\AppData\Local:K9ry1bA5Y9602RUPEGJ9YvqBnEylx
AlternateDataStreams: C:\Users\Jesse\AppData\Local:KWvJVKYBN7xrmXwV6WVEdVlD
AlternateDataStreams: C:\Users\Jesse\AppData\Local:PhU6tRfSraMZEPrpe3
AlternateDataStreams: C:\Users\Jesse\AppData\Local:WoyKw7jC0hrtUBMzrDiCg6S
AlternateDataStreams: C:\Users\Jesse\AppData\Local\Application Data:EPqkasCBOet9DJjYId3ikeg
AlternateDataStreams: C:\Users\Jesse\AppData\Local\Application Data:K9ry1bA5Y9602RUPEGJ9YvqBnEylx
AlternateDataStreams: C:\Users\Jesse\AppData\Local\Application Data:KWvJVKYBN7xrmXwV6WVEdVlD
AlternateDataStreams: C:\Users\Jesse\AppData\Local\Application Data:PhU6tRfSraMZEPrpe3
AlternateDataStreams: C:\Users\Jesse\AppData\Local\Application Data:WoyKw7jC0hrtUBMzrDiCg6S

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

How is the computer running now?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 AM

Posted 01 July 2015 - 01:41 PM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,954 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:20 AM

Posted 07 July 2015 - 07:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users