Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think im being hacked by some idiot


  • This topic is locked This topic is locked
8 replies to this topic

#1 Maraxus

Maraxus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 April 2016 - 02:08 AM

Hi, it has come to my attention recently that a "old friend" of mine could have been planning to plant files on my computer to get me in trouble.
He is the kind of egomaniac that thinks he can control ppls lives, and is straight up psycotic...

I think he might go even that far as to plant child pornography on my computer.

We where frends about 10 years ago but i noticed that he wasnt the kind of person he lets on, and that the way he views the world is kinda sick so I just stopped all communication with him and dropped him from my life.

 

What worries me currently that the computer i bought from another friend might have stuff on it wich he (the psycho) told him to place there, and could be using it to plant stuff now.

 

i have no evidence of this, but the psycho was a "hacker" when we where friends, and he probably still does it.

 

Any hlp will be greatly preciatted.

 

FRST file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by GORAN (administrator) on KESH-PC (05-04-2016 08:51:08)
Running from D:\Downloads
Loaded Profiles: GORAN (Available Profiles: GORAN)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E2609BF7-5248-4C68-B35D-A28481F83F23}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\GORAN\AppData\Roaming\Mozilla\Firefox\Profiles\02dlajek.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2645308588-427372778-317950571-1000: @my.com/Games -> C:\Users\GORAN\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
FF Extension: Adblock Plus - C:\Users\GORAN\AppData\Roaming\Mozilla\Firefox\Profiles\02dlajek.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-12-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 08:51 - 2016-04-05 08:51 - 00000000 ____D C:\FRST
2016-03-20 11:06 - 2016-03-21 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 22:53 - 2016-03-18 22:53 - 00000068 _____ C:\Users\GORAN\Desktop\New Text Document.txt
2016-03-17 22:38 - 2016-03-17 22:38 - 00000000 ____D C:\Users\GORAN\AppData\Local\ElevatedDiagnostics
2016-03-17 22:21 - 2016-03-17 22:21 - 00000000 ____D C:\ProgramData\X360CE
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files\VID_0E8F&PID_0008
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files\VID_0E8F&PID_0003
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files (x86)\VID_0E8F&PID_0008
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files (x86)\VID_0E8F&PID_0003

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 08:30 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-05 08:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-05 08:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-05 01:49 - 2015-12-10 12:45 - 00061256 _____ C:\Windows\system32\BMXStateBkp-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-05 01:49 - 2015-12-10 12:45 - 00061256 _____ C:\Windows\system32\BMXState-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-05 01:49 - 2015-12-10 12:45 - 00000788 _____ C:\Windows\system32\DVCState-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-05 01:49 - 2009-07-14 06:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 01:49 - 2009-07-14 06:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-29 19:50 - 2016-01-17 22:23 - 00000000 ____D C:\Users\GORAN\AppData\Local\MyComGames
2016-03-21 21:21 - 2015-12-10 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 10:53 - 2015-12-10 14:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-20 10:53 - 2015-12-10 14:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-20 10:42 - 2009-07-14 07:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-19 12:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-17 23:24 - 2015-12-10 14:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-17 22:01 - 2015-12-10 12:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

Some files in TEMP:
====================
C:\Users\GORAN\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\GORAN\AppData\Local\Temp\raptrpatch.exe
C:\Users\GORAN\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 10:38

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Maraxus

Maraxus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 05 April 2016 - 03:35 AM

Update:

 

Can the Microsoft media player network admission (or whatever it is) be used for this purpose?

 

Cant seem to remove it from the network media devices.

 

 

Edit: Also the guy I got my new computer from got my old one, harddrive and all, I told him then that he can keep it for compensation

since i wasnt interested in getting it back, but when i asked him where is it, he was "unsure" what happened to the parts.

He is also computer savy and still hangs out with the psycho from time to time.

 

Also a curtesy update, im just that kind of guy: Bok Čevo, Bok Hrc, vidimo se...


Edited by Maraxus, 05 April 2016 - 03:55 AM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 07 April 2016 - 07:54 PM

Greetings,

Your computer is clean.

You can't uninstall Windows Media Player from Windows 7. The system will not allow that.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Maraxus

Maraxus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 08 April 2016 - 02:07 PM

Hi, thank you for the update.

 

I have another update; today when I came from work and turned on the computer i was greeted by the system restore window.

It was scanning my computer for errors. and asked me if i wanted to rollback to an earlyer version of my system, I refused.

It then stated that my computer has been fixed by rolling back the registry to an earlyer date. Dont know if thats relevant, or if computers can be switched on remotely these days...

 

Anyway, posting another FRST and adittion files ive made after that, just to compare.

 

Thank you to anyone that takes an interest.

 

FRST file (second run):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by GORAN (administrator) on KESH-PC (08-04-2016 21:01:50)
Running from D:\Downloads
Loaded Profiles: GORAN (Available Profiles: GORAN)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{E2609BF7-5248-4C68-B35D-A28481F83F23}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\GORAN\AppData\Roaming\Mozilla\Firefox\Profiles\02dlajek.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-20] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2645308588-427372778-317950571-1000: @my.com/Games -> C:\Users\GORAN\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
FF Extension: Adblock Plus - C:\Users\GORAN\AppData\Roaming\Mozilla\Firefox\Profiles\02dlajek.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-12-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-06-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 10:06 - 2016-04-07 10:06 - 00000616 _____ C:\Users\GORAN\Desktop\World of Tanks.lnk
2016-04-07 10:05 - 2016-04-07 10:06 - 00000000 ____D C:\Users\GORAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2016-04-05 09:37 - 2016-04-05 09:37 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-05 09:35 - 2016-04-05 09:35 - 00431382 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-04-05 09:35 - 2016-04-05 09:35 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-04-05 09:35 - 2016-04-05 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-04-05 09:35 - 2016-04-05 09:35 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-04-05 09:34 - 2016-04-05 09:34 - 00000000 ____D C:\ProgramData\CheckPoint
2016-04-05 09:09 - 2016-04-05 09:09 - 00018062 _____ C:\Users\GORAN\Desktop\Show-Hidden.txt
2016-04-05 09:07 - 2016-04-05 09:07 - 00024924 _____ C:\Users\GORAN\Desktop\Addition.txt
2016-04-05 08:51 - 2016-04-08 21:01 - 00000000 ____D C:\FRST
2016-03-24 03:21 - 2016-03-24 03:21 - 00462304 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2016-03-20 11:06 - 2016-03-21 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 22:53 - 2016-03-18 22:53 - 00000068 _____ C:\Users\GORAN\Desktop\New Text Document.txt
2016-03-17 22:38 - 2016-04-05 10:31 - 00000000 ____D C:\Users\GORAN\AppData\Local\ElevatedDiagnostics
2016-03-17 22:21 - 2016-03-17 22:21 - 00000000 ____D C:\ProgramData\X360CE
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files\VID_0E8F&PID_0008
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files\VID_0E8F&PID_0003
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files (x86)\VID_0E8F&PID_0008
2016-03-17 22:01 - 2016-03-17 22:35 - 00000000 ____D C:\Program Files (x86)\VID_0E8F&PID_0003

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-08 20:57 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-08 20:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-08 20:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-08 20:53 - 2009-07-14 06:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-08 20:53 - 2009-07-14 06:45 - 00016880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-08 03:24 - 2015-12-10 12:45 - 00061256 _____ C:\Windows\system32\BMXStateBkp-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-08 03:24 - 2015-12-10 12:45 - 00061256 _____ C:\Windows\system32\BMXState-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-08 03:24 - 2015-12-10 12:45 - 00000788 _____ C:\Windows\system32\DVCState-{00000009-00000000-00000001-00001102-00000005-60071102}.rfx
2016-04-07 22:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-05 10:39 - 2016-01-11 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-03-29 19:50 - 2016-01-17 22:23 - 00000000 ____D C:\Users\GORAN\AppData\Local\MyComGames
2016-03-21 21:21 - 2015-12-10 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 10:53 - 2015-12-10 14:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-20 10:53 - 2015-12-10 14:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-20 10:42 - 2009-07-14 07:08 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-19 12:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-17 23:24 - 2015-12-10 14:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-17 22:01 - 2015-12-10 12:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

Some files in TEMP:
====================
C:\Users\GORAN\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\GORAN\AppData\Local\Temp\raptrpatch.exe
C:\Users\GORAN\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 10:38

==================== End of FRST.txt ============================

 

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 08 April 2016 - 06:20 PM

Your computer is still clean.

It sounds like your computer went into Startup Repair which can be triggered by a variety of non-malware issues.

===================================================

Startup Repair Log

--------------------
  • Hit the Windows Key + E at the same time
  • Navigate to the following file and double click it

C:\Windows\System32\\LogFiles\Srt\SrtTrail.txt

  • Copy and paste the contents of the Notepad document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Startup Repair information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Maraxus

Maraxus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:17 PM

Posted 10 April 2016 - 01:58 PM

Ok, thank you, was worried there...



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 10 April 2016 - 08:27 PM

Did you want to follow up on the Startup Repair? If it was a one time event it may not be anything to worry about but if you would like me to check the log please post it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 13 April 2016 - 08:50 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:17 AM

Posted 15 April 2016 - 11:29 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users