Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus after clicking FB link - ADWCleaner log


  • This topic is locked This topic is locked
5 replies to this topic

#1 Lorelai001

Lorelai001

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 AM

Posted 05 July 2015 - 11:05 AM

Hello!
I clicked today on a link on Facebook with some article. When on the link, I got the option to ''like'' their facebook page, so I clicked the ''x'', and got some pop-up appear for a second. I immediately closed the page. After that, my mouse pointer started having a blue circle next to it, as a signal for loading or busy, but only on Facebook. I was running Firefox in Sandboxie, so I deleted content and restarted my laptop. Same issue. Also, pages seemed to load very slow, especially website links on Facebook. I also signed in ouside of Sandboxie, same thing.
I looked for the name of the link I clicked on, on Facebook, with no results. I also found several people that reported the loading circle at their pointer lately, just on FB, that has to do with FB and not  a virus.  I ran ADWCleaner anyway and found some issues. After, I ran TDSSKiller, it found nothing. HitmanPro - nothing. Malwarebytes - nothing.
 Maybe these issues are not connected with the results of ADWCleaner.  I really am no good at this, so sorry if it sounds silly.  I am interested in the ADWCleaner report, above all.

Thank you for any help!

ADWCleaner Log:

# AdwCleaner v4.203 - Logfile created 05/07/2015 at 17:40:13
# Updated 30/04/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : tes - ASUS
# Running from : C:\Users\tes\Downloads\adwcleaner_4.203.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130


*************************

########## EOF - C:\AdwCleaner\AdwCleaner[R37].txt - [3446 bytes] ##########

 

 

 

RKill log:

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/05/2015 06:34:12 PM in x64 mode.
Windows Version: Windows 8.1 Pro

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe (PID: 1192) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/05/2015 06:34:59 PM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)


 


Edited by Lorelai001, 05 July 2015 - 11:58 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 08 July 2015 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#3 Lorelai001

Lorelai001
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:50 AM

Posted 09 July 2015 - 01:20 PM

Hello! Thank you so much for your response!
These are the reports. I want to add that the Punkbuster is downloaded by Ubisoft to check the authenticity of their games (that they are baught).

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/9/2015
Scan Time: 8:56 PM
Logfile: bjb.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.09.04
Rootkit Database: v2015.07.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: tes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349591
Time Elapsed: 11 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by tes (administrator) on ASUS on 09-07-2015 21:03:10
Running from C:\Users\tes\Desktop
Loaded Profiles: tes &  (Available Profiles: tes)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => %ProgramFiles%\Elantech\ETDCtrl.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-05-28] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-05-28] (Sandboxie Holdings, LLC)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175880 2015-05-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-06-07]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1068086532-1582474183-3658225572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ro/
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ro/
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{4851DC45-677E-4AA9-8B00-1E91EC809F5D}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{B21F39A2-91B1-4555-B669-606938EE7CBB}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\tes\AppData\Roaming\Mozilla\Firefox\Profiles\tzx213ui.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1068086532-1582474183-3658225572-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-07-09] ()
FF Plugin HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-07-09] ()
FF Extension: Ghostery - C:\Users\tes\AppData\Roaming\Mozilla\Firefox\Profiles\tzx213ui.default\Extensions\firefox@ghostery.com.xpi [2015-01-27]
FF Extension: Adblock Plus - C:\Users\tes\AppData\Roaming\Mozilla\Firefox\Profiles\tzx213ui.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-21]

Chrome:
=======
CHR Profile: C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-10]
CHR Extension: (Google Docs) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-10]
CHR Extension: (Google Drive) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-10]
CHR Extension: (YouTube) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-10]
CHR Extension: (Adblock Plus) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-07-05]
CHR Extension: (Google Search) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-10]
CHR Extension: (Google Sheets) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-10]
CHR Extension: (Google Wallet) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-10]
CHR Extension: (Gmail) - C:\Users\tes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-04-23] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2015-03-04] ()
R2 Samsung Network Fax Server; C:\WINDOWS\system32\spool\drivers\x64\3\NetFaxServer64.exe [508464 2013-07-01] (Samsung Electronics Co., Ltd.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [176264 2015-05-28] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8534232 2014-08-19] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-09] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [508120 2014-08-15] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [188552 2015-05-28] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-05] ()
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S1 AntiLog32; \??\C:\WINDOWS\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 21:03 - 2015-07-09 21:03 - 00015005 _____ C:\Users\tes\Desktop\FRST.txt
2015-07-09 21:01 - 2015-07-09 21:03 - 00000000 ____D C:\FRST
2015-07-09 20:59 - 2015-07-09 20:59 - 02112512 _____ (Farbar) C:\Users\tes\Desktop\FRST64.exe
2015-07-06 14:20 - 2015-07-06 14:22 - 182231320 _____ (Microsoft Corporation) C:\Users\tes\Downloads\msert.exe
2015-07-05 22:44 - 2015-07-05 22:44 - 00002155 _____ C:\Users\tes\Desktop\RKreport_SCN_07052015_194153.log
2015-07-05 19:36 - 2015-07-05 19:37 - 17853688 _____ C:\Users\tes\Downloads\RogueKiller.exe
2015-07-05 19:33 - 2015-07-05 19:33 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-05 19:33 - 2015-07-05 19:33 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-05 18:34 - 2015-07-05 18:34 - 00002140 _____ C:\Users\tes\Desktop\Rkill.txt
2015-07-05 18:31 - 2015-07-05 18:31 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\tes\Downloads\rkill.exe
2015-07-05 18:30 - 2015-07-05 18:30 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\tes\Downloads\tdsskiller.exe
2015-07-05 18:23 - 2015-07-05 18:27 - 00000000 ____D C:\Users\tes\AppData\Local\NPE
2015-07-05 18:23 - 2015-07-05 18:23 - 03088296 _____ (Symantec Corporation) C:\Users\tes\Downloads\NPE.exe
2015-07-05 18:23 - 2015-07-05 18:23 - 00000000 ____D C:\ProgramData\Norton
2015-07-05 17:57 - 2015-07-05 17:57 - 00001054 _____ C:\Users\tes\Desktop\JRT.txt
2015-07-05 17:41 - 2015-07-05 17:41 - 00003530 _____ C:\Users\tes\Desktop\AdwCleaner[R37].txt
2015-06-19 21:21 - 2015-06-19 21:22 - 00000000 ____D C:\Users\tes\Downloads\AC1
2015-06-17 20:28 - 2015-06-19 22:35 - 00000000 ____D C:\Users\tes\Downloads\AC2
2015-06-17 20:28 - 2015-06-17 20:35 - 00000000 ____D C:\Users\tes\Downloads\ACB
2015-06-14 14:28 - 2015-07-06 18:57 - 00001792 _____ C:\WINDOWS\Sandboxie.ini
2015-06-14 14:28 - 2015-06-15 19:05 - 00001014 _____ C:\Users\tes\Desktop\Sandboxed Web Browser.lnk
2015-06-14 14:27 - 2015-06-14 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-06-14 14:27 - 2015-06-14 14:27 - 00000000 ____D C:\Program Files\Sandboxie
2015-06-10 13:34 - 2015-05-22 16:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 13:34 - 2015-05-21 16:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 13:34 - 2015-04-17 01:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 13:32 - 2015-05-27 17:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 13:32 - 2015-05-27 17:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 13:32 - 2015-05-23 06:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 13:32 - 2015-05-23 06:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 13:32 - 2015-05-23 06:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 13:32 - 2015-05-23 06:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 13:32 - 2015-05-23 06:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 13:32 - 2015-05-23 05:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 13:32 - 2015-05-23 05:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 13:32 - 2015-05-23 05:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 13:32 - 2015-05-23 05:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 13:32 - 2015-05-23 05:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 13:32 - 2015-05-23 05:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 13:32 - 2015-05-23 05:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 13:32 - 2015-05-23 05:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 13:32 - 2015-05-23 05:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 13:32 - 2015-05-23 05:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 13:32 - 2015-05-23 05:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 13:32 - 2015-05-23 05:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 13:32 - 2015-05-23 05:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 13:32 - 2015-05-22 22:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 13:32 - 2015-05-22 22:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 13:32 - 2015-05-22 22:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 13:32 - 2015-05-22 21:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 13:32 - 2015-05-22 21:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 13:32 - 2015-05-22 21:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 13:32 - 2015-05-22 21:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 13:32 - 2015-05-22 21:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 13:32 - 2015-05-22 21:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 13:32 - 2015-05-22 21:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 13:32 - 2015-05-22 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 13:32 - 2015-05-22 21:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 13:32 - 2015-05-22 21:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 13:32 - 2015-05-22 21:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 13:32 - 2015-05-22 21:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 13:32 - 2015-05-22 20:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 13:32 - 2015-05-22 20:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 13:32 - 2015-05-22 20:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 13:32 - 2015-05-22 20:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 13:32 - 2015-05-22 20:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 13:32 - 2015-04-25 05:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 13:32 - 2015-04-25 05:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 13:31 - 2015-05-21 19:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 04:18 - 2015-07-09 20:23 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-10 04:18 - 2015-07-09 04:23 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-10 04:18 - 2015-07-08 00:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-10 04:18 - 2015-06-10 04:18 - 00003874 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-10 04:18 - 2015-06-10 04:18 - 00003638 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-10 04:18 - 2015-06-10 04:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-10 00:18 - 2015-06-10 00:18 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-ASUS-Windows-8.1-Pro-(64-bit).dat
2015-06-10 00:18 - 2015-06-10 00:18 - 00000000 ____D C:\RegBackup
2015-06-10 00:17 - 2015-06-10 00:17 - 02943663 _____ (Thisisu) C:\Users\tes\Desktop\JRT.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-09 21:00 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-09 20:59 - 2014-12-25 01:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1068086532-1582474183-3658225572-1001
2015-07-09 20:55 - 2015-01-21 23:02 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 20:54 - 2015-01-21 23:02 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-09 20:54 - 2015-01-21 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-09 20:54 - 2015-01-21 23:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-09 20:04 - 2015-02-06 20:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-09 19:05 - 2015-01-21 04:17 - 01228176 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-09 16:04 - 2015-02-06 20:36 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-09 05:18 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-09 03:04 - 2015-01-18 04:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-05 19:07 - 2013-08-22 17:46 - 00316307 _____ C:\WINDOWS\setupact.log
2015-07-05 19:07 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-05 17:41 - 2015-01-27 04:12 - 00000000 ____D C:\AdwCleaner
2015-07-05 17:36 - 2015-01-31 18:22 - 11032736 _____ (SurfRight B.V.) C:\Users\tes\Downloads\HitmanPro_x64.exe
2015-07-05 15:01 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 13:08 - 2015-01-18 03:57 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-05 11:49 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-02 01:03 - 2015-01-27 01:58 - 00000000 ____D C:\Users\tes\AppData\Local\Adobe
2015-06-27 17:11 - 2014-12-25 01:53 - 00000000 ____D C:\Users\tes\AppData\Roaming\Adobe
2015-06-20 06:02 - 2014-11-21 19:23 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 06:02 - 2014-11-21 19:23 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 08:42 - 2015-01-21 23:02 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2015-01-21 23:02 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2015-01-21 23:02 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-10 22:35 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-10 19:49 - 2013-08-22 17:44 - 02397808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-10 19:46 - 2015-01-17 05:34 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-10 19:46 - 2014-11-21 19:17 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-10 19:46 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 13:54 - 2015-01-17 05:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 13:52 - 2015-01-17 05:28 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 04:21 - 2014-11-21 11:34 - 00010282 _____ C:\WINDOWS\PFRO.log
2015-06-10 04:18 - 2015-02-01 17:11 - 00000000 ____D C:\Users\tes\AppData\Local\Google
2015-06-10 04:18 - 2015-02-01 17:11 - 00000000 ____D C:\Program Files (x86)\Google

Some files in TEMP:
====================
C:\Users\tes\AppData\Local\Temp\dllnt_dump.dll
C:\Users\tes\AppData\Local\Temp\Quarantine.exe
C:\Users\tes\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\tes\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-05 19:25

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by tes at 2015-07-09 21:03:57
Running from C:\Users\tes\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1068086532-1582474183-3658225572-500 - Administrator - Disabled)
Guest (S-1-5-21-1068086532-1582474183-3658225572-501 - Limited - Disabled)
tes (S-1-5-21-1068086532-1582474183-3658225572-1001 - Administrator - Enabled) => C:\Users\tes

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0035 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.41.50 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
ETDWare PS/2-X64 8.0.5.7_WHQL (HKLM\...\Elantech) (Version: 8.0.5.7 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (9/8/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.77.00(10/24/2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM-x32\...\Samsung M267x 287x Series) (Version: 1.24 (12/18/2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.11 (7/1/2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
Sandboxie 4.18 (64-bit) (HKLM\...\Sandboxie) (Version: 4.18 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.9.0 - Synaptics Incorporated)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.30 - )
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1068086532-1582474183-3658225572-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

19-06-2015 02:59:40 Scheduled Checkpoint
24-06-2015 13:11:14 Windows Update
02-07-2015 16:41:28 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2CE4B0D4-EC2F-4B82-8996-846CE00D7C82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-21] (Piriform Ltd)
Task: {2F9F145D-91D0-448A-AF17-0D4424CB2F1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {3A53EDAB-96BE-4787-BC42-6472AA070904} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {5BD4EC4B-D37A-4DC5-86FD-43AFA260EA7B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {5C593027-1BCC-4C26-A62F-01EC9CFA7E44} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {65AF14EC-6EE1-46A7-9E70-0551EF71FC21} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {6C6FFCD4-3A39-4AC8-A665-4CD1FE7D00F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {9F756E98-ECE3-4013-A524-F6F8D9E234BC} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-21 04:17 - 2015-05-28 07:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-03 10:44 - 2014-12-03 10:44 - 00029184 _____ () C:\WINDOWS\System32\ssa6mlm.dll
2006-12-22 07:31 - 2006-12-22 07:31 - 00108712 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
2015-03-04 20:21 - 2015-03-04 20:21 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-10-04 04:36 - 2015-03-19 21:02 - 00393480 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-06-05 14:11 - 2015-05-23 04:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1068086532-1582474183-3658225572-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
HKU\S-1-5-21-1068086532-1582474183-3658225572-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img9.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AntiLogger"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{4D042631-FE13-40F1-889F-58BC385C4844}] => (Allow) E:\Setup.exe
FirewallRules: [{54CABC33-8C98-44B1-8698-8AE442E65A3F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{18287AA6-B8DE-403A-949C-69774E916E5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{15CDE9A5-B921-4BBA-9DE5-73D87B4EAF4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{390A2E26-67E5-41D4-8B99-15B19D65C638}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{33D9E110-48AF-4F5D-B68A-073B065A3D07}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67EB62FA-B411-4A5C-98CB-009933FF6574}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{11557744-0860-4122-892E-4C72756E2911}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9A6338EE-A017-4964-A93A-135C4B77B3D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9916EBD7-8AEC-40AA-90B8-7CE0D39058E9}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{A29F0B19-AF32-4A56-804A-AB9F0928D625}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{178A8AAE-A98B-451D-891B-EA89922FB231}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{B1344E06-4D5B-4B77-983C-E58D9D7DFE34}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{02975521-DE0A-4480-A6B8-ED8941F2C68D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{24BB2222-EDD0-4AF9-95FC-E74F8AA3BC28}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{92FA1B33-63D4-4A24-BFDB-E33BC04D6763}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{745DFE64-E7D9-44B6-88E7-E7F9B9A1E48B}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{CEF0571C-3BBE-49C3-9582-AFA552DD2A3E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{2572B62D-C104-44CE-8463-0CBA5AA45099}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{9D50A702-25F6-4AC5-B701-F40BAA37CE78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F310B1BB-4D37-4FEC-BBEF-B16CFDEEF509}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{8163FA26-559A-4887-B7EA-2D5A1B2449A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{4B2241AD-1C9A-4375-8BFE-21D9F2B225CC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D11B2D36-501D-4C69-8F2B-727AEF7D1DA4}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{08851C1C-5875-43FA-9D17-23A26C852CD7}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{DE7B5E6B-62FF-49EA-8A55-E316FAC39C44}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{15843D58-E570-49F7-9B70-2787D5AA2B10}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{0FEDB68A-9D0A-4D97-88EA-26023877209E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{E50F8E14-20FE-482D-9B09-4321CCA0CE7F}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{D0FF7958-2BD0-42CB-B1BF-B79F9DF006A3}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{B22677DF-CAE1-4912-980D-A56D03D71209}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{F0F704CC-D1DF-468B-A931-DA7F59633916}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{93B1F31B-977C-4459-A0F9-E28D70202A09}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{638C1F7D-CB8F-4466-8C71-8FD67CBAB6AC}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{2739E4F1-B05E-496E-9955-734F71C2E2F9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{23EDAE7C-05EE-43CF-8A2F-BA9FC37579FE}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{ECF682D2-DD3F-4209-8AC2-8EE8F7F3FFDF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [TCP Query User{EEC1EBF7-C7BF-4F5A-B8DF-CC209AE66E99}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe
FirewallRules: [UDP Query User{974BAF5D-3D3D-46E4-A365-236873C03EBF}C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed revelations\acrpr.exe
FirewallRules: [TCP Query User{1EB82F5D-9068-4E0B-A6BA-6F592AC9B0F4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8EB7F7BF-6DB0-4A9C-B657-8E921B38CAFA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F97E34E1-E651-48DB-9A8B-861561DBC2AE}] => (Allow) C:\Windows\twain_32\Samsung\SLM287X\SCNSearch\USDAgent.exe
FirewallRules: [{485FD4DA-0CBD-4DA7-9DF4-39865DDC9473}] => (Allow) C:\Windows\twain_32\Samsung\SLM287X\SCNSearch\USDAgent.exe
FirewallRules: [{E691E463-D30A-45C5-B902-8A5A49D2184D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{58EAEC98-76D1-41DC-A231-9738B77D2D28}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{ABF1600A-557F-4567-8C9D-B36E91787685}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{B8A6F3AF-0914-4818-92FE-5819BDBD0534}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{2CE1A502-7C4B-4655-97C6-E6DD60E9A60D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{EF5EC81B-D536-47CA-BA3D-09004B62905F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{FFA32700-B9A4-4B06-89EB-BB7F4D53D8E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{9970713E-4EEA-4C52-8B43-22854A49CE51}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{7095FDBC-091B-456E-8858-FEDC5ED75E21}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{D81599F8-F3CE-44A1-89D3-46CDB4A5BB85}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F7DD6CD4-43C9-4087-B220-BFD56AFC46E4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B7C66A2-51D3-4FF9-B813-57527BFB97F1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C46270AA-EEC2-42B3-8B8B-EC1CEE5B33B5}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{A2603DE1-D1B0-4929-A275-E64277792048}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5A50F62A-4929-489C-B9FA-8FCB3AC39798}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{25C1171C-AB96-4EF6-9034-1F66F4D5B0B0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{F7AAD948-E7E4-4649-B84F-39FCD659D014}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2015 08:36:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 38.0.5.5623 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 117c

Start Time: 01d0ad452e6d93aa

Termination Time: 5887

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 81367c2c-1c29-11e5-beba-54a050be1a3a

Faulting package full name:

Faulting package-relative application ID:

Error: (06/25/2015 00:51:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/25/2015 00:51:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f08

Start Time: 01d0af2c7596f46f

Termination Time: 4294967295

Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report Id: bd4df651-1b1f-11e5-beba-54a050be1a3a

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (06/25/2015 00:51:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Asus)
Description: App windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel did not launch within its allotted time.

Error: (06/21/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/21/2015 00:25:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SystemSettings.exe version 6.3.9600.17489 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cb4

Start Time: 01d0ab9fa4aff10a

Termination Time: 4294967295

Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report Id: e9fdd4a4-1792-11e5-beb9-54a050be1a3a

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (06/21/2015 00:25:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Asus)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (06/12/2015 07:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17415, time stamp: 0x545041b7
Exception code: 0xc0000305
Fault offset: 0x000000000000cb1b
Faulting process id: 0x358
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
Faulting package full name: svchost.exe_SysMain4
Faulting package-relative application ID: svchost.exe_SysMain5

Error: (05/31/2015 04:09:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/13/2015 09:43:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACRSP.exe, version: 0.0.0.0, time stamp: 0x4f3a78e5
Faulting module name: ubiorbitapi_r2.dll, version: 6.1.0.4022, time stamp: 0x55477db0
Exception code: 0xc0000005
Fault offset: 0x00015862
Faulting process id: 0x159c
Faulting application start time: 0xACRSP.exe0
Faulting application path: ACRSP.exe1
Faulting module path: ACRSP.exe2
Report Id: ACRSP.exe3
Faulting package full name: ACRSP.exe4
Faulting package-relative application ID: ACRSP.exe5


System errors:
=============
Error: (07/09/2015 01:09:32 PM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/08/2015 09:41:47 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/08/2015 09:41:17 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/07/2015 11:43:40 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/07/2015 11:43:10 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/07/2015 05:28:27 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2015 05:27:33 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/06/2015 05:27:03 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2015 05:16:32 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/06/2015 05:16:02 AM) (Source: DCOM) (EventID: 10010) (User: Asus)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office:
=========================
Error: (06/26/2015 08:36:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe38.0.5.5623117c01d0ad452e6d93aa5887C:\Program Files (x86)\Mozilla Firefox\firefox.exe81367c2c-1c29-11e5-beba-54a050be1a3a

Error: (06/25/2015 00:51:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927142

Error: (06/25/2015 00:51:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.3.9600.174891f0801d0af2c7596f46f4294967295C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exebd4df651-1b1f-11e5-beba-54a050be1a3awindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (06/25/2015 00:51:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Asus)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel

Error: (06/21/2015 00:25:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927142

Error: (06/21/2015 00:25:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SystemSettings.exe6.3.9600.17489cb401d0ab9fa4aff10a4294967295C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exee9fdd4a4-1792-11e5-beb9-54a050be1a3awindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (06/21/2015 00:25:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Asus)
Description: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel

Error: (06/12/2015 07:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.3.9600.1741554504177sysmain.dll6.3.9600.17415545041b7c0000305000000000000cb1b35801d0a39d78a96971C:\WINDOWS\System32\svchost.exec:\windows\system32\sysmain.dll58405178-111e-11e5-beb7-54a050be1a3a

Error: (05/31/2015 04:09:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Asus)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927141

Error: (05/13/2015 09:43:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACRSP.exe0.0.0.04f3a78e5ubiorbitapi_r2.dll6.1.0.402255477db0c000000500015862159c01d08d70541cbdeeC:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exeC:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dllf2945da6-f99f-11e4-bea3-54a050be1a3a


CodeIntegrity Errors:
===================================
  Date: 2015-07-05 21:06:45.035
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:06:44.879
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:06:44.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 21:06:44.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 19:27:32.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-05 12:59:53.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-02 15:49:32.200
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 15:21:24.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-27 05:14:58.836
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-23 03:15:08.559
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200H CPU @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 3979.03 MB
Available physical RAM: 2044.52 MB
Total Virtual: 5259.03 MB
Available Virtual: 3078.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:171.84 GB) (Free:114.87 GB) NTFS
Drive d: () (Fixed) (Total:292.97 GB) (Free:292.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================


Edited by Lorelai001, 09 July 2015 - 03:33 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 10 July 2015 - 08:02 AM

Your logs are clean.
If you still have issues with this computer you can run this tool. Your call.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 15 July 2015 - 08:00 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:50 AM

Posted 21 July 2015 - 08:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users