Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cox insisting I'm infected with Zeus Trojan/bot (zbot), system scans clean


  • Please log in to reply
2 replies to this topic

#1 zerohaste

zerohaste

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 06 February 2016 - 11:19 PM

I've gotten two emails from them about this in two weeks. I know some of these programs I've scanned my PC with might not be the best at detecting things, but I wanted to check with everything I had on hand, knew about, or Cox notified me about.

 

System scans clean / nothing is found with:

Windows 10 built in Windows Defender

Malwarebytes Anti-malware

Something Cox told me to use, called Microsoft Safety Scanner

Another thing Cox told me to use, Symantec Trojan.Zbot Removal Tool

ESET Online Scanner

Cox provided subscription to McAfee Multi Access - Total Protection

 

All scans were done both in safe mode and my regular login, except ESET which was done in safe mode with networking only. My wifi is secure with an absurdly long password and mac address filtering and the password was changed already since the first warning I got from Cox. I have no other devices other than this PC connected to my network. I did have an Amazon Fire, an iPhone and a few game consoles before but never reconnected them when I changed my wifi password after the first warning. I've always used Windows Firewall + router firewall, but am now using the one in the McAfee tool + router. Other than format my PC I'm not sure what else I can do, which is why I'm here. Google searching on the issue led me to someone posting here, and I've known about people helping others like you guys do here so I figured I'd give it a shot before I finally give in and format. I don't really want to sit here scanning my PC over and over with various tools that find nothing. Each scan that comes up clean drives me more and more crazy. I could honestly format and be done with it faster than scanning with every tool I find in the hopes something detects what Cox is telling me I have.

 

So here goes. I appreciate any help you guys can offer. I really don't want to format, but will as a last resort.

 

FRST log below, Addition attached.

 

----

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by MementoMori (administrator) on MEMENTOMORI-PC (06-02-2016 21:42:36)
Running from C:\Users\MementoMori\Desktop
Loaded Profiles: MementoMori (Available Profiles: MementoMori)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(EVGA Corp.) C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CMedia) C:\Program Files\UNi Xonar Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\syswow64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Valve Corporation) D:\Steam\Steam.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(EVGA Corp.) C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionXServer.exe
(EVGA Corp.) C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionXServer_x64.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.16731.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15009400 2015-10-14] (Logitech Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-2712218113-430331144-635360849-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2712218113-430331144-635360849-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2712218113-430331144-635360849-1000\...\Run: [Steam] => D:\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2712218113-430331144-635360849-1000\...\RunOnce: [Uninstall C:\Users\MementoMori\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MementoMori\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{66708aac-3cce-462f-a391-39828a070c95}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\MementoMori\AppData\Roaming\Mozilla\Firefox\Profiles\l85ig9fd.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2712218113-430331144-635360849-1000: @my.com/Games -> C:\Users\MementoMori\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-24] (My.com, Inc)
FF Extension: LastPass - C:\Users\MementoMori\AppData\Roaming\Mozilla\Firefox\Profiles\l85ig9fd.default\extensions\support@lastpass.com [2015-08-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-01-23] [not signed]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://mail.google.com/mail/u/0/#inbox/152b7ce932786fcb
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-07]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-01-31]
CHR Extension: (Entanglement Web App) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-08-07]
CHR Extension: (Google Docs) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-07]
CHR Extension: (Google Drive) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (NeoGAF Live Thread) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbfgndoggabppkoehpipfadjelcofmp [2015-08-07]
CHR Extension: (YouTube) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2016-01-05]
CHR Extension: (Google Sheets) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-07]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-01-21]
CHR Extension: (Google Docs Offline) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-01-29]
CHR Extension: (ytma!) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijioppmkelhobdlpbcgojamecmailcnh [2015-08-07]
CHR Extension: (PSDLE) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdjhhapoddhnimgdemnpbfagndcnmhii [2015-12-24]
CHR Extension: (Speed Dial 2) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-10]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-11]
CHR Extension: (Poppit!) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-08-07]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-08-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07]
CHR Extension: (Hover Zoom+) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2016-01-29]
CHR Extension: (Evernote Web Clipper) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-29]
CHR Extension: (Gmail) - C:\Users\MementoMori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-23]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0166071453592607mcinstcleanup; C:\Users\MementoMori\AppData\Local\Temp\0166071453592607mcinst.exe [883024 2015-10-28] (McAfee, Inc.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-08] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6952504 2015-11-08] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-10-14] (Logitech Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3806032 2015-10-13] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2104840 2015-12-12] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R3 cmudaxp; C:\Windows\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\drivers\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 LGSUsbFilt; C:\Windows\System32\drivers\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
S3 NVSWCFilter; C:\Windows\System32\drivers\nvswcfilter.sys [19616 2015-07-23] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 tap0901_openvpn_accl; C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [37912 2015-01-13] (The OpenVPN Project)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-02-04] (Wellbia.com Co., Ltd.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 21:42 - 2016-02-06 21:42 - 00022076 _____ C:\Users\MementoMori\Desktop\FRST.txt
2016-02-06 21:35 - 2016-02-06 21:42 - 00000000 ____D C:\FRST
2016-02-06 21:35 - 2016-02-06 21:35 - 02370560 _____ (Farbar) C:\Users\MementoMori\Desktop\FRST64.exe
2016-02-06 21:14 - 2016-02-06 21:14 - 00016148 _____ C:\WINDOWS\system32\MEMENTOMORI-PC_MementoMori_HistoryPrediction.bin
2016-02-06 19:49 - 2016-02-06 19:49 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-06 16:09 - 2016-02-06 16:09 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-04 14:51 - 2016-02-04 17:28 - 00036904 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2016-02-04 14:51 - 2016-02-04 14:51 - 00000000 ____D C:\Users\MementoMori\Documents\Black Desert
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:\Users\Public\Desktop\Black Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000904 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Character Creator.lnk
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:\Users\MementoMori\AppData\Local\BDOCharacterCreator
2016-02-04 14:12 - 2016-02-04 14:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDOCharacterCreator
2016-01-23 21:58 - 2016-01-24 14:29 - 00007626 _____ C:\Users\MementoMori\AppData\Local\Resmon.ResmonCfg
2016-01-23 17:44 - 2016-01-23 17:44 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-01-23 17:44 - 2016-01-23 17:44 - 00001989 _____ C:\Users\Public\Desktop\McAfee Multi Access - Total Protection (PC).lnk
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:\Users\MementoMori\AppData\Roaming\Macromedia
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-01-23 17:44 - 2016-01-23 17:44 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2016-01-23 17:44 - 2015-09-23 09:43 - 00082072 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeelamk.sys
2016-01-23 17:44 - 2015-09-23 09:43 - 00080760 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\cfwids.sys
2016-01-23 17:44 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-01-23 17:43 - 2016-01-24 23:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-23 17:43 - 2016-01-23 17:44 - 00000000 ____D C:\Program Files\McAfee
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:\Program Files\McAfee.com
2016-01-23 17:43 - 2016-01-23 17:43 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-23 17:43 - 2015-09-23 09:43 - 00497888 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfefirek.sys
2016-01-23 17:43 - 2015-09-23 09:43 - 00244544 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2016-01-23 17:42 - 2016-01-23 17:44 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-01-23 17:42 - 2015-09-23 09:43 - 00841944 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeaack.sys
2016-01-23 17:42 - 2015-09-23 09:43 - 00351120 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2016-01-23 17:42 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-01-23 17:41 - 2016-02-01 11:47 - 00000052 _____ C:\Users\MementoMori\Desktop\New Text Document.txt
2016-01-23 17:41 - 2016-01-24 23:26 - 00000000 ____D C:\ProgramData\McAfee
2016-01-23 17:41 - 2016-01-23 17:41 - 08204776 _____ (McAfee, Inc.) C:\Users\MementoMori\Desktop\McAfeeSetup-Serial.exe
2016-01-23 03:08 - 2016-01-23 03:08 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-23 00:03 - 2016-01-23 00:05 - 148155664 _____ (Microsoft Corporation) C:\Users\MementoMori\Downloads\msert.exe
2016-01-22 23:44 - 2016-01-23 11:23 - 00479444 _____ C:\WINDOWS\ntbtlog.txt
2016-01-22 23:39 - 2016-01-22 23:44 - 00000000 ____D C:\NPE
2016-01-22 23:38 - 2016-01-22 23:45 - 00000000 ____D C:\Users\MementoMori\AppData\Local\NPE
2016-01-22 23:38 - 2016-01-22 23:38 - 00000000 ____D C:\ProgramData\Norton
2016-01-22 22:30 - 2016-01-23 16:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-22 22:30 - 2016-01-22 22:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-22 22:30 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-22 22:30 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-17 14:53 - 2016-01-17 14:53 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-01-17 14:52 - 2015-12-18 00:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-01-17 14:52 - 2015-12-18 00:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-01-16 01:11 - 2016-01-16 01:11 - 00000000 ____D C:\Users\MementoMori\AppData\Local\CAPCOM
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:\Users\MementoMori\Documents\BnS
2016-01-14 14:42 - 2016-01-14 14:42 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-01-14 14:42 - 2015-10-13 07:32 - 03806032 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2016-01-14 14:42 - 2005-01-03 00:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\npptNT2.sys
2016-01-14 14:42 - 2003-07-18 15:17 - 00005174 _____ C:\WINDOWS\SysWOW64\nppt9x.vxd
2016-01-14 13:55 - 2016-01-14 13:55 - 00000000 ____D C:\NCSOFT
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-14 13:54 - 2016-01-14 13:54 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-13 10:05 - 2016-01-04 21:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 10:05 - 2016-01-04 21:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 10:05 - 2016-01-04 21:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 21:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 21:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 21:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 10:05 - 2016-01-04 21:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-13 10:05 - 2016-01-04 20:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 10:05 - 2016-01-04 20:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 10:05 - 2016-01-04 20:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 10:05 - 2016-01-04 20:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 10:05 - 2016-01-04 20:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 10:05 - 2016-01-04 20:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 10:05 - 2016-01-04 20:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-13 10:05 - 2016-01-04 20:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 20:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 20:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 20:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 10:05 - 2016-01-04 20:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 10:05 - 2016-01-04 20:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 10:05 - 2016-01-04 20:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 10:05 - 2016-01-04 20:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 10:05 - 2016-01-04 20:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 10:05 - 2016-01-04 20:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 10:05 - 2016-01-04 20:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 10:05 - 2016-01-04 19:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 10:05 - 2016-01-04 19:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 10:05 - 2016-01-04 19:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 10:05 - 2016-01-04 19:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 10:05 - 2016-01-04 19:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 10:05 - 2016-01-04 19:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 10:05 - 2016-01-04 19:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 10:05 - 2016-01-04 19:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 10:05 - 2016-01-04 19:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 10:05 - 2016-01-04 19:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 10:05 - 2016-01-04 19:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 10:05 - 2016-01-04 19:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-13 10:05 - 2016-01-04 19:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 10:05 - 2016-01-04 19:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 10:05 - 2016-01-04 19:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 10:05 - 2016-01-04 19:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 10:05 - 2016-01-04 19:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-06 21:34 - 2015-08-23 11:34 - 00000949 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 21:34 - 2015-08-23 11:34 - 00000763 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {1D02BD40-7F38-4062-8A74-FB427937982D}.job
2016-02-06 20:43 - 2015-08-07 12:18 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-06 18:12 - 2015-12-20 13:40 - 00000000 ____D C:\Users\MementoMori\AppData\Local\CrashDumps
2016-02-06 17:12 - 2015-08-07 14:53 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-06 17:07 - 2015-08-07 14:53 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-06 16:35 - 2015-08-10 10:37 - 00004174 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4987DB4F-5564-4BBE-B68D-3D71E3C7E474}
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:\ProgramData\Oracle
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-06 10:49 - 2015-09-05 23:14 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-06 10:48 - 2015-09-05 23:14 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-06 10:48 - 2015-09-05 23:14 - 00000000 ____D C:\Users\MementoMori\.oracle_jre_usage
2016-02-06 10:43 - 2015-08-07 12:18 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-04 15:43 - 2015-08-07 12:19 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 14:12 - 2015-08-23 11:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-04 13:10 - 2015-12-12 11:24 - 00000000 ____D C:\Users\MementoMori\AppData\Roaming\Awesomium
2016-02-03 20:21 - 2015-10-11 09:54 - 00000000 ____D C:\Mod Organizer TESV
2016-02-03 20:21 - 2014-12-30 10:17 - 00000000 ____D C:\Mod Organizer NV
2016-02-02 10:38 - 2015-08-07 12:18 - 00003994 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 10:38 - 2015-08-07 12:18 - 00003762 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 11:36 - 2015-08-07 14:48 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-28 21:36 - 2015-09-05 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-28 21:36 - 2015-08-07 22:30 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-28 21:36 - 2015-08-07 22:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-23 17:44 - 2015-08-07 14:53 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-23 14:22 - 2015-08-07 14:52 - 00000000 ____D C:\WINDOWS\INF
2016-01-23 14:22 - 2015-08-07 12:05 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-23 14:16 - 2015-08-07 14:48 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-23 14:16 - 2015-08-07 11:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-23 14:16 - 2015-08-07 11:58 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-17 14:54 - 2015-11-10 10:31 - 00000000 ____D C:\Users\MementoMori\AppData\Local\NVIDIA
2016-01-16 22:40 - 2015-09-21 09:31 - 00000000 ____D C:\Users\MementoMori\AppData\Local\ElevatedDiagnostics
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-16 21:26 - 2015-08-07 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-14 21:34 - 2015-09-29 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-14 21:34 - 2015-09-29 00:55 - 00000000 ____D C:\Users\MementoMori\AppData\Local\NCSOFT
2016-01-14 21:34 - 2014-05-09 08:09 - 00000000 ____D C:\Users\MementoMori\Documents\NCSOFT
2016-01-13 13:40 - 2015-08-09 19:21 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 13:39 - 2015-08-09 19:21 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-13 10:12 - 2015-08-12 10:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 10:12 - 2015-08-07 14:50 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-13 10:07 - 2015-08-12 10:19 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 10:07 - 2015-08-07 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-11 22:41 - 2015-11-10 10:31 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-01-11 22:41 - 2015-11-10 10:31 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-01-11 22:40 - 2015-12-18 22:24 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-01-11 22:40 - 2015-11-10 10:31 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:\Users\MementoMori\.minion
2016-01-10 13:53 - 2015-04-22 15:19 - 00000000 ____D C:\Users\MementoMori\.junique
2016-01-08 15:32 - 2015-11-21 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-01-08 12:18 - 2015-08-07 14:58 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-08 12:16 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== Files in the root of some directories =======
 
2016-01-23 21:58 - 2016-01-24 14:29 - 0007626 _____ () C:\Users\MementoMori\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\MementoMori\AppData\Local\Temp\0166071453592607mcinst.exe
C:\Users\MementoMori\AppData\Local\Temp\4ca8e46d0a3b512fe2b857a8406ceabe.dll
C:\Users\MementoMori\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
C:\Users\MementoMori\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\MementoMori\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\MementoMori\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\MementoMori\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\MementoMori\AppData\Local\Temp\McCSPInstall.dll
C:\Users\MementoMori\AppData\Local\Temp\Nexus Mod Manager-0.61.2.exe
C:\Users\MementoMori\AppData\Local\Temp\Nexus Mod Manager-0.61.3.exe
C:\Users\MementoMori\AppData\Local\Temp\Nexus Mod Manager-0.61.4.exe
C:\Users\MementoMori\AppData\Local\Temp\Nexus Mod Manager-0.61.5.exe
C:\Users\MementoMori\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MementoMori\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\MementoMori\AppData\Local\Temp\nvStInst.exe
C:\Users\MementoMori\AppData\Local\Temp\xmlUpdater.exe
C:\Users\MementoMori\AppData\Local\Temp\__pythonRunner.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-31 13:56
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:08:03 PM

Posted 07 February 2016 - 10:02 AM

I dont think anything is going to show up in a FRST log that wouldnt have been taken care of by all those tools you ran. Maybe you pulled a blacklisted IP from cox. You could try shutting down your modem and router overnight and hopefully on reboot you will grab a new ip.

If you click on start and type in the search field: cmd and click enter then at the prompt type in:

 

ipconfig /release

 

Note the space after the g and before the /

And click enter, then power off computer, modem and router. Next day power all 3 back up. Worth a try anyway.

 

 


How Can I Reduce My Risk to Malware?


#3 zerohaste

zerohaste
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:03 PM

Posted 07 February 2016 - 02:02 PM

Alright, I'll try that, thanks. Hopefully that's it, because I'm not really sure what else I can do. Cox is basically threatening to terminate my service if I don't take care of it because it's a threat to their other customers. I guess if that doesn't do anything and they still send me warnings on it it's time to format.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users