Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Search Engage


  • This topic is locked This topic is locked
6 replies to this topic

#1 HamOfMoose

HamOfMoose

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 14 July 2016 - 10:52 PM

Not sure how it was downloaded but I am unable to remove search engage from Chrome/Firefox. I have read guides on removing the program but they seem to be temp Fixes as it is able to reinstall itself back to my browsers.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-07-2016 02
Ran by Jacob (administrator) on GAMINGMONSTER (14-07-2016 23:24:11)
Running from C:\Users\Jacob\Desktop
Loaded Profiles: Jacob (Available Profiles: Jacob)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Users\Jacob\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Jacob\AppData\Roaming\Dashlane\DashlanePlugin.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Spotify Ltd) C:\Users\Jacob\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Overwolf LTD) C:\Program Files (x86)\Overwolf\Overwolf.exe
(Curse) C:\Users\Jacob\AppData\Local\Apps\2.0\9VPNVK9O.8NW\RWQA541R.VY3\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944c2684f5b6c\CurseClient.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.96.143.0\OverwolfHelper.exe
(Overwolf LTD) C:\Program Files (x86)\Common Files\Overwolf\0.96.143.0\OverwolfHelper64.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Jacob\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\Jacob\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-05-24] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [uTorrent] => C:\Users\Jacob\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-23] (BitTorrent Inc.)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Google Update] => C:\Users\Jacob\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Dashlane] => C:\Users\Jacob\AppData\Roaming\Dashlane\Dashlane.exe [227200 2016-06-03] ()
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [DashlanePlugin] => C:\Users\Jacob\AppData\Roaming\Dashlane\DashlanePlugin.exe [286080 2016-06-03] ()
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Jacob\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [TSMApplication] => "C:\Program Files (x86)\TradeSkillMaster Application\app\TSMApplication.exe"
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Spotify Web Helper] => C:\Users\Jacob\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-14] (Spotify Ltd)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Spotify] => C:\Users\Jacob\AppData\Roaming\Spotify\Spotify.exe [6913648 2016-07-14] (Spotify Ltd)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [247344 2016-07-06] ()
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day6] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\MountPoints2: {06dec20c-a394-11e3-9f07-d05099039c2b} - G:\setup.exe
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\MountPoints2: {ed5d5dc8-93f0-11e3-8c04-806e6f6e6963} - D:\ASRSetup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-27] ()
CHR HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{9EDEC4E6-28C7-4DE3-9164-2AA45DA0548F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
 
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-07] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Jacob\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-06-03] (Dashlane)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Jacob\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-06-03] (Dashlane)
Toolbar: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290
FF NewTab: hxxps://searchengaged.com/?pub=2005&v=414
FF DefaultSearchEngine: Google Search
FF SelectedSearchEngine: Google Search
FF Homepage: hxxps://searchengaged.com/?pub=2005&v=414
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jacob\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-03-10] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-07-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jacob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: @talk.google.com/O1DPlugin -> C:\Users\Jacob\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jacob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1965558279-1697466837-4097706632-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Jacob\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jacob\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml [2016-07-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://searchengaged.com/?pub=2005&v=414
CHR StartupUrls: Default -> "hxxps://searchengaged.com/?pub=2005&v=414"
CHR DefaultSearchURL: Default -> hxxps://searchengaged.com/results.php?pub=2005&v=414&q={searchTerms}
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default -> hxxp://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-14]
CHR Extension: (Google Docs) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-14]
CHR Extension: (Google Drive) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-14]
CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-14]
CHR Extension: (Google Sheets) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-14]
CHR Extension: (Search Solutions) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe [2016-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-07-01] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-11-08] (BitRaider, LLC)
S4 DAUpdaterSvc; E:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-12-30] (BioWare)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-05-02] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-05-02] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1309936 2016-07-06] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-17] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7184144 2016-07-06] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 573D03E9CB7987F; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\573D03E9CB7987F.exe
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HiPatchService; E:\HiPatchService.exe [X]
S3 Origin Client Service; "E:\Origin\OriginClientService.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [52440 2012-12-26] (Asmedia Technology)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-02-12] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-11-08] (BitRaider)
S3 bulkadi; C:\Windows\System32\DRIVERS\bulkrazer_x64.sys [25088 2011-02-09] (Windows ® Codename Longhorn DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-29] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-14] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0044.sys [38432 2015-12-18] (SoftEther Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [31656 2015-06-08] ()
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [59344 2014-12-11] (Windows ® Win 7 DDK provider) [File not signed]
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-07-14] ()
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-14 23:24 - 2016-07-14 23:24 - 00029027 _____ C:\Users\Jacob\Desktop\FRST.txt
2016-07-14 23:22 - 2016-07-14 23:24 - 00000000 ____D C:\FRST
2016-07-14 23:22 - 2016-07-14 23:22 - 02390528 _____ (Farbar) C:\Users\Jacob\Desktop\FRST64.exe
2016-07-14 23:19 - 2016-07-14 23:19 - 00000000 ____D C:\Users\Jacob\Downloads\backups
2016-07-14 23:14 - 2016-07-14 23:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2016-07-14 19:22 - 2016-07-14 19:22 - 00001101 _____ C:\Users\Jacob\Desktop\Search.lnk
2016-07-14 12:44 - 2016-07-14 19:59 - 00000000 ____D C:\Users\Jacob\AppData\LocalLow\uTorrent
2016-07-14 12:40 - 2016-07-14 12:44 - 00000000 ____D C:\AdwCleaner
2016-07-14 12:40 - 2016-07-14 12:40 - 03712064 _____ C:\Users\Jacob\Downloads\adwcleaner_5.201.exe
2016-07-14 12:33 - 2016-07-14 12:33 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-14 12:33 - 2016-07-14 12:33 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-14 12:32 - 2016-07-14 22:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-14 12:32 - 2016-07-14 12:52 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-14 12:32 - 2016-07-14 12:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-14 12:32 - 2016-07-14 12:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-14 12:32 - 2016-07-14 12:32 - 00987728 _____ (Google Inc.) C:\Users\Jacob\Downloads\ChromeSetup.exe
2016-07-14 12:31 - 2016-07-10 22:13 - 01887800 _____ (NVIDIA Corporation) C:\Windows\system32\NvCamera64.dll
2016-07-14 12:31 - 2016-07-10 22:13 - 01595840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvCamera32.dll
2016-07-14 12:31 - 2016-07-10 18:36 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-07-14 12:31 - 2016-05-03 22:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-14 12:31 - 2016-05-03 22:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-07-14 12:31 - 2016-05-03 22:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-14 12:31 - 2016-05-03 22:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-14 12:30 - 2016-07-12 08:21 - 00214592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-07-14 12:30 - 2016-07-12 08:21 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 31640512 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 25414080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 13581880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-14 12:30 - 2016-07-10 22:13 - 10691632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 10656112 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 10234336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 09020656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 08742360 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 08615336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 03542072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 03099072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 01939000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436881.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436881.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 01001016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00930360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00909880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00852024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00694672 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00583736 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00544120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00490744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00459320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00444472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00406064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00394808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-07-14 12:30 - 2016-07-10 22:13 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-07-14 12:25 - 2016-07-14 12:25 - 00000000 ____D C:\Users\Jacob\Documents\Elder Scrolls Online
2016-07-14 12:12 - 2016-07-12 08:21 - 01579976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-07-14 12:12 - 2016-07-10 22:13 - 19220352 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-07-14 12:12 - 2016-06-29 18:44 - 01922616 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436869.dll
2016-07-14 12:12 - 2016-06-29 18:44 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436869.dll
2016-07-14 09:38 - 2016-07-14 12:25 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2016-07-14 09:38 - 2016-07-14 09:38 - 00001251 _____ C:\Users\Jacob\Desktop\The Elder Scrolls Online.lnk
2016-07-14 09:38 - 2016-07-14 09:38 - 00000000 ___HD C:\Program Files (x86)\Zero G Registry
2016-07-14 09:38 - 2016-07-14 09:38 - 00000000 ____D C:\Windows\jre
2016-07-14 09:38 - 2016-07-14 09:38 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2016-07-14 08:54 - 2016-07-14 08:54 - 110019552 _____ (Zenimax Media Inc) C:\Users\Jacob\Downloads\Install_ESO.exe
2016-07-14 03:51 - 2016-07-14 03:51 - 142667264 _____ C:\Users\Jacob\Documents\cats
2016-07-14 03:33 - 2016-07-14 13:01 - 00000000 ____D C:\Users\Jacob\Desktop\H
2016-07-11 20:30 - 2016-07-11 21:24 - 00000000 ____D C:\DeepBot - Twitch Streamer Assistant
2016-07-11 20:30 - 2016-07-11 20:30 - 00000790 _____ C:\Users\Public\Desktop\DeepBot.lnk
2016-07-10 08:55 - 2016-07-10 08:55 - 03273680 _____ C:\Users\Jacob\ts3_recording_16_07_10_8_55_7.wav
2016-07-02 14:15 - 2016-07-14 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-01 20:16 - 2016-07-01 20:16 - 00000000 ____D C:\Users\Jacob\AppData\Local\BattlEye
2016-06-27 15:31 - 2016-07-11 04:21 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-06-27 15:31 - 2016-07-11 04:21 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-06-27 15:31 - 2016-06-27 15:31 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2016-06-27 15:31 - 2016-06-27 15:31 - 00001973 _____ C:\Users\Public\Desktop\Overwolf.lnk
2016-06-27 15:31 - 2016-06-27 15:31 - 00000000 ____D C:\ProgramData\Overwolf
2016-06-27 15:29 - 2016-07-14 12:52 - 00000000 ____D C:\Users\Jacob\AppData\Local\Overwolf
2016-06-24 20:07 - 2016-06-24 20:07 - 00000609 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-06-23 11:09 - 2016-06-23 11:09 - 00018783 _____ C:\Users\Jacob\Downloads\supers0aksPersistedSettings.json
2016-06-23 11:06 - 2016-06-23 05:38 - 00017736 _____ C:\Users\Jacob\Desktop\PersistedSettings.json
2016-06-21 10:16 - 2016-06-21 10:16 - 00717985 _____ C:\Windows\unins001.exe
2016-06-21 10:16 - 2016-06-21 10:16 - 00008763 _____ C:\Windows\unins001.dat
2016-06-21 10:16 - 2016-06-21 10:16 - 00001891 _____ C:\Users\Jacob\Downloads\PatchFF7Script.bat
2016-06-21 10:13 - 2016-06-21 10:16 - 33399878 _____ (Johnny "ThunderPeel2001" Walker ) C:\Users\Jacob\Downloads\FF7-XBoxControllerFix-2.1.exe
2016-06-21 09:05 - 2016-06-21 09:05 - 04127744 _____ C:\Users\Jacob\Downloads\ff7_en1.01a.EXE
2016-06-21 09:04 - 2016-06-21 09:04 - 00109174 _____ C:\Users\Jacob\Downloads\cjb-ff7.rar
2016-06-21 09:02 - 2016-06-21 09:03 - 72242192 _____ C:\Users\Jacob\Downloads\mt-x_setup.rar
2016-06-21 08:58 - 2016-06-21 08:58 - 00014380 _____ C:\Users\Jacob\Downloads\Final Fantasy VII Trainer-NewAgeSoldier.rar
2016-06-21 08:54 - 2016-06-21 08:55 - 03459871 _____ C:\Users\Jacob\Downloads\FINAL.FANTASY.7.2K12.V1.06.PLUS15TRN.ZODDEL.ZIP
2016-06-21 08:53 - 2016-06-21 08:53 - 03504327 _____ C:\Users\Jacob\Downloads\FINAL.FANTASY.7.2K12.V1.06.PLUS19TRN.HAPPYREADYGO.ZIP
2016-06-21 08:53 - 2016-06-21 08:53 - 00000000 ____D C:\Users\Jacob\Documents\My Cheat Tables
2016-06-20 22:12 - 2016-07-11 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBot
2016-06-20 22:12 - 2016-06-20 22:12 - 43324461 _____ (DeepBot.tv) C:\Users\Jacob\Downloads\DeepBot.exe
2016-06-20 22:12 - 2016-06-20 22:12 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\DeepBot.tv
2016-06-19 07:00 - 2016-06-19 07:00 - 00640376 _____ C:\Users\Jacob\Downloads\dying_light_the_following_enhanced_edition_v1100_plus_27_trainer.zip
2016-06-19 06:59 - 2016-06-19 06:59 - 02091785 _____ C:\Users\Jacob\Downloads\dlv162+13tr.rar
2016-06-19 06:50 - 2016-06-19 06:50 - 01864788 _____ C:\Users\Jacob\Downloads\Dying Light+31Tr-LNG_v1.6.2.rar
2016-06-19 06:22 - 2016-07-14 19:50 - 00000560 __RSH C:\Users\Jacob\ntuser.pol
2016-06-19 06:22 - 2016-06-19 06:22 - 00000000 _____ C:\Users\Jacob\Downloads\Unconfirmed 664474.crdownload
2016-06-19 03:13 - 2016-06-19 03:13 - 00000000 ____D C:\Users\Jacob\Documents\DyingLight
2016-06-18 21:21 - 2016-06-18 21:21 - 00065502 _____ C:\Users\Jacob\Downloads\Dying.Light.Enhanced.Edition.Incl.DLC-Repack.torrent
2016-06-16 01:33 - 2016-06-16 01:33 - 00000839 _____ C:\Users\Public\Desktop\World of Warcraft Public Test.lnk
2016-06-16 01:33 - 2016-06-16 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2016-06-15 17:47 - 2016-06-15 17:47 - 03586312 _____ C:\Users\Jacob\Downloads\EPMRCon 1.0.0.5.zip
2016-06-15 17:13 - 2016-06-15 17:13 - 00050160 _____ C:\Users\Jacob\Desktop\Recoil.ahk
2016-06-14 15:25 - 2016-06-14 15:25 - 00000273 _____ C:\Users\Jacob\Desktop\bak.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-14 23:23 - 2014-02-13 20:36 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\uTorrent
2016-07-14 23:21 - 2014-02-12 14:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-14 23:19 - 2014-02-12 14:57 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Skype
2016-07-14 23:15 - 2014-02-11 21:56 - 00000000 ____D C:\Users\Jacob\AppData\Local\Battle.net
2016-07-14 23:14 - 2014-02-14 14:55 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965558279-1697466837-4097706632-1000UA.job
2016-07-14 22:53 - 2014-10-22 16:44 - 00000000 ____D C:\Users\Jacob\AppData\Local\Deployment
2016-07-14 21:21 - 2014-02-12 14:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 21:21 - 2014-02-12 14:52 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 21:21 - 2014-02-12 14:52 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 19:50 - 2014-02-12 07:26 - 00000000 ____D C:\Users\Jacob
2016-07-14 19:22 - 1662-07-20 09:47 - 00240640 _____ C:\Windows\SysWOW64\573D03E9CB7987F.exe
2016-07-14 19:14 - 2014-02-14 14:55 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1965558279-1697466837-4097706632-1000Core.job
2016-07-14 12:58 - 2009-07-14 01:13 - 00784394 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-14 12:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-14 12:54 - 2014-02-11 21:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-14 12:53 - 2016-02-29 06:21 - 00000000 ____D C:\Users\Jacob\AppData\Local\Spotify
2016-07-14 12:53 - 2016-02-29 06:20 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Spotify
2016-07-14 12:52 - 2016-05-05 00:28 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2016-07-14 12:52 - 2014-12-10 19:24 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2016-07-14 12:52 - 2014-02-11 20:56 - 04067758 _____ C:\Windows\ntbtlog.txt
2016-07-14 12:52 - 2014-02-11 19:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-14 12:52 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-14 12:33 - 2014-02-12 07:41 - 00000000 ____D C:\Users\Jacob\AppData\Local\Google
2016-07-14 12:32 - 2014-02-12 07:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-07-14 12:31 - 2016-03-13 14:28 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-07-14 12:31 - 2014-02-11 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-14 12:31 - 2014-02-11 19:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-14 12:31 - 2014-02-11 19:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-14 12:30 - 2016-02-09 04:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-14 12:14 - 2016-02-10 00:06 - 00000000 ____D C:\Users\Jacob\AppData\Local\CrashDumps
2016-07-14 12:10 - 2014-04-21 22:48 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\TS3Client
2016-07-12 23:06 - 2014-02-12 15:20 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\OBS
2016-07-12 20:18 - 2016-05-04 00:04 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-07-12 20:18 - 2014-09-10 23:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-12 17:21 - 2014-02-12 14:52 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 17:21 - 2014-02-12 14:52 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-11 04:21 - 2014-04-30 20:58 - 00000000 ____D C:\Users\Jacob\AppData\Local\TSVNCache
2016-07-10 22:13 - 2016-06-08 16:31 - 17321352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-07-10 22:13 - 2016-05-04 23:16 - 16790552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-07-10 22:13 - 2016-01-14 17:35 - 14371384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-07-10 22:13 - 2016-01-14 17:35 - 03840096 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-07-10 22:13 - 2016-01-14 17:35 - 03393576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-07-10 22:13 - 2014-02-11 19:44 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-07-10 19:17 - 2016-01-14 17:36 - 00547896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-07-10 19:17 - 2016-01-14 17:36 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-07-10 19:17 - 2014-02-11 19:45 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-10 19:17 - 2014-02-11 19:45 - 02465848 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-07-10 19:17 - 2014-02-11 19:45 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-10 19:17 - 2014-02-11 19:45 - 01364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-10 19:17 - 2014-02-11 19:45 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-10 19:17 - 2014-02-11 19:45 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-10 08:58 - 2016-02-18 13:10 - 00020480 ___SH C:\Users\Jacob\Thumbs.db
2016-07-07 13:03 - 2014-02-11 19:45 - 07211925 _____ C:\Windows\system32\nvcoproc.bin
2016-07-02 12:44 - 2015-10-29 05:54 - 00000000 _____ C:\Users\Jacob\AppData\LocalLow\rightsCheck_1.txt
2016-07-02 08:30 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-07-01 14:43 - 2015-09-23 22:24 - 00000000 ____D C:\Program Files (x86)\LoLBuilder.net App
2016-06-29 15:13 - 2014-05-09 22:59 - 00000000 ____D C:\Users\Jacob\AppData\Local\Arma 3
2016-06-28 19:41 - 2016-02-28 01:07 - 00000000 ____D C:\Users\Jacob\AppData\Local\ftblauncher
2016-06-28 17:40 - 2014-05-09 23:41 - 00000000 ____D C:\Users\Jacob\Documents\Arma 3 - Other Profiles
2016-06-27 20:06 - 2014-02-12 17:13 - 00000000 ____D C:\Users\Jacob\AppData\Local\._LiveCode_
2016-06-27 14:05 - 2016-02-25 05:43 - 00000000 ____D C:\Users\Jacob\Desktop\stuff
2016-06-25 14:27 - 2016-01-25 14:17 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\BoL
2016-06-24 19:07 - 2014-04-21 22:48 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-06-24 17:25 - 2009-07-14 00:45 - 05004056 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-24 16:54 - 2016-04-27 04:17 - 00000000 ____D C:\ProgramData\Screaming Bee
2016-06-24 16:54 - 2016-04-27 04:17 - 00000000 ____D C:\Program Files (x86)\Screaming Bee
2016-06-23 14:40 - 2014-09-02 18:05 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\vlc
2016-06-22 07:10 - 2014-02-11 19:56 - 00000000 ____D C:\NVIDIA
2016-06-21 23:13 - 2016-03-02 12:41 - 00000000 ____D C:\Users\Jacob\AppData\Local\Rekty_Stream_Tools
2016-06-21 02:06 - 2016-03-19 02:21 - 00000000 ____D C:\Users\Jacob\Desktop\EPM
2016-06-20 22:13 - 2014-02-12 07:37 - 00113240 _____ C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-19 06:46 - 2014-02-16 16:45 - 00000000 ____D C:\Windows\Razer Core
2016-06-19 06:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-06-17 22:49 - 2015-12-13 16:50 - 00002169 _____ C:\Users\Jacob\Desktop\Discord.lnk
2016-06-17 22:49 - 2015-12-13 16:50 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-17 22:49 - 2015-12-13 16:49 - 00000000 ____D C:\Users\Jacob\AppData\Local\SquirrelTemp
2016-06-17 22:49 - 2015-12-13 16:49 - 00000000 ____D C:\Users\Jacob\AppData\Local\Discord
2016-06-14 16:18 - 2016-05-21 22:26 - 00001998 ____H C:\Users\Jacob\Documents\Default.rdp
 
==================== Files in the root of some directories =======
 
2014-05-09 23:48 - 2015-06-11 03:11 - 0000302 _____ () C:\Users\Jacob\AppData\Roaming\BreakingPoint_Login.ini
2014-08-03 16:30 - 2015-06-11 10:26 - 0001455 _____ () C:\Users\Jacob\AppData\Roaming\BreakingPoint_Options.ini
2015-04-01 02:42 - 2015-10-29 08:12 - 0000134 _____ () C:\Users\Jacob\AppData\Roaming\CSharpAnalytics-MeasurementQueue
2015-04-01 02:42 - 2016-02-08 00:15 - 0000444 _____ () C:\Users\Jacob\AppData\Roaming\CSharpAnalytics-MeasurementSession
2015-10-14 02:52 - 2015-12-17 05:08 - 0001495 _____ () C:\Users\Jacob\AppData\Roaming\droid4xinstaller.log
2014-07-14 15:35 - 2015-12-28 18:28 - 0000099 _____ () C:\Users\Jacob\AppData\Roaming\LauncherSettings_live.cfg
2014-07-14 12:01 - 2015-12-28 06:21 - 0000040 _____ () C:\Users\Jacob\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-10-16 20:09 - 2014-12-12 05:27 - 0001181 _____ () C:\Users\Jacob\AppData\Roaming\trace_FilterInstaller.1.txt
2014-10-16 20:09 - 2014-10-16 20:09 - 0001181 _____ () C:\Users\Jacob\AppData\Roaming\trace_FilterInstaller.2.txt
2014-10-16 20:09 - 2014-12-12 05:30 - 0000919 _____ () C:\Users\Jacob\AppData\Roaming\trace_FilterInstaller.txt
2014-10-16 20:09 - 2014-12-12 05:30 - 0000000 _____ () C:\Users\Jacob\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-07-14 09:34 - 2016-07-14 12:57 - 0054784 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
2014-05-07 01:42 - 2014-05-07 01:42 - 0301496 _____ (VuuPC Limited) C:\Users\Jacob\AppData\Local\nsg888E.tmp
2016-05-11 03:47 - 2016-05-11 03:47 - 0006288 _____ () C:\Users\Jacob\AppData\Local\recently-used.xbel
2015-08-25 22:06 - 2015-08-25 22:06 - 0007607 _____ () C:\Users\Jacob\AppData\Local\Resmon.ResmonCfg
2014-02-12 07:36 - 2014-02-12 07:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-01 19:11 - 2015-03-01 19:11 - 0000087 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Public\Minecraft 1.7.2.exe
 
 
Some files in TEMP:
====================
C:\Users\Jacob\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
C:\Users\Jacob\AppData\Local\Temp\Bass.dll
C:\Users\Jacob\AppData\Local\Temp\Bass.Net.dll
C:\Users\Jacob\AppData\Local\Temp\bb97f7eb69c2f51115f05cdbb66125ae.dll
C:\Users\Jacob\AppData\Local\Temp\libeay32.dll
C:\Users\Jacob\AppData\Local\Temp\msvcr120.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jacob\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jacob\AppData\Local\Temp\nvscpapisvr.exe
C:\Users\Jacob\AppData\Local\Temp\nvStInst.exe
C:\Users\Jacob\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2014-06-20 21:47] - [2014-12-24 06:52] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79
 
C:\Windows\SysWOW64\User32.dll
[2014-06-20 21:47] - [2014-12-24 06:52] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE
 
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-07 00:29
 
==================== End of FRST.txt ============================
 
Thank you for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 16 July 2016 - 10:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is NOT GOOD it's out of date and not enough to protect your computer against infection.
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Run the fix below and protect your computer as suggested here.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
() C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day6] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
CHR HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF NewTab: hxxps://searchengaged.com/?pub=2005&v=414
FF Homepage: hxxps://searchengaged.com/?pub=2005&v=414
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml [2016-07-14]
CHR HomePage: Default -> hxxps://searchengaged.com/?pub=2005&v=414
CHR StartupUrls: Default -> "hxxps://searchengaged.com/?pub=2005&v=414"
CHR DefaultSearchURL: Default -> hxxps://searchengaged.com/results.php?pub=2005&v=414&q={searchTerms}
CHR Extension: (Search Solutions) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe [2016-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
S2 573D03E9CB7987F; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\573D03E9CB7987F.exe
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HiPatchService; E:\HiPatchService.exe [X]
S3 Origin Client Service; "E:\Origin\OriginClientService.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\1\Support.lnk -> hxxp://techsupport.ea.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.needforspeed.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\1\Support.lnk -> hxxp://support.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\1\Guild Wars Support Web Site.lnk -> hxxp://www.guildwars.com/support/support.html (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\0\Guild Wars Web Site.lnk -> hxxp://www.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk -> hxxp://us.blizzard.com/support/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk -> hxxp://signup.worldofwarcraft.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk -> hxxp://enus.nydus.battle.net/wow/enUS/installer/manual (No File)
2016-07-14 09:34 - 2016-07-14 12:57 - 00054784 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\system32\573D03E9CB7987F.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 HamOfMoose

HamOfMoose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 16 July 2016 - 02:59 PM

Holy crap that was a fast reply, Log listed below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-07-2016
Ran by Jacob (2016-07-16 15:47:34) Run:1
Running from C:\Users\Jacob\Desktop
Loaded Profiles: Jacob (Available Profiles: Jacob)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
() C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
(BitTorrent Inc.) C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day0] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day1] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day2] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day3] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day4] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day5] => [X]
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\...\RunOnce: [AsrOMG_Day6] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jacob\AppData\Local\MEGAsync\ShellExtX32.dll No File
CHR HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF NewTab: hxxps://searchengaged.com/?pub=2005&v=414
FF Homepage: hxxps://searchengaged.com/?pub=2005&v=414
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF SearchPlugin: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml [2016-07-14]
CHR HomePage: Default -> hxxps://searchengaged.com/?pub=2005&v=414
CHR StartupUrls: Default -> "hxxps://searchengaged.com/?pub=2005&v=414"
CHR DefaultSearchURL: Default -> hxxps://searchengaged.com/results.php?pub=2005&v=414&q={searchTerms}
CHR Extension: (Search Solutions) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe [2016-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-14]
S2 573D03E9CB7987F; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\573D03E9CB7987F.exe
S3 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HiPatchService; E:\HiPatchService.exe [X]
S3 Origin Client Service; "E:\Origin\OriginClientService.exe" [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone for Android\DriverInstall.exe" [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jacob\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\1\Support.lnk -> hxxp://techsupport.ea.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.needforspeed.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\1\Support.lnk -> hxxp://support.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\1\Guild Wars Support Web Site.lnk -> hxxp://www.guildwars.com/support/support.html (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\0\Guild Wars Web Site.lnk -> hxxp://www.guildwars.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk -> hxxp://us.blizzard.com/support/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk -> hxxp://signup.worldofwarcraft.com/ (No File)
Shortcut: C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk -> hxxp://enus.nydus.battle.net/wow/enUS/installer/manual (No File)
2016-07-14 09:34 - 2016-07-14 12:57 - 00054784 _____ () C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
AlternateDataStreams: C:\Windows\Temp:$DATA [16]
C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe
C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\system32\573D03E9CB7987F.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe => No running process found
C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe => No running process found
C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe => No running process found
C:\Users\Jacob\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day0 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day1 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day2 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day3 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day4 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day5 => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AsrOMG_Day6 => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => key removed successfully
"HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => key removed successfully
"HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => key removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1965558279-1697466837-4097706632-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe => moved successfully
C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
573D03E9CB7987F => service removed successfully
BstHdAndroidSvc => service removed successfully
BstHdLogRotatorSvc => service removed successfully
BstHdUpdaterSvc => service removed successfully
HiPatchService => service removed successfully
Origin Client Service => service removed successfully
WsDrvInst => service removed successfully
BstHdDrv => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
X6va027 => service removed successfully
xhunter1 => service removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1965558279-1697466837-4097706632-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\1\Support.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{A7F81299-91C0-404E-9A00-C21BAF0047AE}\SupportTasks\0\More Games from Microsoft.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\1\Support.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{5E0398EE-71F3-4E1E-A8F8-56AF81E49108}\SupportTasks\0\More Games from Microsoft.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\1\Guild Wars Support Web Site.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{3B750E39-4554-C691-1D4D-C7B033A15E0D}\SupportTasks\0\Guild Wars Web Site.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk => moved successfully
C:\Users\Jacob\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk => moved successfully
C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe => moved successfully
C:\Windows\Temp => ":$DATA" ADS removed successfully.
"C:\Users\Jacob\AppData\Roaming\Microsoft\scvhost.exe" => not found.
"C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\sszn4ipg.default-1437246944290\searchplugins\start.xml" => not found.
"C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnmogmoebdegdjlohncfcfmhcfpkcpe" => not found.
"C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Windows\system32\573D03E9CB7987F.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21127546 B
Java, Flash, Steam htmlcache => 270491449 B
Windows/system/drivers => 9886398653 B
Edge => 0 B
Chrome => 741029646 B
Firefox => 384548690 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 46631230 B
systemprofile32 => 185370 B
LocalService => 132244 B
NetworkService => 512298 B
Jacob => 1148073468 B
UpdatusUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 11.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:47:58 ====
 
Still getting the installed by enterprise policy in chrome but I should be able to get that removed, Will see in a min.
 
also discovered that windows update was off for some reason thats why defender was out of date :o


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 17 July 2016 - 08:44 AM

Chrome Extension
How to Uninstall Extension with "Installed by Enterprise Policy" from Google?

We have to find which extension is protected.
Read this article.
http://forums.anvisoft.com/viewtopic-51-8494-0.html

Unless you can find the culprit and remove it run this.

Please run the Farbar Recovery Scan Tool. Enter ExtensionInstallForcelist in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Wait for further instructions.

#5 HamOfMoose

HamOfMoose
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 17 July 2016 - 08:54 AM

Yea pretty sure I got the extension removed, it hasn't popped up since running the fixlist. 
 
Farbar Recovery Scan Tool (x64) Version: 17-07-2016
Ran by Jacob (2016-07-17 09:52:52)
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal
 
================== Search Registry: "ExtensionInstallForcelist" ===========
 
 
====== End of Search ======


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 17 July 2016 - 10:39 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,230 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:40 AM

Posted 24 July 2016 - 07:40 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users