Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebyte blocks outbound connection in Firefox


  • This topic is locked This topic is locked
4 replies to this topic

#1 Filipi

Filipi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 20 July 2016 - 02:10 PM

Hello

 

I activated a trial version of Malwarebytes Anti-Malware today and everytime I open Firefox, it blocks an outbound connection to some website. This is the log of the block:

Spoiler

 

I ran a full scan with MB but it found nothing. I searched the problem on google but on every thread it said "this solution is for the specific user only" or something so I didn't know where to go from there.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Filipi (administrator) on FILIPI-PC (20-07-2016 18:51:10)
Running from M:\Vital F\Vista Desktop
Loaded Profiles: Filipi (Available Profiles: Filipi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softland) C:\Program Files (x86)\Softland\FBackup 5\bService.exe
(Hi-Rez Studios) K:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Dead:Code) C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe
() K:\Program Files (x86)\tapeta\TapetA.exe
() C:\Program Files (x86)\SVP\SVPMgr.exe
(Valve Corporation) K:\Program Files (x86)\Steam\Steam.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Valve Corporation) K:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
() K:\Program Files (x86)\Rainmeter\Rainmeter.exe
(uWebb Software) M:\Vital F\Vista Desktop\PC Testing\RealTemp_370\RealTemp.exe
(RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
() K:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) K:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() C:\Program Files (x86)\Streamripper\wstreamripper.exe
() M:\Vital F\Vista Desktop\DefaultAudioChanger_x64_1.0.3\DefaultAudioChanger_x64_1.0.03\DefaultAudioChanger.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Valve Corporation) K:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-12-13] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2009-03-15] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [wmp12fix] => C:\Program Files (x86)\WMP12 maximize fix\wmp12fix.exe [58368 2009-10-30] (Dead:Code)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [TapetA] => K:\Program Files (x86)\tapeta\TapetA.exe [1052160 2005-09-08] ()
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [SVPMgr] => C:\Program Files (x86)\SVP\SVPMgr.exe [973824 2015-07-06] ()
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [Steam] => K:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [FBackup 5] => C:\Program Files (x86)\Softland\FBackup 5\FBackup.exe [13145656 2014-10-22] (Softland)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: G - G:\START.exe
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: L - L:\setup.exe
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: O - O:\autorun.exe
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: P - P:\autorun.exe
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: {7a6cced7-4ce0-11e5-92d2-c7a33edea0f7} - R:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\MountPoints2: {ae1a4ac3-bff8-11e3-967d-f13ce4c38e04} - H:\RunMe.exe
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk [2014-02-25]
ShortcutTarget: NETGEAR WN111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
Startup: C:\Users\Filipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter - Shortcut.lnk [2014-02-25]
ShortcutTarget: Rainmeter - Shortcut.lnk -> K:\Program Files (x86)\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Filipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RealTemp.exe — skrót.lnk [2015-05-23]
ShortcutTarget: RealTemp.exe — skrót.lnk -> M:\Vital F\Vista Desktop\PC Testing\RealTemp_370\RealTemp.exe (uWebb Software)
Startup: C:\Users\Filipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2015-06-23]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
Startup: C:\Users\Filipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock — skrót.lnk [2014-02-26]
ShortcutTarget: RocketDock — skrót.lnk -> K:\Program Files (x86)\RocketDock\RocketDock.exe ()
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1002672045-1935077752-3802714536-1000] => 188.211.239.11:3128
Hosts: 127.0.0.1 reliclive.quazal.net
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{06FAEB29-6EB1-4677-909B-9A52D6E6BB73}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{8A505400-A08A-42D8-8970-CF7C22DC9389}: [DhcpNameServer] 192.168.1.254 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-29] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default
FF Homepage: google.pl
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&btnI=745&q=
FF NetworkProxy: "http", "14.162.66.79"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-19] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-19] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-04-21] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1002672045-1935077752-3802714536-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Filipi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1002672045-1935077752-3802714536-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-07-12] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Users\Filipi\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2010-12-27] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\searchplugins\google-im-feeling-lucky.xml [2014-07-09]
FF Extension: Greasemonkey - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-04-29]
FF Extension: Classic Theme Restorer - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-07-03]
FF Extension: Classic Toolbar Buttons - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\CSTBB@NArisT2_Noia4dev.xpi [2016-07-01]
FF Extension: Expire history by days - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\expire-history-by-days@bonardo.net.xpi [2016-02-07]
FF Extension: Ghostery - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\firefox@ghostery.com.xpi [2016-07-09]
FF Extension: MEGA - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\firefox@mega.co.nz.xpi [2016-07-15]
FF Extension: LavaFox V2 - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\info@djzig.com [2016-06-10]
FF Extension: Skip adf.ly skip!! - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\jid1-nSEySa4aWGanbw@jetpack.xpi [2016-04-21]
FF Extension: FrankerFaceZ - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2016-03-29]
FF Extension: Reddit Enhancement Suite - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-03-17]
FF Extension: Keyword Search - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\keywordsearch@kaply.com.xpi [2015-08-18]
FF Extension: NASA Night Launch - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\nasanightlaunch@example.com.xpi [2016-04-01]
FF Extension: PrivacyChoice TrackerBlock - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\trackerblock@privacychoice.org.xpi [2016-04-27]
FF Extension: uBlock Origin - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\uBlock0@raymondhill.net.xpi [2016-01-15]
FF Extension: videoresumer - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\videoresumer@jetpack.xpi [2015-11-05]
FF Extension: BlackFox V2 - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\zigboom@hotmail.com [2016-06-10]
FF Extension: Flagfox - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-06-20]
FF Extension: FT DeepDark - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2016-06-28]
FF Extension: YouTube High Definition - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-07-20]
FF Extension: Downloads Window - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\{a7213cf2-fa1e-4373-88ff-255d0abd3020}.xpi [2016-07-20]
FF Extension: Video DownloadHelper - C:\Users\Filipi\AppData\Roaming\Mozilla\Firefox\Profiles\cpjfz6tk.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-07-22] ()
R2 FBackup5Srv; C:\Program Files (x86)\Softland\FBackup 5\bService.exe [4640312 2014-10-22] (Softland)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation)
U2 HiPatchService; K:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-07-12] (Hi-Rez Studios) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.) [File not signed]
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 mi-raysat_3dsmax2016_64; N:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-12-21] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation)
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-03-01] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-08] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-03-11] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 mi-raysat_3dsmax2012_64; "F:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [X]
S3 VSStandardCollectorService140; "N:\vs\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
R3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-11] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 SaiK1705; C:\Windows\System32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU1705; C:\Windows\System32\DRIVERS\SaiU1705.sys [47208 2012-09-20] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-04-11] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
R3 WinRing0_1_2_0; M:\Vital F\Vista Desktop\PC Testing\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2w7x.sys [783360 2010-04-27] (Atheros Communications, Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
U3 ahht25if; C:\Windows\System32\Drivers\ahht25if.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\C:\Users\Filipi\AppData\Local\Temp\ALSysIO64.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 18:51 - 2016-07-20 18:51 - 00000000 ____D C:\FRST
2016-07-20 18:31 - 2016-07-20 18:31 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-07-20 18:31 - 2016-07-20 18:31 - 00000136 _____ C:\Windows\system32\bootdelete.lst
2016-07-20 18:19 - 2016-07-20 18:31 - 00000000 ____D C:\ProgramData\HitmanPro
2016-07-20 16:47 - 2016-07-20 16:47 - 00063038 _____ C:\Users\Filipi\AppData\Local\recently-used.xbel
2016-07-18 12:15 - 2016-07-18 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-07-15 16:59 - 2016-07-15 16:59 - 00000000 ____D C:\Users\Filipi\AppData\LocalLow\Smartly Dressed Games
2016-07-10 20:32 - 2016-07-10 20:32 - 00000000 ____D C:\Users\Filipi\AppData\LocalLow\Blazing Griffin
2016-07-06 22:35 - 2016-07-14 18:00 - 00000000 ____D C:\ProgramData\Thief 3 Sneaky Upgrade
2016-07-06 22:35 - 2016-07-06 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thief 3 Sneaky Upgrade
2016-06-28 19:27 - 2016-06-28 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KDiff3
2016-06-28 19:27 - 2016-06-28 19:27 - 00000000 ____D C:\Program Files\KDiff3
2016-06-28 18:33 - 2016-06-28 18:33 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\Bitdefender
2016-06-23 21:24 - 2016-06-23 21:24 - 00253702 _____ C:\ProgramData\1466713242.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-20 18:42 - 2014-06-28 10:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-20 18:01 - 2014-09-25 13:45 - 00000000 ____D C:\Windows\pss
2016-07-20 17:56 - 2014-06-28 10:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-20 17:56 - 2014-06-28 10:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-20 17:38 - 2014-07-09 15:30 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\deluge
2016-07-20 16:47 - 2014-02-25 19:29 - 00000000 ____D C:\Users\Filipi
2016-07-20 09:04 - 2014-07-23 21:37 - 00000000 ____D C:\Users\Filipi\.gimp-2.6
2016-07-20 01:33 - 2014-12-06 20:28 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\gtk-2.0
2016-07-19 23:18 - 2014-05-14 16:54 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\TS3Client
2016-07-19 20:10 - 2014-02-26 19:42 - 00000000 ____D C:\Users\Filipi\AppData\Local\ElevatedDiagnostics
2016-07-19 16:16 - 2014-05-14 16:54 - 00000000 ____D C:\Users\Filipi\AppData\Local\TeamSpeak 3 Client
2016-07-19 15:58 - 2014-02-25 20:17 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\Winamp
2016-07-19 15:53 - 2014-02-25 22:47 - 00742710 _____ C:\Windows\system32\perfh015.dat
2016-07-19 15:53 - 2014-02-25 22:47 - 00157224 _____ C:\Windows\system32\perfc015.dat
2016-07-19 15:53 - 2009-07-14 06:13 - 01673300 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-19 15:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-07-19 15:50 - 2015-09-18 00:50 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-19 15:50 - 2015-09-18 00:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-19 15:50 - 2014-02-25 20:17 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-19 15:50 - 2014-02-25 20:17 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-19 15:50 - 2014-02-25 20:16 - 00000000 ____D C:\Users\Filipi\AppData\Local\Adobe
2016-07-19 15:47 - 2014-07-14 15:39 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-19 15:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-19 10:21 - 2014-03-27 19:29 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-07-19 09:17 - 2016-03-16 20:11 - 00000000 ____D C:\Users\Filipi\AppData\Local\LogMeIn Hamachi
2016-07-18 12:15 - 2015-12-14 19:55 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\Corsair
2016-07-18 12:15 - 2015-12-14 19:55 - 00000000 ____D C:\Users\Filipi\AppData\Local\Corsair
2016-07-18 12:15 - 2014-02-26 18:17 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-07-18 01:07 - 2014-09-02 00:19 - 00003258 _____ C:\Windows\System32\Tasks\wake
2016-07-17 01:33 - 2015-10-27 18:05 - 00083456 _____ C:\Users\Filipi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-13 19:35 - 2015-07-18 13:22 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 19:35 - 2015-07-18 13:22 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-13 01:45 - 2014-06-29 23:41 - 00000000 ____D C:\Users\Filipi\AppData\Local\TSVNCache
2016-07-11 16:53 - 2016-06-07 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TruckersMP
2016-07-10 21:41 - 2014-02-25 20:03 - 00000000 _____ C:\Windows\SysWOW64\w32apiw.dll
2016-07-10 20:33 - 2015-12-11 20:27 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\SmartSteamEmu
2016-07-06 22:59 - 2014-02-25 22:06 - 00000000 ____D C:\Program Files\Bitdefender
2016-07-06 22:37 - 2014-03-30 01:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-06 22:18 - 2014-05-10 15:42 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-06-28 19:42 - 2016-01-16 19:54 - 00002771 _____ C:\Users\Filipi\.kdiff3rc
2016-06-23 21:24 - 2014-02-25 22:06 - 00000000 ____D C:\ProgramData\Bitdefender
2016-06-23 21:24 - 2014-02-25 22:06 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-06-23 21:21 - 2014-02-25 22:38 - 00224512 _____ C:\bdlog.txt
2016-06-22 16:49 - 2015-09-26 20:20 - 00000000 ____D C:\Users\Filipi\AppData\Roaming\Curse Client
2016-06-21 10:14 - 2014-04-22 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2014-06-01 23:20 - 2014-06-11 20:30 - 0000132 _____ () C:\Users\Filipi\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-09-28 10:08 - 2014-09-28 10:08 - 0081280 _____ () C:\Users\Filipi\AppData\Roaming\icarus-dxdiag.xml
2015-09-19 02:24 - 2015-09-19 02:35 - 0000125 _____ () C:\Users\Filipi\AppData\Roaming\redshiftg.ini
2015-10-27 18:05 - 2016-07-17 01:33 - 0083456 _____ () C:\Users\Filipi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-12 21:53 - 2015-01-12 22:09 - 1065984 _____ () C:\Users\Filipi\AppData\Local\file__0.localstorage
2015-03-23 16:43 - 2015-03-23 16:43 - 0000094 _____ () C:\Users\Filipi\AppData\Local\fusioncache.dat
2016-07-20 16:47 - 2016-07-20 16:47 - 0063038 _____ () C:\Users\Filipi\AppData\Local\recently-used.xbel
2014-11-08 18:33 - 2015-12-09 22:08 - 0007601 _____ () C:\Users\Filipi\AppData\Local\Resmon.ResmonCfg
2014-02-25 22:15 - 2014-02-25 22:15 - 0560129 _____ () C:\ProgramData\1393362382.bdinstall.bin
2016-06-23 21:24 - 2016-06-23 21:24 - 0253702 _____ () C:\ProgramData\1466713242.bdinstall.bin
2015-10-05 19:00 - 2015-10-05 19:00 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Filipi\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Filipi\AppData\Local\Temp\HiRezLauncherControls.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\w32apiw.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 02:34

==================== End of FRST.txt ============================

 

Attached File  Addition.txt   170.97KB   1 downloads



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 21 July 2016 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these old versions of Java via the Control Panel > Programs > Programs and features Applet.
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)

===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1002672045-1935077752-3802714536-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S2 mi-raysat_3dsmax2012_64; "F:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe" [X]
S3 VSStandardCollectorService140; "N:\vs\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe" [X]
U3 ahht25if; C:\Windows\System32\Drivers\ahht25if.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 ALSysIO; \??\C:\Users\Filipi\AppData\Local\Temp\ALSysIO64.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\System32\Drivers\ahht25if.sys
C:\Windows\SysWOW64\w32apiw.dll
CustomCLSID: HKU\S-1-5-21-1002672045-1935077752-3802714536-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> N:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1002672045-1935077752-3802714536-1000_Classes\CLSID\{83B0E426-D4EE-11D4-BEDF-BAB7F1EEA455}\InprocServer32 -> F:\Program Files\Autodesk\3ds Max 2012\addflow4.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002672045-1935077752-3802714536-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> N:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-1002672045-1935077752-3802714536-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> N:\Program Files\Autodesk\3ds Max 2016\Inventor Server\Bin\TestServer.dll => No File
AlternateDataStreams: C:\Windows:nlsPreferences [0]
FirewallRules: [TCP Query User{AF4E09C8-252C-4C50-95DE-C37067020C51}M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe] => (Allow) M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe
FirewallRules: [UDP Query User{E8F1C693-9192-4B68-9391-969F6BF2596B}M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe] => (Allow) M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe
FirewallRules: [{2CE79C36-1B7E-4068-BB2C-695A68A2E362}] => (Block) M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe
FirewallRules: [{79493154-414C-4FD0-9A40-25BF8FEBD436}] => (Block) M:\vital f\vista desktop\jdownloaderportable\app\jdownloader\jdownloader2.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Any remaining issues?

#3 Filipi

Filipi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 21 July 2016 - 10:07 AM

I ran AdwCleaner but it hasn't detected anything.

 

After doing the fixlist.txt and removing the outdated Java stuff, the issue with the outbound connection blocked doesn't happen anymore.

 

Thank you for helping.

 

Attached File  Fixlog.txt   6.25KB   1 downloads


Edited by Filipi, 21 July 2016 - 10:08 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 21 July 2016 - 01:29 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:59 AM

Posted 27 July 2016 - 08:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users