Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Large amounts of outgoing traffic being sent from PC


  • This topic is locked This topic is locked
9 replies to this topic

#1 Vancer2

Vancer2

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 29 May 2016 - 03:39 PM

I recently tried to torrent a game, I took a chance and It seems I screwed up. My NIS is telling me it is detecting High amounts of outgoing traffic coming from my computer. This is minutes after having downloaded a file, It was a .exe. I took several steps to make sure it was legit I even started up  my VMware to see if the file was harmful at all. Anyways, after I saw this from Norton I knew it was from the file. I have never experienced this before. Norton is blocking the Intrusion Attacks. But I want to rid of what is making me known. I have never used a proxy. If you see anything suspicious about ANY files anywhere, do ask as I am the sole owner and operator of this computer and I know what I have messed with in the last 3 days.

 

Here is the FRST.log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Vance (administrator) on VANCE-ATLASPC (29-05-2016 15:21:23)
Running from C:\Users\Vance\Desktop
Loaded Profiles: Vance &  (Available Profiles: Vance)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\n360.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Black Tree Gaming) C:\Program Files\Nexus Mod Manager\NexusClient.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(TeamSpeak Systems GmbH) C:\Teamspeak\ts3client_win64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6564552 2016-05-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52148864 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\Run: [uTorrent] => C:\Users\Vance\AppData\Roaming\uTorrent\uTorrent.exe [2530304 2016-05-13] (BitTorrent Inc.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {348a84de-9ecb-11e4-a3b7-40167e240b9f} - I:\AutoRun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {39360278-d789-11e5-a933-305a3a7e8697} - I:\setup.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {8e1ce3ce-8275-11e4-ab57-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {915b0cdc-d765-11e5-b775-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {915b0cdd-d765-11e5-b775-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\MountPoints2: {b6afebcb-8324-11e4-99ef-40167e240b9f} - D:\autorun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52148864 2016-04-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Vance\AppData\Roaming\uTorrent\uTorrent.exe [2530304 2016-05-13] (BitTorrent Inc.)
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {348a84de-9ecb-11e4-a3b7-40167e240b9f} - I:\AutoRun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {39360278-d789-11e5-a933-305a3a7e8697} - I:\setup.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8e1ce3ce-8275-11e4-ab57-806e6f6e6963} - F:\autorun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {915b0cdc-d765-11e5-b775-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {915b0cdd-d765-11e5-b775-806e6f6e6963} - F:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b6afebcb-8324-11e4-99ef-40167e240b9f} - D:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} =>  No File
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{1AACEDF9-99BF-41E7-88E4-A8AC52259120}: [NameServer] 209.18.47.61

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF NetworkProxy: "ftp", "123.110.155.80"
FF NetworkProxy: "ftp_port", 8088
FF NetworkProxy: "gopher", "123.110.155.80"
FF NetworkProxy: "gopher_port", 8088
FF NetworkProxy: "http", "123.110.155.80"
FF NetworkProxy: "http_port", 8088
FF NetworkProxy: "socks", "123.110.155.80"
FF NetworkProxy: "socks_port", 8088
FF NetworkProxy: "ssl", "123.110.155.80"
FF NetworkProxy: "ssl_port", 8088
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-16] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1393328475-2422675579-3373686829-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Vance\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Vance\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-23] (Citrix Online)
FF SearchPlugin: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\amazon-search-suggestions.xml [2016-05-06]
FF SearchPlugin: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\duckduckgo.xml [2014-07-19]
FF SearchPlugin: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\gportal-wiki-de.xml [2016-01-27]
FF Extension: Add to Amazon Wish List Button - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\amznUWL2@amazon.com.xpi [2016-05-12]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\artur.dubovoy@gmail.com [2016-05-16]
FF Extension: Default Theme Engine - Personas Interactive - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\btpersonas-nonamo@brandthunder.com [2016-05-12]
FF Extension: InvisibleHand - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2016-05-12]
FF Extension: Personal Menu - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\CompactMenuCE@Merci.chao.xpi [2015-12-28]
FF Extension: DivX Web Player - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-21] [not signed]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\elemhidehelper@adblockplus.org.xpi [2016-05-12]
FF Extension: PriceBlink - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi [2016-05-12]
FF Extension: Menu Icons Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\menuiconsplus@codedawn.com.xpi [2016-05-12]
FF Extension: MP4 Downloader - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\mp4downloader@jeff.net.xpi [2013-10-19] [not signed]
FF Extension: Photobucket Uploader - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\pbupload@photobucket.com.xpi [2016-05-12]
FF Extension: Personas Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\personas@christopher.beard.xpi [2016-05-13]
FF Extension: Qmee - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\qmee@qmee.com.xpi [2016-03-02]
FF Extension: ScrapBook Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\scrapbookplus@addons.mozilla.org.xpi [2015-05-20] [not signed]
FF Extension: Thumbnail Zoom Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\thumbnailZoom@dadler.github.com.xpi [2016-04-04]
FF Extension: uBlock Origin - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\uBlock0@raymondhill.net.xpi [2016-05-12]
FF Extension: Session Manager - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-18]
FF Extension: Nuke Anything Enhanced - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi [2016-05-12]
FF Extension: ImTranslator - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2016-05-12]
FF Extension: WOT - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09]
FF Extension: Video DownloadHelper - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]
FF Extension: RightToClick - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-11-30]
FF Extension: CoolPreviews - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2014-11-09] [not signed]
FF Extension: Adblock Plus - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-12]
FF Extension: DownThemAll! - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-05-12]
FF Extension: FreeStyler - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi [2016-03-17]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon [2016-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon
FF HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-07-05] [not signed]
FF HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-12-12] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-03-15] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [242448 2016-02-04] (EasyAntiCheat Ltd)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-16] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7220792 2016-02-16] (GOG.com)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2016-04-09] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2016-04-09] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3398544 2014-11-11] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-29] (Electronic Arts)
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-12-09] ()
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-12] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2016-02-18] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-01-27] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\BASHDefs\20160521.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-11-11] (Symantec Corporation)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-28] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-02-19] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\IPSDefs\20160527.001\IDSvia64.sys [876248 2016-05-26] (Symantec Corporation)
R3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [45208 2016-04-15] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2016-05-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\VirusDefs\20160528.001\ENG64.SYS [138456 2016-05-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\VirusDefs\20160528.001\EX64.SYS [2148056 2016-05-17] (Symantec Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-06-28] (Duplex Secure Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-11-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-05-24] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2014-11-24] (Oracle Corporation)
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [56560 2015-08-15] (Shaul Eizikovich)
S3 vjoy; C:\Windows\System32\DRIVERS\vjoy.sys [56560 2015-08-15] (Shaul Eizikovich)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Vance\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 15:21 - 2016-05-29 15:21 - 00033390 _____ C:\Users\Vance\Desktop\FRST.txt
2016-05-29 15:21 - 2016-05-29 15:21 - 00000000 ____D C:\FRST
2016-05-29 15:18 - 2016-05-29 15:18 - 02383872 _____ (Farbar) C:\Users\Vance\Desktop\FRST64.exe
2016-05-28 22:48 - 2016-05-28 22:49 - 00000017 _____ C:\Users\Vance\Desktop\ZANZAHRA.txt
2016-05-28 21:53 - 2016-05-28 22:00 - 00000000 ____D C:\Users\Vance\AppData\Local\NPE
2016-05-28 21:14 - 2016-05-28 21:14 - 00000000 ____D C:\Program Files (x86)\Total War Warhammer
2016-05-28 20:04 - 2016-05-28 20:04 - 00000000 ____D C:\Windows\LastGood
2016-05-28 20:03 - 2016-05-28 20:03 - 00001076 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2016-05-28 20:03 - 2016-05-28 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2016-05-28 20:03 - 2016-05-28 20:03 - 00000000 ____D C:\Program Files\Oracle
2016-05-28 20:03 - 2016-04-28 15:05 - 00916520 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2016-05-28 20:00 - 2016-05-28 20:01 - 113110496 _____ (Oracle Corporation) C:\Users\Vance\Downloads\VirtualBox-5.0.20-106931-Win.exe
2016-05-26 18:16 - 2016-05-26 18:16 - 00000000 ____D C:\Spectrographer
2016-05-26 18:13 - 2016-05-26 18:13 - 00000000 ____D C:\Users\Vance\AppData\Local\dynftw
2016-05-26 17:45 - 2016-05-26 17:45 - 06893688 _____ (Piriform Ltd) C:\Users\Vance\Downloads\ccsetup518.exe
2016-05-26 16:55 - 2016-05-26 16:55 - 00517302 _____ C:\Users\Vance\Desktop\Vance Miller 2016-2017 fafsa.pdf
2016-05-25 01:02 - 2016-05-26 18:34 - 00003400 _____ C:\Users\Vance\AppData\Roaming\VoiceMeeterDefault.xml
2016-05-25 01:02 - 2016-05-25 01:02 - 00003400 _____ C:\Users\Vance\Documents\Streaming settings.xml
2016-05-24 18:39 - 2016-05-25 21:27 - 00000000 ____D C:\Users\Vance\AppData\Roaming\obs-studio
2016-05-24 18:39 - 2016-05-24 18:39 - 00000000 ____D C:\Users\Vance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-05-24 18:39 - 2016-05-24 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Audio
2016-05-24 18:39 - 2016-05-24 18:39 - 00000000 ____D C:\Program Files\VB
2016-05-24 18:38 - 2016-05-24 18:38 - 00041192 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vbaudio_vmvaio64_win7.sys
2016-05-24 18:38 - 2016-05-24 18:38 - 00001162 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-05-24 18:38 - 2016-05-24 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-05-24 18:38 - 2016-05-24 18:38 - 00000000 ____D C:\Program Files (x86)\VB
2016-05-24 18:38 - 2016-05-24 18:38 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-05-24 17:17 - 2016-05-24 17:17 - 00000000 ____D C:\Users\Vance\AppData\Local\id Software
2016-05-20 16:48 - 2016-05-20 16:48 - 00141280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-05-20 16:48 - 2016-05-20 16:48 - 00122704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 10694160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 08876704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 08865344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 01511680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 01242832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00166488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00150544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00137136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-05-20 16:47 - 2016-05-20 16:47 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-05-20 16:46 - 2016-05-20 16:46 - 09798560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-05-20 16:46 - 2016-05-20 16:46 - 08577456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-05-20 16:46 - 2016-05-20 16:46 - 06999496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-05-20 16:44 - 2016-05-20 16:44 - 00296648 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-05-20 16:41 - 2016-05-20 16:41 - 27015680 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-05-20 16:35 - 2016-05-20 16:35 - 48616960 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-05-20 16:35 - 2016-05-20 16:35 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-05-20 16:34 - 2016-05-20 16:34 - 38098432 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-05-20 16:33 - 2016-05-20 16:33 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-05-20 16:33 - 2016-05-20 16:33 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-05-20 16:32 - 2016-05-20 16:32 - 27433472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-05-20 16:31 - 2016-05-20 16:31 - 21600768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-05-20 16:30 - 2016-05-20 16:30 - 08699392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-05-20 16:26 - 2016-05-20 16:26 - 06951424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-05-20 16:16 - 2016-05-20 16:16 - 00096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2016-05-20 16:15 - 2016-05-20 16:15 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2016-05-20 16:14 - 2016-05-20 16:14 - 30188032 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-05-20 16:13 - 2016-05-20 16:13 - 00730112 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-05-20 16:13 - 2016-05-20 16:13 - 00605696 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-05-20 16:12 - 2016-05-20 16:12 - 06965248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-05-20 16:12 - 2016-05-20 16:12 - 00865280 _____ (AMD) C:\Windows\system32\SETE1F8.tmp
2016-05-20 16:12 - 2016-05-20 16:12 - 00865280 _____ (AMD) C:\Windows\system32\coinst_16.20.dll
2016-05-20 16:12 - 2016-05-20 16:12 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-05-20 16:12 - 2016-05-20 16:12 - 00117760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-05-20 16:09 - 2016-05-20 16:09 - 05643776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-05-20 16:09 - 2016-05-20 16:09 - 00716128 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-05-20 16:09 - 2016-05-20 16:09 - 00716128 _____ C:\Windows\system32\atiapfxx.blb
2016-05-20 16:09 - 2016-05-20 16:09 - 00385536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-05-20 16:09 - 2016-05-20 16:09 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-05-20 16:09 - 2016-05-20 16:09 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-05-20 16:09 - 2016-05-20 16:09 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-05-20 16:09 - 2016-05-20 16:09 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-05-20 16:08 - 2016-05-20 16:08 - 15711744 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-05-20 16:08 - 2016-05-20 16:08 - 14302720 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 24836096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00092160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00038400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-05-20 16:04 - 2016-05-20 16:04 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-05-20 16:03 - 2016-05-20 16:03 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2016-05-20 16:03 - 2016-05-20 16:03 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2016-05-20 16:03 - 2016-05-20 16:03 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2016-05-20 16:03 - 2016-05-20 16:03 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2016-05-20 16:02 - 2016-05-20 16:02 - 00588288 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-05-20 16:02 - 2016-05-20 16:02 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-05-20 16:02 - 2016-05-20 16:02 - 00306688 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-05-20 16:02 - 2016-05-20 16:02 - 00274432 _____ C:\Windows\system32\dgtrayicon.exe
2016-05-20 16:02 - 2016-05-20 16:02 - 00258560 _____ C:\Windows\system32\GameManager64.dll
2016-05-20 16:02 - 2016-05-20 16:02 - 00230912 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-05-20 16:02 - 2016-05-20 16:02 - 00223744 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-05-20 16:02 - 2016-05-20 16:02 - 00212480 _____ C:\Windows\system32\atieah64.exe
2016-05-20 16:02 - 2016-05-20 16:02 - 00202752 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-05-20 16:02 - 2016-05-20 16:02 - 00190464 _____ C:\Windows\SysWOW64\atieah32.exe
2016-05-20 16:02 - 2016-05-20 16:02 - 00093696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-05-20 16:01 - 2016-05-20 16:01 - 00270336 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-05-20 15:59 - 2016-05-20 15:59 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-05-20 15:57 - 2016-05-20 15:57 - 01304576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00973824 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00498176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-05-20 15:57 - 2016-05-20 15:57 - 00185344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00159232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00119808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00106496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00101376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-05-20 15:57 - 2016-05-20 15:57 - 00091136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-05-20 15:56 - 2016-05-20 15:56 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-05-20 15:55 - 2016-05-20 15:55 - 00251392 _____ C:\Windows\system32\hsa-thunk64.dll
2016-05-20 15:55 - 2016-05-20 15:55 - 00217088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-05-18 14:36 - 2016-05-18 14:36 - 00607089 _____ C:\Users\Vance\Downloads\PipWare UI Fallout4 Edition v0.7.4-388-0-7-4.7z
2016-05-18 14:13 - 2016-05-18 14:13 - 00003420 _____ C:\Users\Vance\Desktop\LoadOrder_Fallout4_2016-05-18T14-13-25.txt
2016-05-15 16:11 - 2016-05-15 17:53 - 00000000 ____D C:\Program Files (x86)\8-Bit Armies
2016-05-15 16:11 - 2016-05-15 16:11 - 00001034 _____ C:\Users\Vance\Desktop\8-Bit Armies.lnk
2016-05-14 19:36 - 2016-05-14 19:36 - 00000022 _____ C:\Windows\GPU-Z.INI
2016-05-14 19:36 - 2016-05-14 19:36 - 00000000 ____D C:\ProgramData\Futuremark
2016-05-14 19:33 - 2016-05-14 19:35 - 00000000 ____D C:\Program Files (x86)\Futuremark
2016-05-14 19:33 - 2016-05-14 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2016-05-14 19:27 - 2016-05-14 19:29 - 372882136 _____ (Futuremark) C:\Users\Vance\Desktop\3DMark_Vantage_v113_installer.exe
2016-05-13 21:18 - 2016-05-13 21:19 - 00000103 _____ C:\ProgramData\sga2sgb.ini
2016-05-13 15:09 - 2016-05-13 15:09 - 00000000 ____D C:\Users\Vance\AppData\Local\ElevatedDiagnostics
2016-05-13 12:36 - 2016-05-13 12:36 - 00000000 ____D C:\Users\Vance\AppData\Local\SplitMediaLabs
2016-05-13 12:34 - 2016-05-13 12:34 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-05-13 12:34 - 2016-05-13 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-05-13 12:34 - 2016-05-13 12:34 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs
2016-05-13 12:32 - 2016-05-16 09:05 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 12:32 - 2016-05-16 09:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 12:31 - 2016-05-13 12:31 - 00000000 ____D C:\Users\Vance\AppData\Roaming\SplitmediaLabs
2016-05-13 12:30 - 2016-05-13 12:30 - 90644008 _____ (SplitmediaLabs) C:\Users\Vance\Downloads\XSplit_Broadcaster_2.7.1602.2244.exe
2016-05-13 12:13 - 2016-05-28 19:53 - 00000000 ___SD C:\Users\Vance\AppData\LocalLow\Temp
2016-05-11 12:55 - 2016-05-11 12:55 - 00120336 _____ C:\Users\Vance\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-11 12:53 - 2016-05-11 12:55 - 00476928 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-09 12:39 - 2016-05-09 12:47 - 00000000 ____D C:\Users\Vance\Documents\Gaming Mouse Perdition
2016-05-09 00:05 - 2016-05-09 00:05 - 00874790 _____ C:\Windows\system32\amdicdxx.dat
2016-05-06 15:45 - 2016-05-06 15:45 - 00368416 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2016-05-01 13:16 - 2016-05-01 13:16 - 00053651 _____ C:\Users\Vance\Desktop\April 28th.pdf
2016-04-30 23:54 - 2016-04-30 23:54 - 00000000 ____D C:\Users\Vance\AppData\Local\CrashReportClient
2016-04-30 23:37 - 2016-04-30 23:37 - 00000000 ____D C:\Users\Vance\AppData\Local\Orion
2016-04-29 14:26 - 2016-04-29 14:26 - 00000000 _____ C:\Users\Vance\Desktop\New Text Document.txt
2016-04-29 12:22 - 2016-04-29 12:22 - 00000000 ____D C:\Users\Vance\AppData\Local\DOSBox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 15:19 - 2016-04-09 12:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-29 15:15 - 2015-04-07 16:52 - 00000000 ____D C:\Users\Vance\AppData\Roaming\Skype
2016-05-29 15:15 - 2014-12-13 00:59 - 00000000 ____D C:\Users\Vance\AppData\Roaming\TS3Client
2016-05-29 11:48 - 2015-12-05 14:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-28 22:49 - 2015-12-27 15:04 - 00000000 ____D C:\Users\Vance\Notepad++Backups
2016-05-28 22:28 - 2014-12-14 22:54 - 00000000 ____D C:\Users\Vance\.VirtualBox
2016-05-28 22:28 - 2014-12-13 00:42 - 00000000 ____D C:\Users\Vance\AppData\Roaming\uTorrent
2016-05-28 21:41 - 2014-12-17 15:03 - 00000000 ____D C:\Users\Vance\Downloads\I Am Alive
2016-05-28 21:14 - 2015-08-02 11:31 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-05-28 20:51 - 2014-12-14 22:56 - 00000000 ____D C:\Users\Vance\VirtualBox VMs
2016-05-28 20:30 - 2014-12-12 22:21 - 00000000 ____D C:\Users\Vance
2016-05-28 20:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-28 19:38 - 2015-12-30 15:50 - 00000000 ____D C:\Users\Vance\AppData\Local\CrashDumps
2016-05-28 19:38 - 2014-12-13 02:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-27 22:14 - 2015-09-13 00:05 - 00000000 ____D C:\Users\Vance\AppData\Roaming\TVMC
2016-05-27 19:54 - 2015-03-20 12:22 - 00000000 ____D C:\ProgramData\Origin
2016-05-26 19:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-26 17:58 - 2016-03-20 11:36 - 00000000 ____D C:\Users\Vance\Desktop\School Work
2016-05-26 17:46 - 2014-12-13 19:13 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-26 17:42 - 2015-12-22 01:25 - 00000000 ____D C:\Program Files (x86)\Renegade X
2016-05-26 17:41 - 2014-12-18 16:10 - 00000000 ____D C:\Program Files\OBS
2016-05-26 17:41 - 2014-12-18 16:10 - 00000000 ____D C:\Program Files (x86)\OBS
2016-05-26 17:12 - 2015-01-19 18:47 - 00000000 ____D C:\Users\Vance\Documents\My Scans
2016-05-26 15:24 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-26 15:19 - 2014-12-13 02:23 - 00000000 ____D C:\Users\Vance\Documents\My Games
2016-05-24 18:27 - 2015-12-31 14:35 - 00000000 ____D C:\Users\Vance\AppData\Local\TSVNCache
2016-05-24 18:23 - 2016-04-15 15:39 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-05-24 18:23 - 2015-12-22 22:52 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-05-24 18:22 - 2015-06-19 17:21 - 00000000 ____D C:\Program Files (x86)\AMD
2016-05-24 18:16 - 2015-06-11 21:10 - 00000000 ____D C:\Program Files\AMD
2016-05-24 18:16 - 2014-12-12 22:36 - 00000000 ____D C:\Users\Vance\AppData\Local\AMD
2016-05-24 18:11 - 2014-12-08 12:16 - 00000000 ____D C:\AMD
2016-05-23 13:22 - 2015-09-10 20:10 - 00000332 _____ C:\Users\Vance\Desktop\Server Passwords.txt
2016-05-20 16:06 - 2015-11-11 20:38 - 00000000 ____D C:\Users\Vance\AppData\Local\Fallout4
2016-05-19 14:35 - 2015-12-16 17:38 - 00000000 ____D C:\Users\Vance\AppData\Local\LOOT
2016-05-18 17:45 - 2014-12-14 00:02 - 00000000 ____D C:\Users\Vance\Documents\Nexus Mod Manager
2016-05-18 14:08 - 2016-02-05 13:54 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-05-18 14:08 - 2016-01-25 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-05-18 14:08 - 2016-01-25 18:31 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-05-16 18:40 - 2014-12-14 17:54 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-05-16 09:05 - 2014-12-12 23:26 - 00000000 ____D C:\Users\Vance\AppData\Local\Adobe
2016-05-16 09:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-15 16:14 - 2015-01-31 23:29 - 00000000 ____D C:\Users\Vance\Documents\Petroglyph
2016-05-15 16:10 - 2014-12-14 18:27 - 00000000 ____D C:\Users\Vance\AppData\Roaming\DAEMON Tools Lite
2016-05-15 08:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-05-14 20:23 - 2009-07-13 23:45 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-14 20:23 - 2009-07-13 23:45 - 00025936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-14 19:33 - 2014-12-12 23:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-13 15:47 - 2014-12-13 01:00 - 00000000 ____D C:\Users\Vance\AppData\Roaming\Notepad++
2016-05-13 12:13 - 2015-10-30 16:50 - 01048576 _____ C:\Windows\PE_Rom.dll
2016-05-13 12:13 - 2014-12-13 00:43 - 00000836 _____ C:\Users\Vance\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-05-10 19:43 - 2016-01-28 17:18 - 00000000 ____D C:\Users\Vance\Cisco Packet Tracer 6.3
2016-05-10 19:01 - 2015-01-22 18:41 - 00000372 _____ C:\Users\Vance\.packettracer
2016-05-09 18:39 - 2015-10-30 00:11 - 00000000 ____D C:\Users\Vance\Documents\ASUS Remote GO!
2016-05-09 16:38 - 2015-01-11 18:37 - 00000000 _____ C:\Windows\Path.idx
2016-05-09 15:41 - 2015-03-31 14:18 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2016-05-09 15:41 - 2011-04-12 03:28 - 00000000 ____D C:\Windows\CSC
2016-05-09 15:38 - 2015-04-09 15:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-05-09 12:51 - 2014-12-13 00:54 - 00000000 ____D C:\Users\Vance\AppData\Roaming\TeamViewer
2016-05-09 12:48 - 2014-12-30 19:07 - 00000000 ____D C:\Windows\Minidump
2016-05-09 12:39 - 2014-12-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REDRAGON GAMING MOUSE
2016-05-09 12:39 - 2014-12-12 22:31 - 00000000 ____D C:\Program Files (x86)\REDRAGON GAMING MOUSE
2016-05-07 19:48 - 2015-04-07 16:52 - 00000000 ____D C:\ProgramData\Skype
2016-05-07 19:47 - 2016-01-01 21:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-06 13:03 - 2015-02-06 18:20 - 00000000 ____D C:\ProgramData\Oracle
2016-05-06 13:02 - 2015-02-18 18:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-06 13:02 - 2014-12-13 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-06 13:01 - 2015-10-17 19:42 - 00000000 ____D C:\Users\Vance\.oracle_jre_usage
2016-05-06 13:01 - 2014-12-13 00:36 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-06 12:58 - 2015-12-05 14:09 - 00738880 _____ (Oracle Corporation) C:\Users\Vance\Downloads\jxpiinstall.exe
2016-05-02 17:23 - 2015-03-11 16:33 - 00002555 _____ C:\Windows\MB.idx
2016-04-30 23:37 - 2015-12-23 14:17 - 00000000 ____D C:\Users\Vance\AppData\Local\UnrealEngine
2016-04-30 22:35 - 2014-12-14 17:54 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-04-30 15:18 - 2015-07-23 12:53 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2016-04-29 20:21 - 2014-12-28 16:24 - 00000000 ____D C:\Users\Vance\Documents\MeridianSaves
2016-04-29 15:27 - 2014-12-08 10:03 - 00000000 ____D C:\Teamspeak
2016-04-29 12:47 - 2015-03-20 12:22 - 00000000 ____D C:\Program Files (x86)\Origin

==================== Files in the root of some directories =======

2016-05-25 01:02 - 2016-05-26 18:34 - 0003400 _____ () C:\Users\Vance\AppData\Roaming\VoiceMeeterDefault.xml
2015-08-02 11:30 - 2016-03-15 14:23 - 0000600 _____ () C:\Users\Vance\AppData\Local\PUTTY.RND
2015-10-18 19:19 - 2015-10-18 19:19 - 0003398 _____ () C:\Users\Vance\AppData\Local\recently-used.xbel
2014-12-13 14:05 - 2015-08-26 15:31 - 0007597 _____ () C:\Users\Vance\AppData\Local\Resmon.ResmonCfg
2015-05-23 10:14 - 2015-05-23 10:14 - 0000000 _____ () C:\Users\Vance\AppData\Local\springsettings.cfg
2014-12-12 23:09 - 2014-12-12 23:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-19 16:56 - 2016-02-24 16:22 - 0039364 _____ () C:\ProgramData\hpzinstall.log
2016-05-13 21:18 - 2016-05-13 21:19 - 0000103 _____ () C:\ProgramData\sga2sgb.ini

Some files in TEMP:
====================
C:\Users\Vance\AppData\Local\Temp\Bass.dll
C:\Users\Vance\AppData\Local\Temp\Bass.Net.dll
C:\Users\Vance\AppData\Local\Temp\Nexus Mod Manager-0.61.23.exe
C:\Users\Vance\AppData\Local\Temp\uninstall_flash_player.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 22:24] - [2014-12-13 04:14] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-20 22:24] - [2014-12-13 04:14] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-18 15:30

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 30 May 2016 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Unless needed for development purposes remove this old version of Java via the Control Panel > Programs > Programs and Features applet.
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
FF SearchPlugin: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\duckduckgo.xml [2014-07-19]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\artur.dubovoy@gmail.com [2016-05-16]
FF Extension: DivX Web Player - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-21] [not signed]
FF Extension: PriceBlink - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi [2016-05-12]
FF Extension: FreeStyler - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi [2016-03-17]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Vance\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {22D359BA-FF98-42F1-B089-FB67FE59F4B4} - System32\Tasks\{465E23C2-C20D-4220-98D2-82C641537B00} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1601
Task: {3F7CDD90-9BF7-4E2E-9166-7F381671B59A} - System32\Tasks\{5D3172FA-A421-4809-8B8E-FEED79AD7611} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.3.0.101&amp;LastError=12002
Task: {AEE4E45F-C83E-4A7A-9D6E-51B05A148600} - System32\Tasks\{D5E204AA-62F4-4455-A8B3-1C7DC3FF2089} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1601
AlternateDataStreams: C:\Users\Vance:Heroes & Generals [38]
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 30 May 2016 - 11:47 AM

Here is the log. You mentioned a Chrome Dev build. I have never installed Chrome nor do I have any intention of installing Chrome on this PC. What did you find?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Vance (2016-05-30 11:36:28) Run:1
Running from C:\Users\Vance\Desktop
Loaded Profiles: Vance (Available Profiles: Vance)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] ->
{C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} =>  No File
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} =>  No File
CHR
HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
SearchScopes: HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000170&geo=US&ver=22&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {72351B45-9636-4F99-820B-7C552D27897D}} -> No File
FF SearchPlugin: C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\duckduckgo.xml [2014-07-19]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] -
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\artur.dubovoy@gmail.com [2016-05-16]
FF Extension: DivX Web Player - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\DivXWebPlayer@divx.com.xpi [2011-12-21] [not signed]
FF Extension: PriceBlink - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi [2016-05-12]
FF Extension: FreeStyler - C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi [2016-03-17]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Vance\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys
[X]
Task: {22D359BA-FF98-42F1-B089-FB67FE59F4B4} - System32\Tasks\{465E23C2-C20D-4220-98D2-82C641537B00} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1601
Task: {3F7CDD90-9BF7-4E2E-9166-7F381671B59A} - System32\Tasks\{5D3172FA-A421-4809-8B8E-FEED79AD7611} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.3.0.101&amp;LastError=12002
Task: {AEE4E45F-C83E-4A7A-9D6E-51B05A148600} - System32\Tasks\{D5E204AA-62F4-4455-A8B3-1C7DC3FF2089} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.0.102/en/go/help.faq.installer?LastError=1601
AlternateDataStreams: C:\Users\Vance:Heroes & Generals [38]
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise1Normal" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise2Modified" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise3Conflict" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> => key not found.
HKCR\Wow6432Node\CLSID\ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> => key not found.
{C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise5ReadOnly" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise6Deleted" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise7Added" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise8Ignored" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  Tortoise9Unversioned" => key removed successfully
HKCR\Wow6432Node\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\HardLinkMenu" => key removed successfully
HKCR\Wow6432Node\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IconOverlayHardLink" => key removed successfully
HKCR\Wow6432Node\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IconOverlaySymbolicLink" => key removed successfully
HKCR\Wow6432Node\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE} => key not found.
CHR => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1393328475-2422675579-3373686829-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKU\S-1-5-21-1393328475-2422675579-3373686829-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72351B45-9636-4F99-820B-7C552D27897D}}" => key removed successfully
HKCR\CLSID\{72351B45-9636-4F99-820B-7C552D27897D}} => key not found.
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\searchplugins\duckduckgo.xml => moved successfully
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - => not found.
"C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\artur.dubovoy@gmail.com [2016-05-16]" => not found.
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\DivXWebPlayer@divx.com.xpi => moved successfully
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi => moved successfully
C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi => moved successfully
cpuz136 => service removed successfully
cpuz138 => service removed successfully
GPUZ => service removed successfully
IntcAzAudAddService => service removed successfully
VBoxNetFlt => service removed successfully
VGPU => service removed successfully
[X] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22D359BA-FF98-42F1-B089-FB67FE59F4B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22D359BA-FF98-42F1-B089-FB67FE59F4B4}" => key removed successfully
C:\Windows\System32\Tasks\{465E23C2-C20D-4220-98D2-82C641537B00} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{465E23C2-C20D-4220-98D2-82C641537B00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F7CDD90-9BF7-4E2E-9166-7F381671B59A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7CDD90-9BF7-4E2E-9166-7F381671B59A}" => key removed successfully
C:\Windows\System32\Tasks\{5D3172FA-A421-4809-8B8E-FEED79AD7611} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D3172FA-A421-4809-8B8E-FEED79AD7611}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEE4E45F-C83E-4A7A-9D6E-51B05A148600}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEE4E45F-C83E-4A7A-9D6E-51B05A148600}" => key removed successfully
C:\Windows\System32\Tasks\{D5E204AA-62F4-4455-A8B3-1C7DC3FF2089} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D5E204AA-62F4-4455-A8B3-1C7DC3FF2089}" => key removed successfully
C:\Users\Vance => ":Heroes & Generals" ADS removed successfully.
"C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\info@priceblink.com.xpi" => not found.
"C:\Users\Vance\AppData\Roaming\Mozilla\Firefox\Profiles\vue7hdlu.default-1428160267580\Extensions\{F0026022-A6C6-46DD-90DE-15922AA3422C}.xpi" => not found.
EmptyTemp: => 51.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:38:02 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 31 May 2016 - 07:20 AM

What I found as not required or bad was removed.

How is the computer running now?

#5 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 31 May 2016 - 02:37 PM

What I found as not required or bad was removed.

How is the computer running now?

 

Its fine now. I have not received any messages about outgoing traffic. Thank you very much.



#6 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 31 May 2016 - 02:39 PM

 

What I found as not required or bad was removed.

How is the computer running now?

 

Its fine now. I have not received any messages about outgoing traffic. Thank you very much.

 

Do you know where I could learn to mitigate and learn more about these threats? I am a student in a College going for an associates in IT. I want more than an Associates. But one thing at a time. Anything you can suggest that I could eventually put on a job resume?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 01 June 2016 - 08:16 AM

Go to this page.
The Practice Field
http://www.bleepingcomputer.com/forums/f/125/the-practice-field/

Start with the Sophomore Exercises
Read the instructions before proceeding.

===

There is also an other training ground at
SpywareInfoForum
http://www.spywareinfoforum.com/topic/34-the-boot-camp-here-anti-malware-training/

You have to register.
===

p.s. Do not subscribe to both forum.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 Vancer2

Vancer2
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 01 June 2016 - 04:19 PM

Go to this page.
The Practice Field
http://www.bleepingcomputer.com/forums/f/125/the-practice-field/

Start with the Sophomore Exercises
Read the instructions before proceeding.

===

There is also an other training ground at
SpywareInfoForum
http://www.spywareinfoforum.com/topic/34-the-boot-camp-here-anti-malware-training/

You have to register.
===

p.s. Do not subscribe to both forum.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

I can't use the Practice Field. I lack permissions.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 02 June 2016 - 07:28 AM

I'm checking with the Admin to find out if the class room is filled or not,
Stay with me.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 02 June 2016 - 09:27 AM

Got it, start here.

http://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users