Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various popups, redirects, and other annoyances. FSRT logs attached


  • This topic is locked This topic is locked
17 replies to this topic

#1 Krahn

Krahn

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 July 2015 - 09:40 PM

Been dealing with this for a few weeks and every time I think it's fixed, the problem resurfaces a week later. Would appreciate some help.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 21 July 2015 - 11:03 AM

Hello Krahn,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 21 July 2015 - 11:14 AM

Hi Cody,

 

Sounds good, after reading through your points. Very appreciative of your help today. Please let me know what to do next when you have time.



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 22 July 2015 - 08:32 AM

Hello Krahn,

Please read over and do the following.  :)
 
=================================================
 
goGMWSt.gifP2P Warning

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent & BitTorrent). I advise you avoid P2P file sharing programs; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programs. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned program(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the program(s) during this process.
 
=================================================

Note: Before continuing, you are running FRST.exe from a location other than your desktop. You will need to move it to your desktop for the following directions to work.

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-177138024-3998404578-2929153981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=================================================

AdwCleaner by Xplode - Scan for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • A logfile should automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt if needed.

=================================================

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

=================================================

 

Lastly, your logs indicate you have a development build of Google Chrome installed. Was that intentional?

 

=================================================

What I'd like to see in your next post:   :thumbsup2:

  • Fixlog.txt
  • AdwCleaner[R1].txt
  • Fresh FRST.txt
  • Chrome dev build?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#5 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 July 2015 - 11:09 AM

Hi Cody,

 

Thanks for the reply. I've followed the steps you mentioned above. Here is the data you requested:

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015

Ran by Jon at 2015-07-22 08:58:32 Run:1
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-177138024-3998404578-2929153981-1000 -> No Name - {2318C2B1-4965-11D4-9B18-
 
009027A5CD4F} - No File
*****************
 
"ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" => value data not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Toolbar
 
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
 
==== End of Fixlog 08:58:33 ====
 
 
AdwCleaner.txt
 
# AdwCleaner v4.208 - Logfile created 22/07/2015 at 08:59:48
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jon - JON-PC
# Running from : C:\Users\Jon\Downloads\adwcleaner_4.208.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxps_inst.shoppingate.info_0.localstorage
File Found : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage
 
\hxxps_inst.shoppingate.info_0.localstorage-journal
Folder Found : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\Extensions
 
\I@QRxTxcs.org
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
[x80v71az.default] - Line Found : user_pref("extensions.Q03bgM0Txa3X9DNU.scode", "(function(){try{if
 
(window.location.href.indexOf(\"pds9qTY4qHa9rHwEpjk6qHs4\")>-1){return;}}catch(e){}try{var d=
 
[[\"www.ewoss.com\",\"livewebcams.xyz\",\[...]
[x80v71az.default] - Line Found : user_pref("extensions.lENbB4inzXV1XW7d.scode", "(function(){try{if
 
(window.location.href.indexOf(\"pds9qTY4qHa9rHwEpjk6qHs4\")>-1){return;}}catch(e){}try{var d=
 
[[\"www.ewoss.com\",\"livewebcams.xyz\",\[...]
 
-\\ Google Chrome v44.0.2403.89
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [9875 bytes] - [13/07/2015 20:47:52]
AdwCleaner[R1].txt - [3337 bytes] - [20/07/2015 21:07:20]
AdwCleaner[R2].txt - [1609 bytes] - [20/07/2015 21:25:45]
AdwCleaner[R3].txt - [1715 bytes] - [22/07/2015 08:59:48]
AdwCleaner[S0].txt - [9117 bytes] - [13/07/2015 20:56:38]
AdwCleaner[S1].txt - [3423 bytes] - [20/07/2015 21:10:36]
AdwCleaner[S2].txt - [1681 bytes] - [20/07/2015 21:26:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1951 bytes] ##########
 
 
FRST
 
Please see attached
 
Chrome Dev Build
 
I wasn't aware that I was using the Dev build. It wasn't intentional. By coincidence, last night I re-installed Chrome because of understandably weird behavior.
 
 
 
Thanks again for your help!

Attached Files

  • Attached File  FRST.txt   28.84KB   3 downloads


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 22 July 2015 - 01:14 PM

Hi Krahn,

 

if you would please copy and paste all logs unless requested otherwise (i.e. do not attach). :)

 

I will take a look at these and get back to you as soon as possible.


Edited by TheShooter93, 22 July 2015 - 01:15 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 22 July 2015 - 03:53 PM

Hi Krahn,

Thanks for the logs. Please do the following.  :)

AdwCleaner by Xplode - Delete Adware

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

==================================================

Malwarebytes Antimalware

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, remove the checkmark next to Enable free trial of Malwarebytes Anti-Malware Premium and keep the checkmark next to Launch Malwarebytes Anti-Malware, then clickFinish.
  • Once launched it will automatically scan for updates. If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the Scan tab at the top.
  • Select Threat Scan and click Scan Now >>.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

==================================================

Download Google Chrome

To verify you aren't using a dev build of Google Chrome, let's do the following.

First, please uninstall Google Chrome through Programs and Features. You just need to uninstall the application - no need to remove bookmarks, browsing history, etc.

Then visit https://www.google.com/chrome/browser/desktop/index.html to download the latest version of Google Chrome.

==================================================

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

==================================================

 

Are you familiar with either of the following items?

  • Bidaily Synchronize Task
  • ProMeditate

==================================================
 

What I'd like to see in your next post:   :thumbsup2:

  • AdwCleaner[S1].txt
  • MBAM log
  • Latest version of Chrome installed?
  • FRST.txt
  • Familiar with items?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#8 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 22 July 2015 - 06:17 PM

Hi Cody,

 

I've pasted the results below. Please know that I have never heard of the two terms you mentioned. Following are the scan results: 

 

 

ADWCleaner
 
# AdwCleaner v4.208 - Logfile created 22/07/2015 at 16:00:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jon - Jon-PC
# Running from : C:\Users\Jon\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\Extensions\I@QRxTxcs.org
File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
[x80v71az.default\prefs.js] - Line Deleted : user_pref("extensions.Q03bgM0Txa3X9DNU.scode", "(function(){try{if(window.location.href.indexOf(\"pds9qTY4qHa9rHwEpjk6qHs4\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\",\[...]
[x80v71az.default\prefs.js] - Line Deleted : user_pref("extensions.lENbB4inzXV1XW7d.scode", "(function(){try{if(window.location.href.indexOf(\"pds9qTY4qHa9rHwEpjk6qHs4\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\",\[...]
 
-\\ Google Chrome v44.0.2403.89
 
[C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [9875 bytes] - [13/07/2015 20:47:52]
AdwCleaner[R1].txt - [3337 bytes] - [20/07/2015 21:07:20]
AdwCleaner[R2].txt - [1609 bytes] - [20/07/2015 21:25:45]
AdwCleaner[R3].txt - [2030 bytes] - [22/07/2015 08:59:48]
AdwCleaner[R4].txt - [2375 bytes] - [22/07/2015 16:00:11]
AdwCleaner[S0].txt - [9117 bytes] - [13/07/2015 20:56:38]
AdwCleaner[S1].txt - [3423 bytes] - [20/07/2015 21:10:36]
AdwCleaner[S2].txt - [1681 bytes] - [20/07/2015 21:26:40]
AdwCleaner[S3].txt - [2332 bytes] - [22/07/2015 16:00:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2391  bytes] ##########
 
 
Malware Scan
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/22/2015
Scan Time: 4:03 PM
Logfile: malware scan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.07.22.07
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355198
Time Elapsed: 8 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.WordShark.A, HKLM\SOFTWARE\WOW6432NODE\WordShark_1.10.0.20, Quarantined, [448b489ca0ea3303047dd1c84cb8847c], 
PUP.Optional.WordShark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsfd_vt_1_10_0_20, Quarantined, [e6e9ca1a54367cba392a6b324bb915eb], 
PUP.Optional.Spigot.A, HKU\S-1-5-21-177138024-3998404578-2929153981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{43E40B4D-3DBA-4D36-A6EE-39AF65CF0ABE}, Quarantined, [527d63812a60270f9dcfb7561be8669a], 
 
Registry Values: 2
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wsfd_vt_1_10_0_20|ImagePath, system32\drivers\wsfd_vt_1_10_0_20.sys, Quarantined, [21aeac38dcae37ff85071489e51f6997]
PUP.Optional.Spigot.A, HKU\S-1-5-21-177138024-3998404578-2929153981-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{43E40B4D-3DBA-4D36-A6EE-39AF65CF0ABE}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}, Quarantined, [527d63812a60270f9dcfb7561be8669a]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu\content, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug, C:\ProgramData\mjeldomniknmfelmkkodlbpfmmnljefa, Quarantined, [c10e21c3d7b36bcb07e2bad50ff5a35d], 
 
Files: 11
Trojan.Agent.SBP, C:\Program Files (x86)\Movavi Video Converter 14\Patch .exe, Quarantined, [88477b6997f31b1b7822ca6b43bd20e0], 
PUP.Optional.Multiplug.A, C:\Program Files (x86)\FSymbols Stickers for Facebook\FSymbols Stickers for Facebook.exe, Quarantined, [23ac02e2404a112583702672857c7f81], 
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu\content\bg.js, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu\bootstrap.js, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu\chrome.manifest, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default\extensions\Gr@a4MTM75.edu\install.rdf, Quarantined, [6e611ec65f2b57dfd6d63856d430fb05], 
PUP.Optional.MultiPlug, C:\ProgramData\mjeldomniknmfelmkkodlbpfmmnljefa\lsdb.js, Quarantined, [c10e21c3d7b36bcb07e2bad50ff5a35d], 
PUP.Optional.MultiPlug, C:\ProgramData\mjeldomniknmfelmkkodlbpfmmnljefa\blF9FENv.js, Quarantined, [c10e21c3d7b36bcb07e2bad50ff5a35d], 
PUP.Optional.MultiPlug, C:\ProgramData\mjeldomniknmfelmkkodlbpfmmnljefa\content.js, Quarantined, [c10e21c3d7b36bcb07e2bad50ff5a35d], 
PUP.Optional.Multiplug.A, C:\Windows\System32\Tasks\Bidaily Synchronize Task[pr], Quarantined, [329d8c589feb94a2c718eca831d3c937], 
PUP.Optional.Multiplug.A, C:\Windows\Tasks\Bidaily Synchronize Task[pr].job, Quarantined, [d6f96c78e6a4f244a53bc7cdca3ad729], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Jon (administrator) on Jon-PC on 22-07-2015 16:14:31
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
() C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Users\Jon\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-177138024-3998404578-2929153981-1000 -> {2284D199-8172-4B4F-AB35-927352720F0C} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{517D1681-32F5-43D3-B993-03A0F0FF6630}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7571A680-5239-4EC5-BC66-BC2C2D7474E1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ADC549A0-37EF-41D5-906D-61C0D7A8EA60}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F4ECE58C-80B7-410B-A362-7A3CBD6E0EA0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-09-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-177138024-3998404578-2929153981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-14] ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-12-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DHC - REST/HTTP API Client) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2015-07-21]
CHR Extension: (AdBlock) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-04] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736872 2015-03-18] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13057024 2015-05-05] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
S4 Tomcat7; C:\apache-tomcat-7.0.62\bin\tomcat7.exe [109696 2015-05-07] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-03] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-11-09] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 16:13 - 2015-07-22 16:14 - 00004101 _____ C:\Users\Jon\Desktop\malware scan.txt
2015-07-22 16:03 - 2015-07-22 16:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 16:02 - 2015-07-22 16:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jon\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-22 16:02 - 2015-07-22 16:02 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-22 16:01 - 2015-07-22 16:14 - 00006606 _____ C:\Users\Jon\Desktop\reply 2.txt
2015-07-22 09:06 - 2015-07-22 09:06 - 00069898 _____ C:\Users\Jon\Desktop\Addition.txt
2015-07-22 09:05 - 2015-07-22 16:14 - 00013523 _____ C:\Users\Jon\Desktop\FRST.txt
2015-07-22 08:59 - 2015-07-22 09:05 - 00000000 ____D C:\Users\Jon\Desktop\Reply
2015-07-22 08:59 - 2015-07-22 08:59 - 02135552 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2015-07-22 08:55 - 2015-07-22 08:55 - 02135552 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-07-21 19:47 - 2015-07-22 16:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 19:47 - 2015-07-21 19:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 19:47 - 2015-07-21 19:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-21 19:47 - 2015-07-21 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 19:47 - 2015-07-21 19:49 - 00000000 ____D C:\Program Files (x86)\GUM3A88.tmp
2015-07-21 19:47 - 2015-07-21 19:47 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 19:47 - 2015-07-21 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 21:28 - 2015-07-20 21:28 - 00000000 ____D C:\SUPERDelete
2015-07-20 21:06 - 2015-07-20 21:06 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (2).exe
2015-07-20 19:37 - 2015-07-20 19:37 - 00000000 ____D C:\Users\Jon\Desktop\FSRT
2015-07-20 19:35 - 2015-07-22 16:14 - 00000000 ____D C:\FRST
2015-07-20 18:41 - 2015-07-20 18:42 - 00000093 _____ C:\Users\Jon\Desktop\dentists.txt
2015-07-20 08:21 - 2015-07-20 08:21 - 00400899 _____ C:\Users\Jon\Downloads\EW11_M17.rar
2015-07-14 07:45 - 2015-07-14 07:45 - 00010200 _____ C:\Users\Jon\Documents\Uninstall STAR WARS The Old Republic.log
2015-07-13 20:47 - 2015-07-22 16:00 - 00000000 ____D C:\AdwCleaner
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208.exe
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (1).exe
2015-07-13 19:30 - 2015-07-13 19:30 - 00231004 _____ C:\Users\Jon\Downloads\REVIEW_GUIDE.zip
2015-07-13 18:46 - 2015-07-20 22:11 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-07-12 12:45 - 2015-07-22 12:45 - 00000350 _____ C:\Windows\Tasks\AccountGen.job
2015-07-12 12:45 - 2015-07-12 12:45 - 00003258 _____ C:\Windows\System32\Tasks\AccountGen
2015-07-12 00:33 - 2015-07-12 00:33 - 00001156 _____ C:\Users\Public\Desktop\Movavi Video Converter 14.lnk
2015-07-12 00:33 - 2015-07-12 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-22 16:11 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-12 00:32 - 00000000 ____D C:\Movavi Video Converter 14.3.0
2015-07-12 00:31 - 2015-07-12 00:32 - 31684178 ____R C:\Users\Jon\Downloads\Movavi Video Converter 14.3.0.zip
2015-07-12 00:29 - 2015-07-12 00:33 - 00000000 ____D C:\Users\Jon\AppData\Local\Movavi
2015-07-12 00:29 - 2015-07-12 00:29 - 00000000 ____D C:\ProgramData\Movavi
2015-07-12 00:28 - 2015-07-12 00:28 - 00000000 ____D C:\ProgramData\Movavi Video Converter 15
2015-07-11 23:47 - 2015-07-11 23:47 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-11 18:24 - 2015-07-11 18:24 - 00001460 _____ C:\Users\Jon\AppData\Local\recently-used.xbel
2015-07-11 17:46 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\AppData\Local\gtk-2.0
2015-07-11 17:46 - 2015-07-11 17:46 - 00000000 ____D C:\Users\Jon\.thumbnails
2015-07-11 17:31 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\.gimp-2.8
2015-07-11 17:31 - 2015-07-11 17:31 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-07-11 17:31 - 2015-07-11 17:31 - 00000000 ____D C:\Users\Jon\AppData\Local\gegl-0.2
2015-07-11 17:30 - 2015-07-11 17:31 - 00000000 ____D C:\Program Files\GIMP 2
2015-07-11 17:30 - 2015-07-11 17:30 - 91931728 _____ (The GIMP Team ) C:\Users\Jon\Downloads\gimp-2.8.14-setup-1.exe
2015-07-11 17:28 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-11 17:27 - 2015-07-11 17:27 - 00000000 ____D C:\Photoshop
2015-07-11 17:26 - 2015-07-11 17:26 - 00000000 ____D C:\Users\Jon\Downloads\Adobe Photoshop 7.0 with serial
2015-07-11 17:24 - 2015-07-11 17:27 - 00000000 ____D C:\Users\Jon\Downloads\Enemy (2013) [1080p]
2015-07-11 16:13 - 2015-07-11 16:21 - 00000000 ____D C:\Images
2015-07-11 16:03 - 2015-07-11 16:03 - 00000782 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-07-10 22:48 - 2015-07-10 22:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-10 22:48 - 2015-07-10 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-10 12:45 - 2015-07-22 12:45 - 00000350 _____ C:\Windows\Tasks\ProMeditate.job
2015-07-10 12:45 - 2015-07-10 12:45 - 00003258 _____ C:\Windows\System32\Tasks\ProMeditate
2015-07-05 10:42 - 2015-07-05 13:25 - 00000000 ____D C:\Users\Jon\Desktop\Images
2015-06-28 23:47 - 2015-06-16 23:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-28 23:43 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-28 23:39 - 2015-05-18 20:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-28 23:39 - 2015-05-18 20:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-27 14:36 - 2015-07-21 21:12 - 00000000 ____D C:\Users\Jon\Documents\The Witcher 3
2015-06-26 12:19 - 2015-06-26 12:19 - 00000165 ____H C:\Users\Jon\Documents\~$CareerPlan.xlsx
2015-06-25 19:42 - 2015-06-25 19:42 - 00931408 _____ (Google Inc.) C:\Users\Jon\Downloads\ChromeSetup.exe
2015-06-25 19:41 - 2015-07-13 20:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 19:41 - 2015-06-25 19:41 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Users\Jon\AppData\Local\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 19:40 - 2015-06-25 19:40 - 00243408 _____ C:\Users\Jon\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-25 12:45 - 2015-06-25 19:37 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Bold Brood
2015-06-22 19:20 - 2015-06-22 19:20 - 00000000 ____D C:\Users\Jon\Documents\Wizards of the Coast
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 16:12 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-22 16:12 - 2013-11-03 09:41 - 00189228 _____ C:\Windows\PFRO.log
2015-07-22 16:12 - 2013-11-03 09:20 - 01728609 _____ C:\Windows\WindowsUpdate.log
2015-07-22 16:12 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 16:12 - 2009-07-13 21:51 - 00061439 _____ C:\Windows\setupact.log
2015-07-22 16:11 - 2015-05-25 12:47 - 00000000 ____D C:\Program Files (x86)\FSymbols Stickers for Facebook
2015-07-22 16:09 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 16:09 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 16:07 - 2009-07-13 22:13 - 00787510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-22 15:59 - 2014-10-22 17:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2015-07-21 22:41 - 2013-11-03 18:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-21 22:39 - 2013-11-03 18:54 - 00000000 ____D C:\ProgramData\Skype
2015-07-21 19:47 - 2013-11-03 09:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 19:56 - 2013-11-03 09:20 - 00000000 ____D C:\Users\Jon
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.16.3 Build 1604 (64-bit)
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\Perl64
2015-07-20 19:55 - 2013-11-03 09:35 - 00000000 ___HD C:\SuperChargerProfile
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-20 18:44 - 2015-06-09 10:57 - 00000024 _____ C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2015-07-14 07:45 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-12 14:57 - 2015-06-13 16:45 - 00011069 _____ C:\Users\Jon\Documents\CareerPlan.xlsx
2015-07-12 07:48 - 2013-11-03 19:00 - 00000000 ____D C:\Program Files\PeerBlock
2015-07-12 00:32 - 2014-04-27 13:36 - 00000000 ____D C:\Users\Jon\AppData\Roaming\BitTorrent
2015-07-12 00:28 - 2013-11-05 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\vlc
2015-07-06 22:39 - 2014-11-22 18:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-05 20:19 - 2013-11-04 14:07 - 00000000 ____D C:\Users\Jon\AppData\Local\Eclipse
2015-07-05 10:10 - 2015-05-23 22:21 - 00000000 ____D C:\Program Files\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\Program Files (x86)\MySQL
2015-06-28 23:48 - 2013-11-04 12:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-28 23:48 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 14:20 - 2013-11-03 19:33 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
2015-06-25 19:37 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-25 19:37 - 2015-04-18 12:46 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-25 19:37 - 2014-04-18 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Nation of Wind
2015-06-24 04:36 - 2014-08-06 22:31 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 04:36 - 2014-08-06 22:31 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-24 04:36 - 2013-11-04 12:16 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 04:36 - 2013-11-04 12:16 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-23 13:30 - 2013-11-03 18:58 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 19:20 - 2013-11-03 19:21 - 00445791 _____ C:\Windows\DirectX.log
 
==================== Files in the root of some directories =======
 
2015-06-09 10:57 - 2015-07-20 18:44 - 0000024 _____ () C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2014-06-07 20:03 - 2014-06-07 20:03 - 0000600 _____ () C:\Users\Jon\AppData\Roaming\winscp.rnd
2015-07-11 18:24 - 2015-07-11 18:24 - 0001460 _____ () C:\Users\Jon\AppData\Local\recently-used.xbel
2013-11-05 22:57 - 2014-01-05 15:03 - 0007605 _____ () C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
2015-05-29 23:34 - 2015-05-29 23:34 - 0000000 _____ () C:\Users\Jon\AppData\Local\Temp.dat
 
Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 00:13
 
==================== End of log ============================
 
 
I'll be re-installing Chrome directly now.
 
Thanks for your help so far!


#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 23 July 2015 - 12:21 PM

Hello Krahn,

 

Please do the following. :)

 

===================================================

ESET Online Scanner

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif 

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
C:\Windows\Tasks\ProMeditate.job
C:\Windows\System32\Tasks\ProMeditate
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

===================================================

Lastly, what symptoms remain (if any)?

If none, please remember that a lack of symptoms does not mean a clean computer. We still have a bit of work remaining.

===================================================

What I'd like to see in your next post:   :thumbsup2:

  • ESET log
  • Fixlog.txt
  • FRST.txt
  • Symptoms?

Edited by TheShooter93, 23 July 2015 - 12:22 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#10 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 24 July 2015 - 12:11 AM

Hi Cody,

 

I ran ESET as instructed and it uninstalled some 18 programs, but did not generate a log file in the location mentioned above.

 

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Jon at 2015-07-23 22:08:49 Run:2
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
C:\Windows\Tasks\ProMeditate.job
C:\Windows\System32\Tasks\ProMeditate
*****************
 
"ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" => value data not found.
C:\Windows\Tasks\ProMeditate.job => moved successfully.
C:\Windows\System32\Tasks\ProMeditate => moved successfully.
 
==== End of Fixlog 22:08:49 ====
 
 
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Jon (administrator) on Jon-PC on 23-07-2015 22:10:12
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Psyonix, Inc) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
AppInit_DLLs-x32: ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ => "ȅ慖卤뵀उ঱ࠃڰ㻀߃ᲀ" File not found
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-177138024-3998404578-2929153981-1000 -> {2284D199-8172-4B4F-AB35-927352720F0C} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{517D1681-32F5-43D3-B993-03A0F0FF6630}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7571A680-5239-4EC5-BC66-BC2C2D7474E1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ADC549A0-37EF-41D5-906D-61C0D7A8EA60}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F4ECE58C-80B7-410B-A362-7A3CBD6E0EA0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-09-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-177138024-3998404578-2929153981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-14] ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-12-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DHC - REST/HTTP API Client) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2015-07-21]
CHR Extension: (AdBlock) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-04] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736872 2015-03-18] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13057024 2015-05-05] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
S4 Tomcat7; C:\apache-tomcat-7.0.62\bin\tomcat7.exe [109696 2015-05-07] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-03] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-11-09] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 20:28 - 2015-07-23 20:28 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-23 20:24 - 2015-07-23 20:27 - 02870984 _____ (ESET) C:\Users\Jon\Desktop\esetsmartinstaller_enu.exe
2015-07-22 16:22 - 2015-07-22 16:22 - 00000000 ____D C:\Users\Jon\AppData\Local\CEF
2015-07-22 16:18 - 2015-07-22 16:18 - 00931408 _____ (Google Inc.) C:\Users\Jon\Downloads\ChromeSetup (1).exe
2015-07-22 16:13 - 2015-07-22 16:14 - 00004101 _____ C:\Users\Jon\Desktop\malware scan.txt
2015-07-22 16:03 - 2015-07-22 16:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 16:02 - 2015-07-22 16:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jon\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-22 16:02 - 2015-07-22 16:02 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-22 16:01 - 2015-07-22 16:15 - 00037485 _____ C:\Users\Jon\Desktop\reply 2.txt
2015-07-22 09:06 - 2015-07-22 09:06 - 00069898 _____ C:\Users\Jon\Desktop\Addition.txt
2015-07-22 09:05 - 2015-07-23 22:10 - 00013645 _____ C:\Users\Jon\Desktop\FRST.txt
2015-07-22 08:59 - 2015-07-22 09:05 - 00000000 ____D C:\Users\Jon\Desktop\Reply
2015-07-22 08:59 - 2015-07-22 08:59 - 02135552 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2015-07-22 08:55 - 2015-07-22 08:55 - 02135552 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-07-21 19:47 - 2015-07-23 20:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 19:47 - 2015-07-21 19:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 19:47 - 2015-07-21 19:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-21 19:47 - 2015-07-21 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 19:47 - 2015-07-21 19:49 - 00000000 ____D C:\Program Files (x86)\GUM3A88.tmp
2015-07-21 19:47 - 2015-07-21 19:47 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 19:47 - 2015-07-21 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 21:28 - 2015-07-20 21:28 - 00000000 ____D C:\SUPERDelete
2015-07-20 21:06 - 2015-07-20 21:06 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (2).exe
2015-07-20 19:37 - 2015-07-20 19:37 - 00000000 ____D C:\Users\Jon\Desktop\FSRT
2015-07-20 19:35 - 2015-07-23 22:10 - 00000000 ____D C:\FRST
2015-07-20 18:41 - 2015-07-20 18:42 - 00000093 _____ C:\Users\Jon\Desktop\dentists.txt
2015-07-20 08:21 - 2015-07-20 08:21 - 00400899 _____ C:\Users\Jon\Downloads\EW11_M17.rar
2015-07-14 07:45 - 2015-07-14 07:45 - 00010200 _____ C:\Users\Jon\Documents\Uninstall STAR WARS The Old Republic.log
2015-07-13 20:47 - 2015-07-22 16:00 - 00000000 ____D C:\AdwCleaner
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208.exe
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (1).exe
2015-07-13 19:30 - 2015-07-13 19:30 - 00231004 _____ C:\Users\Jon\Downloads\REVIEW_GUIDE.zip
2015-07-13 18:46 - 2015-07-20 22:11 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-07-12 12:45 - 2015-07-23 18:45 - 00000350 _____ C:\Windows\Tasks\AccountGen.job
2015-07-12 12:45 - 2015-07-12 12:45 - 00003258 _____ C:\Windows\System32\Tasks\AccountGen
2015-07-12 00:33 - 2015-07-12 00:33 - 00001156 _____ C:\Users\Public\Desktop\Movavi Video Converter 14.lnk
2015-07-12 00:33 - 2015-07-12 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-22 16:11 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-12 00:32 - 00000000 ____D C:\Movavi Video Converter 14.3.0
2015-07-12 00:31 - 2015-07-12 00:32 - 31684178 ____R C:\Users\Jon\Downloads\Movavi Video Converter 14.3.0.zip
2015-07-12 00:29 - 2015-07-12 00:33 - 00000000 ____D C:\Users\Jon\AppData\Local\Movavi
2015-07-12 00:29 - 2015-07-12 00:29 - 00000000 ____D C:\ProgramData\Movavi
2015-07-12 00:28 - 2015-07-12 00:28 - 00000000 ____D C:\ProgramData\Movavi Video Converter 15
2015-07-11 23:47 - 2015-07-11 23:47 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-11 18:24 - 2015-07-11 18:24 - 00001460 _____ C:\Users\Jon\AppData\Local\recently-used.xbel
2015-07-11 17:46 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\AppData\Local\gtk-2.0
2015-07-11 17:46 - 2015-07-11 17:46 - 00000000 ____D C:\Users\Jon\.thumbnails
2015-07-11 17:31 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\.gimp-2.8
2015-07-11 17:31 - 2015-07-11 17:31 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-07-11 17:31 - 2015-07-11 17:31 - 00000000 ____D C:\Users\Jon\AppData\Local\gegl-0.2
2015-07-11 17:30 - 2015-07-11 17:31 - 00000000 ____D C:\Program Files\GIMP 2
2015-07-11 17:30 - 2015-07-11 17:30 - 91931728 _____ (The GIMP Team ) C:\Users\Jon\Downloads\gimp-2.8.14-setup-1.exe
2015-07-11 17:28 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-11 17:27 - 2015-07-11 17:27 - 00000000 ____D C:\Photoshop
2015-07-11 17:26 - 2015-07-11 17:26 - 00000000 ____D C:\Users\Jon\Downloads\Adobe Photoshop 7.0 with serial
2015-07-11 17:24 - 2015-07-11 17:27 - 00000000 ____D C:\Users\Jon\Downloads\Enemy (2013) [1080p]
2015-07-11 16:13 - 2015-07-11 16:21 - 00000000 ____D C:\Images
2015-07-11 16:03 - 2015-07-11 16:03 - 00000782 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-07-10 22:48 - 2015-07-10 22:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-10 22:48 - 2015-07-10 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-05 10:42 - 2015-07-05 13:25 - 00000000 ____D C:\Users\Jon\Desktop\Images
2015-06-28 23:47 - 2015-06-16 23:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-28 23:43 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-28 23:39 - 2015-05-18 20:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-28 23:39 - 2015-05-18 20:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-27 14:36 - 2015-07-21 21:12 - 00000000 ____D C:\Users\Jon\Documents\The Witcher 3
2015-06-26 12:19 - 2015-06-26 12:19 - 00000165 ____H C:\Users\Jon\Documents\~$CareerPlan.xlsx
2015-06-25 19:42 - 2015-06-25 19:42 - 00931408 _____ (Google Inc.) C:\Users\Jon\Downloads\ChromeSetup.exe
2015-06-25 19:41 - 2015-07-13 20:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-25 19:41 - 2015-06-25 19:41 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Users\Jon\AppData\Local\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\ProgramData\Mozilla
2015-06-25 19:41 - 2015-06-25 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-25 19:40 - 2015-06-25 19:40 - 00243408 _____ C:\Users\Jon\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-25 12:45 - 2015-06-25 19:37 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Bold Brood
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-23 22:07 - 2013-11-03 18:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-23 19:59 - 2013-11-03 09:20 - 01755508 _____ C:\Windows\WindowsUpdate.log
2015-07-23 16:27 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 16:27 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-22 16:18 - 2009-07-13 22:13 - 00787510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-22 16:12 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-22 16:12 - 2013-11-03 09:41 - 00189228 _____ C:\Windows\PFRO.log
2015-07-22 16:12 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 16:12 - 2009-07-13 21:51 - 00061439 _____ C:\Windows\setupact.log
2015-07-22 16:11 - 2015-05-25 12:47 - 00000000 ____D C:\Program Files (x86)\FSymbols Stickers for Facebook
2015-07-22 15:59 - 2014-10-22 17:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2015-07-21 22:39 - 2013-11-03 18:54 - 00000000 ____D C:\ProgramData\Skype
2015-07-21 19:47 - 2013-11-03 09:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 19:56 - 2013-11-03 09:20 - 00000000 ____D C:\Users\Jon
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.16.3 Build 1604 (64-bit)
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\Perl64
2015-07-20 19:55 - 2013-11-03 09:35 - 00000000 ___HD C:\SuperChargerProfile
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-20 18:44 - 2015-06-09 10:57 - 00000024 _____ C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2015-07-14 07:45 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-12 14:57 - 2015-06-13 16:45 - 00011069 _____ C:\Users\Jon\Documents\CareerPlan.xlsx
2015-07-12 07:48 - 2013-11-03 19:00 - 00000000 ____D C:\Program Files\PeerBlock
2015-07-12 00:32 - 2014-04-27 13:36 - 00000000 ____D C:\Users\Jon\AppData\Roaming\BitTorrent
2015-07-12 00:28 - 2013-11-05 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\vlc
2015-07-06 22:39 - 2014-11-22 18:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-05 20:19 - 2013-11-04 14:07 - 00000000 ____D C:\Users\Jon\AppData\Local\Eclipse
2015-07-05 10:10 - 2015-05-23 22:21 - 00000000 ____D C:\Program Files\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\Program Files (x86)\MySQL
2015-06-28 23:48 - 2013-11-04 12:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-28 23:48 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 14:20 - 2013-11-03 19:33 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
2015-06-25 19:37 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-25 19:37 - 2015-04-18 12:46 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-25 19:37 - 2014-04-18 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Nation of Wind
2015-06-24 04:36 - 2014-08-06 22:31 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-06-24 04:36 - 2014-08-06 22:31 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-06-24 04:36 - 2013-11-04 12:16 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-06-24 04:36 - 2013-11-04 12:16 - 01320120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-06-23 13:30 - 2013-11-03 18:58 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2015-06-09 10:57 - 2015-07-20 18:44 - 0000024 _____ () C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2014-06-07 20:03 - 2014-06-07 20:03 - 0000600 _____ () C:\Users\Jon\AppData\Roaming\winscp.rnd
2015-07-11 18:24 - 2015-07-11 18:24 - 0001460 _____ () C:\Users\Jon\AppData\Local\recently-used.xbel
2013-11-05 22:57 - 2014-01-05 15:03 - 0007605 _____ () C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
2015-05-29 23:34 - 2015-05-29 23:34 - 0000000 _____ () C:\Users\Jon\AppData\Local\Temp.dat
 
Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 00:44
 
==================== End of log ============================
 
 
 
I am not noticing any symptoms so far, which is encouraging. Again just want to thank you for your help!


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 26 July 2015 - 09:48 PM

Hi Krahn,

 

I apologize for the delay in getting back to you.

 

Part of the script that we last ran failed and I am in the process of getting it to work. I will post with our next steps soon.

 

Glad to hear your system is running better. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#12 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 26 July 2015 - 11:44 PM

No problem, take your time :)



#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 27 July 2015 - 01:10 PM

Hello Krahn,

 

Please do the following two things. :)

 

===============================

 

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===============================

 

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#14 Krahn

Krahn
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 27 July 2015 - 10:32 PM

Hi Cody,

 

Here are the results of the above:

 

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015

Ran by Jon at 2015-07-27 20:30:16 Run:3
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f
*****************
 
 
========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows" /v AppInit_DLLs /t REG_SZ /d "" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 20:30:16 ====
 
 
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015
Ran by Jon (administrator) on Jon-PC (27-07-2015 20:30:42)
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-177138024-3998404578-2929153981-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-177138024-3998404578-2929153981-1000 -> {2284D199-8172-4B4F-AB35-927352720F0C} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{517D1681-32F5-43D3-B993-03A0F0FF6630}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{7571A680-5239-4EC5-BC66-BC2C2D7474E1}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ADC549A0-37EF-41D5-906D-61C0D7A8EA60}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F4ECE58C-80B7-410B-A362-7A3CBD6E0EA0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\x80v71az.default
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-09-01] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-12-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-177138024-3998404578-2929153981-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-06-14] ()
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-12-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DHC - REST/HTTP API Client) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2015-07-21]
CHR Extension: (AdBlock) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-04] (BitRaider, LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1736872 2015-03-18] (Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13057024 2015-05-05] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-24] (Electronic Arts)
S4 Tomcat7; C:\apache-tomcat-7.0.62\bin\tomcat7.exe [109696 2015-05-07] (Apache Software Foundation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-03] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-18] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-11-09] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 MSICDSetup; \??\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 20:30 - 2015-07-27 20:31 - 00013438 _____ C:\Users\Jon\Desktop\FRST.txt
2015-07-27 20:30 - 2015-07-27 20:30 - 00000000 ____D C:\Users\Jon\Desktop\FRST-OlderVersion
2015-07-27 19:44 - 2015-07-27 19:44 - 00350352 _____ C:\Windows\Minidump\072715-71214-01.dmp
2015-07-23 23:07 - 2015-07-23 23:07 - 06981875 _____ C:\Users\Jon\Downloads\sample-3ticklerspt2.wmv
2015-07-23 23:06 - 2015-07-23 23:06 - 06405643 _____ C:\Users\Jon\Downloads\Smack Talk  Sample.wmv
2015-07-23 20:24 - 2015-07-23 20:27 - 02870984 _____ (ESET) C:\Users\Jon\Desktop\esetsmartinstaller_enu.exe
2015-07-22 16:22 - 2015-07-22 16:22 - 00000000 ____D C:\Users\Jon\AppData\Local\CEF
2015-07-22 16:18 - 2015-07-22 16:18 - 00931408 _____ (Google Inc.) C:\Users\Jon\Downloads\ChromeSetup (1).exe
2015-07-22 16:03 - 2015-07-22 16:13 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 16:02 - 2015-07-22 16:02 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Jon\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-22 16:02 - 2015-07-22 16:02 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-22 16:02 - 2015-07-22 16:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-22 16:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-22 16:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-22 08:59 - 2015-07-22 09:05 - 00000000 ____D C:\Users\Jon\Desktop\Reply
2015-07-22 08:59 - 2015-07-22 08:59 - 02135552 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2015-07-22 08:55 - 2015-07-27 20:30 - 02146816 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-07-21 19:47 - 2015-07-27 20:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-21 19:47 - 2015-07-26 06:18 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-21 19:47 - 2015-07-21 19:57 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-21 19:47 - 2015-07-21 19:57 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-21 19:47 - 2015-07-21 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-21 19:47 - 2015-07-21 19:49 - 00000000 ____D C:\Program Files (x86)\GUM3A88.tmp
2015-07-21 19:47 - 2015-07-21 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-20 21:28 - 2015-07-20 21:28 - 00000000 ____D C:\SUPERDelete
2015-07-20 21:06 - 2015-07-20 21:06 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (2).exe
2015-07-20 19:37 - 2015-07-20 19:37 - 00000000 ____D C:\Users\Jon\Desktop\FSRT
2015-07-20 19:35 - 2015-07-27 20:30 - 00000000 ____D C:\FRST
2015-07-20 18:41 - 2015-07-20 18:42 - 00000093 _____ C:\Users\Jon\Desktop\dentists.txt
2015-07-20 08:21 - 2015-07-20 08:21 - 00400899 _____ C:\Users\Jon\Downloads\EW11_M17.rar
2015-07-14 07:45 - 2015-07-14 07:45 - 00010200 _____ C:\Users\Jon\Documents\Uninstall STAR WARS The Old Republic.log
2015-07-13 20:47 - 2015-07-22 16:00 - 00000000 ____D C:\AdwCleaner
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208.exe
2015-07-13 20:47 - 2015-07-13 20:47 - 02248704 _____ C:\Users\Jon\Downloads\adwcleaner_4.208 (1).exe
2015-07-13 19:30 - 2015-07-13 19:30 - 00231004 _____ C:\Users\Jon\Downloads\REVIEW_GUIDE.zip
2015-07-13 18:46 - 2015-07-20 22:11 - 00000000 ____D C:\Program Files (x86)\PatternGenerators
2015-07-12 12:45 - 2015-07-27 18:45 - 00000350 _____ C:\Windows\Tasks\AccountGen.job
2015-07-12 12:45 - 2015-07-12 12:45 - 00003258 _____ C:\Windows\System32\Tasks\AccountGen
2015-07-12 00:33 - 2015-07-12 00:33 - 00001156 _____ C:\Users\Public\Desktop\Movavi Video Converter 14.lnk
2015-07-12 00:33 - 2015-07-12 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-22 16:11 - 00000000 ____D C:\Program Files (x86)\Movavi Video Converter 14
2015-07-12 00:32 - 2015-07-12 00:32 - 00000000 ____D C:\Movavi Video Converter 14.3.0
2015-07-12 00:31 - 2015-07-12 00:32 - 31684178 ____R C:\Users\Jon\Downloads\Movavi Video Converter 14.3.0.zip
2015-07-12 00:29 - 2015-07-12 00:33 - 00000000 ____D C:\Users\Jon\AppData\Local\Movavi
2015-07-12 00:29 - 2015-07-12 00:29 - 00000000 ____D C:\ProgramData\Movavi
2015-07-12 00:28 - 2015-07-12 00:28 - 00000000 ____D C:\ProgramData\Movavi Video Converter 15
2015-07-11 23:47 - 2015-07-11 23:47 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-07-11 18:24 - 2015-07-11 18:24 - 00001460 _____ C:\Users\Jon\AppData\Local\recently-used.xbel
2015-07-11 17:46 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\AppData\Local\gtk-2.0
2015-07-11 17:46 - 2015-07-11 17:46 - 00000000 ____D C:\Users\Jon\.thumbnails
2015-07-11 17:31 - 2015-07-11 18:24 - 00000000 ____D C:\Users\Jon\.gimp-2.8
2015-07-11 17:31 - 2015-07-11 17:31 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-07-11 17:31 - 2015-07-11 17:31 - 00000000 ____D C:\Users\Jon\AppData\Local\gegl-0.2
2015-07-11 17:30 - 2015-07-11 17:31 - 00000000 ____D C:\Program Files\GIMP 2
2015-07-11 17:30 - 2015-07-11 17:30 - 91931728 _____ (The GIMP Team ) C:\Users\Jon\Downloads\gimp-2.8.14-setup-1.exe
2015-07-11 17:28 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-07-11 17:27 - 2015-07-11 17:27 - 00000000 ____D C:\Photoshop
2015-07-11 17:26 - 2015-07-11 17:26 - 00000000 ____D C:\Users\Jon\Downloads\Adobe Photoshop 7.0 with serial
2015-07-11 17:24 - 2015-07-11 17:27 - 00000000 ____D C:\Users\Jon\Downloads\Enemy (2013) [1080p]
2015-07-11 16:13 - 2015-07-11 16:21 - 00000000 ____D C:\Images
2015-07-11 16:03 - 2015-07-11 16:03 - 00000782 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-07-10 22:48 - 2015-07-10 22:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-10 22:48 - 2015-07-10 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-05 10:42 - 2015-07-05 13:25 - 00000000 ____D C:\Users\Jon\Desktop\Images
2015-06-28 23:47 - 2015-06-16 23:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-28 23:44 - 2015-06-28 23:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-28 23:43 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-06-28 23:43 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-06-28 23:43 - 2015-06-17 02:10 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-28 23:39 - 2015-05-18 20:29 - 00046768 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-28 23:39 - 2015-05-18 20:14 - 00057520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-27 14:36 - 2015-07-21 21:12 - 00000000 ____D C:\Users\Jon\Documents\The Witcher 3
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-27 20:07 - 2013-11-03 18:53 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-27 19:59 - 2013-11-03 09:20 - 01881030 _____ C:\Windows\WindowsUpdate.log
2015-07-27 19:52 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-27 19:52 - 2009-07-13 21:45 - 00022304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-27 19:50 - 2009-07-13 22:13 - 00787510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-27 19:44 - 2014-11-22 13:58 - 00000000 ____D C:\Windows\Minidump
2015-07-27 19:44 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-27 19:44 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-27 19:44 - 2009-07-13 21:51 - 00061607 _____ C:\Windows\setupact.log
2015-07-27 19:43 - 2014-11-22 13:58 - 990301985 _____ C:\Windows\MEMORY.DMP
2015-07-27 19:43 - 2013-11-03 09:41 - 00189582 _____ C:\Windows\PFRO.log
2015-07-25 09:43 - 2013-11-03 19:27 - 00000000 ____D C:\Users\Jon\AppData\Local\Microsoft Games
2015-07-22 16:11 - 2015-05-25 12:47 - 00000000 ____D C:\Program Files (x86)\FSymbols Stickers for Facebook
2015-07-22 15:59 - 2014-10-22 17:16 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2015-07-21 22:39 - 2013-11-03 18:54 - 00000000 ____D C:\ProgramData\Skype
2015-07-21 19:47 - 2013-11-03 09:35 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-20 19:56 - 2013-11-03 09:20 - 00000000 ____D C:\Users\Jon
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.16.3 Build 1604 (64-bit)
2015-07-20 19:55 - 2014-10-17 21:47 - 00000000 ____D C:\Perl64
2015-07-20 19:55 - 2013-11-03 09:35 - 00000000 ___HD C:\SuperChargerProfile
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-07-20 19:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-20 18:44 - 2015-06-09 10:57 - 00000024 _____ C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2015-07-14 07:45 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-13 20:56 - 2015-06-25 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-12 14:57 - 2015-06-13 16:45 - 00011069 _____ C:\Users\Jon\Documents\CareerPlan.xlsx
2015-07-12 07:48 - 2013-11-03 19:00 - 00000000 ____D C:\Program Files\PeerBlock
2015-07-12 00:32 - 2014-04-27 13:36 - 00000000 ____D C:\Users\Jon\AppData\Roaming\BitTorrent
2015-07-12 00:28 - 2013-11-05 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\vlc
2015-07-06 22:39 - 2014-11-22 18:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-05 20:19 - 2013-11-04 14:07 - 00000000 ____D C:\Users\Jon\AppData\Local\Eclipse
2015-07-05 10:10 - 2015-05-23 22:21 - 00000000 ____D C:\Program Files\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-07-05 10:10 - 2015-05-23 22:20 - 00000000 ____D C:\Program Files (x86)\MySQL
2015-06-28 23:48 - 2013-11-04 12:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-28 23:48 - 2013-11-04 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-06-27 14:20 - 2013-11-03 19:33 - 00000000 ____D C:\Users\Jon\AppData\Roaming\uTorrent
 
==================== Files in the root of some directories =======
 
2015-06-09 10:57 - 2015-07-20 18:44 - 0000024 _____ () C:\Users\Jon\AppData\Roaming\appdataFr25.bin
2014-06-07 20:03 - 2014-06-07 20:03 - 0000600 _____ () C:\Users\Jon\AppData\Roaming\winscp.rnd
2015-07-11 18:24 - 2015-07-11 18:24 - 0001460 _____ () C:\Users\Jon\AppData\Local\recently-used.xbel
2013-11-05 22:57 - 2014-01-05 15:03 - 0007605 _____ () C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
2015-05-29 23:34 - 2015-05-29 23:34 - 0000000 _____ () C:\Users\Jon\AppData\Local\Temp.dat
 
Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-23 00:44
 
==================== End of log ============================


#15 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:06:44 AM

Posted 28 July 2015 - 08:28 AM

Hello Krahn,

 

Looks like that fix was successful!   :thumbup2: 

 

I suggest updating Java (see below), but other than that we are done.

 

=========================================================

 

Update Java

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:

  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
  • Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

======================================================

All Clean!

Congratulations on your clean PC!   :thumbup2:

For keeping your PC clean, there are a few main things to keep tabs on:

1) Make sure to keep your antivirus software up to date.

2) Keep Java, Adobe Flash Player, and Adobe Reader up to date.

3) Run periodic scans using your antivirus software and Malwarebyte's Antimalware.

4) Most importantly, practice safe browsing. You are the ultimate protection tool.

=======================================================================

Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.

=======================================================================

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:

In addition, here are some more links you might find of interest:

This thread will remain open for 48 hours after the posting of this "all-clean" for any questions you may have.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users