Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM/Redirect virus/Malware undetected no matter what I do.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Pirrus

Pirrus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 03 December 2016 - 11:01 AM

Hello,

I've been getting virus popups on my browsers lately, I tried using a bunch of anti-viruses and anti-malwares. But the "virus" still wasn't detected no matter what I did.

I used: Windows Defender quick scan, BitDefender 2017 Full System Scan, Malwarebytes threat scan and full system scan (scanned all drives), RogueKiller (detected some PUMs and removed it but the popups were still there), Junkware Removal tool, all of the tools listed How to easily clean an infected computer (Malware Removal Guide) here (including Zemana Anti-malware), used MalwareBytes anti-rootkit tool even. Some of these scans were done in safe mode w/ networking aswell.

But the popup would still appear, it appears on my Internet Explorer and Steam Browser which don't have adblock on them, it doesn't seem to appear on Chrome though (as I have AdBlock installed on them, might explain why). I still feel unsafe with the popups so I'd love to get it removed if it's possible.

I don't know if this is important but I also saw a suspicious looking program/service in task manager called "7-zip standalone console" while I do NOT use 7-zip at all, when google'd I found Have a PUP that poses as a 7-zip standalone console in control manager. - Am I infected? What do I do? on the first results, so I have been feeling really paranoid about all of this lately.

I'd really appreciate any help I could get with this, thank you for taking your time reading.

 

Here are the contents of FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-12-2016

Ran by Gordon (administrator) on DISP-PC (03-12-2016 17:51:13)
Running from C:\Users\Gordon\Desktop
Loaded Profiles: Gordon (Available Profiles: Gordon)
Platform: Windows 8.1 Pro with Media Center (Update) (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Gordon\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Gordon\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\Gordon\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) E:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [320720 2016-11-10] (Bitdefender)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKU\S-1-5-21-2131550009-3556149691-2081662277-1001\...\Run: [Dropbox Update] => C:\Users\Gordon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
Startup: C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Gordon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 199.217.119.213 185.162.9.70
Tcpip\..\Interfaces\{91BF99C0-7D8C-44C0-8528-094210927CA4}: [DhcpNameServer] 199.217.119.213 185.162.9.70
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2131550009-3556149691-2081662277-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-08] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2016-10-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2016-10-27] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2016-11-29]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\pdf.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Profile: C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default [2016-12-03]
CHR Extension: (BetterTTV) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-11]
CHR Extension: (Adblock Plus) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-23]
CHR Extension: (DownAlbum) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2016-11-13]
CHR Extension: (uBlock Origin) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-03]
CHR Extension: (Looper for YouTube) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-07-16]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1412104 2016-08-31] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [227104 2016-09-12] (EasyAntiCheat Ltd)
S4 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-19] (Hi-Rez Studios) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-24] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-11-18] (IObit)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [216880 2016-10-05] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1307344 2016-11-08] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
S4 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-10-03] (GEAR Software Inc.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2016-12-02] ()
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2014-12-31] ()
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-12-02] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-03-10] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-03] (Zemana Ltd.)
U1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-03] (Zemana Ltd.)
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-03 17:51 - 2016-12-03 17:52 - 00023563 _____ C:\Users\Gordon\Desktop\FRST.txt
2016-12-03 17:50 - 2016-12-03 17:51 - 00000000 ____D C:\FRST
2016-12-03 17:48 - 2016-12-03 17:49 - 02411520 _____ (Farbar) C:\Users\Gordon\Desktop\FRST64.exe
2016-12-03 01:40 - 2016-12-03 01:40 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-03 00:18 - 2016-12-03 00:18 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-03 00:18 - 2016-12-03 00:18 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-02 23:53 - 2016-12-03 00:18 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\FreeFixer
2016-12-02 23:53 - 2016-12-03 00:10 - 00000000 ____D C:\Users\Gordon\AppData\Local\FreeFixer
2016-12-02 23:53 - 2016-12-02 23:53 - 00000000 ____D C:\Program Files\FreeFixer
2016-12-02 23:50 - 2016-12-02 23:50 - 02687418 _____ (Kephyr) C:\Users\Gordon\Desktop\freefixersetup.exe
2016-12-02 22:18 - 2016-12-02 22:18 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\QuickScan
2016-12-02 22:14 - 2016-12-03 17:51 - 00290837 _____ C:\Windows\ZAM.krnl.trace
2016-12-02 22:14 - 2016-12-03 17:51 - 00266234 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-02 22:11 - 2016-12-02 22:12 - 00000790 _____ C:\bdlog.txt
2016-12-02 22:00 - 2016-12-02 22:01 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2016-12-02 22:00 - 2016-12-02 22:00 - 00000000 ____D C:\Users\Gordon\AppData\Local\AntiLogger Free
2016-12-02 22:00 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2016-12-02 21:56 - 2016-12-02 21:56 - 07585012 _____ C:\Users\Gordon\Desktop\maps.zip
2016-12-02 21:09 - 2016-12-02 21:09 - 03910208 _____ C:\Users\Gordon\Desktop\adwcleaner_6.030.exe
2016-12-02 20:02 - 2016-12-02 20:02 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2016-12-02 20:02 - 2016-12-02 20:02 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-12-02 19:49 - 2016-12-02 19:49 - 00300840 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-12-02 19:47 - 2016-12-02 19:47 - 00000000 ____D C:\Users\Gordon\AppData\Temp
2016-12-02 19:24 - 2016-12-02 19:24 - 00368193 _____ C:\ProgramData\cl.1480695045.bdinstall.bin
2016-12-02 19:24 - 2016-12-02 19:24 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2016-12-02 19:23 - 2016-12-02 19:23 - 00000684 ____H C:\bdr-cf01
2016-12-02 19:22 - 2016-12-02 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2016-12-02 19:22 - 2016-12-02 19:22 - 00002252 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2016-12-02 19:22 - 2016-12-02 19:22 - 00000000 ____D C:\ProgramData\BDLogging
2016-12-02 19:22 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2016-12-02 19:22 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2016-12-02 19:22 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2016-12-02 19:22 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2016-12-02 19:22 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2016-12-02 19:21 - 2016-12-02 19:26 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\Bitdefender
2016-12-02 19:21 - 2016-12-02 19:23 - 00253404 ____H C:\bdr-ld01
2016-12-02 19:21 - 2016-12-02 19:23 - 00009216 ____H C:\bdr-ld01.mbr
2016-12-02 19:21 - 2016-10-18 11:51 - 49758588 ____H C:\bdr-im01.gz
2016-12-02 19:19 - 2016-12-02 20:53 - 00000000 ____D C:\ProgramData\Bitdefender
2016-12-02 19:19 - 2016-12-02 19:19 - 00000000 ____D C:\Program Files\Bitdefender
2016-12-02 19:19 - 2016-10-29 09:54 - 00182944 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2016-12-02 19:19 - 2016-03-10 07:41 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-12-02 19:10 - 2016-12-02 19:19 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-12-02 19:08 - 2016-12-02 19:08 - 00003640 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2016-12-02 19:03 - 2016-12-03 17:42 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-12-02 19:03 - 2016-12-02 19:03 - 00047205 _____ C:\ProgramData\agent.1480694582.bdinstall.bin
2016-12-02 19:03 - 2016-12-02 19:03 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-12-02 18:26 - 2016-12-02 18:26 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-11-30 23:25 - 2016-11-30 23:26 - 00000198 _____ C:\Users\Gordon\Desktop\Warframe.url
2016-11-30 20:18 - 2016-12-03 02:21 - 00000000 ____D C:\Users\Gordon\AppData\Local\Warframe
2016-11-29 23:22 - 2016-11-29 23:22 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-29 23:22 - 2016-11-21 08:54 - 00946696 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2016-11-29 23:22 - 2016-11-21 08:54 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-11-29 16:29 - 2016-10-13 00:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-11-29 16:29 - 2016-10-09 00:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-11-29 16:29 - 2016-10-05 07:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-29 16:29 - 2016-10-05 07:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-29 16:29 - 2016-09-21 01:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-11-29 16:28 - 2016-11-05 23:46 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-11-29 16:28 - 2016-10-13 00:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-11-29 16:28 - 2016-10-11 19:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-11-29 16:28 - 2016-10-11 02:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-11-29 16:28 - 2016-10-10 21:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-29 16:28 - 2016-10-10 21:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2016-11-29 16:28 - 2016-10-09 17:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2016-11-29 16:28 - 2016-10-09 17:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-11-29 16:28 - 2016-10-09 17:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2016-11-29 16:28 - 2016-10-09 01:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-11-29 16:28 - 2016-10-09 00:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-11-29 16:28 - 2016-10-05 17:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-11-29 16:28 - 2016-10-05 17:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-11-29 16:28 - 2016-10-05 17:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-11-29 16:28 - 2016-10-05 16:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2016-11-29 16:28 - 2016-10-05 16:52 - 00513456 _____ C:\Windows\system32\locale.nls
2016-11-29 16:28 - 2016-10-05 07:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-29 16:28 - 2016-10-05 07:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-29 16:28 - 2016-09-27 23:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
2016-11-29 16:02 - 2016-11-24 22:22 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-29 15:57 - 2016-11-24 23:54 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 17440928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 14057528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-29 15:57 - 2016-11-24 23:54 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 10346208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 08754344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 03643840 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437609.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437609.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 01036736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00894944 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00390200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-29 15:57 - 2016-11-24 23:54 - 00131720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-29 15:56 - 2016-11-24 23:54 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-29 15:56 - 2016-11-24 23:54 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-29 15:20 - 2016-11-29 15:20 - 00000000 ____D C:\Users\Gordon\Desktop\197_Bundle Modder 1.16.3.2_1.1632
2016-11-29 15:17 - 2016-11-29 15:17 - 00000000 ____D C:\Users\Gordon\Desktop\SteamAchievementManager63_hotfix
2016-11-29 15:10 - 2016-11-29 15:11 - 01587872 _____ C:\Users\Gordon\Desktop\AnyDesk.exe
2016-11-29 02:39 - 2016-11-29 02:45 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\PortForward.com
2016-11-29 02:39 - 2016-11-29 02:39 - 00000000 ____D C:\Users\Gordon\AppData\Local\Downloaded Installations
2016-11-26 01:41 - 2016-11-26 01:41 - 00000000 ____D C:\Users\Gordon\Desktop\Tor Browser
2016-11-24 15:24 - 2016-11-24 15:24 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00018600 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-11-24 15:24 - 2016-11-24 15:24 - 00018592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-11-24 01:18 - 2016-11-24 01:18 - 00000000 ____D C:\ProgramData\Emsisoft
2016-11-24 01:15 - 2016-11-17 16:45 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-24 01:15 - 2016-11-17 16:45 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-24 00:14 - 2016-12-02 17:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-24 00:05 - 2016-12-02 19:05 - 00000000 ____D C:\AdwCleaner
2016-11-23 22:53 - 2016-12-03 16:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-23 22:53 - 2016-11-23 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-23 22:53 - 2016-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-22 15:46 - 2016-11-17 05:04 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437595.dll
2016-11-22 15:46 - 2016-11-17 05:04 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437595.dll
2016-11-21 17:03 - 2016-11-21 17:04 - 00000000 ____D C:\Users\Gordon\Desktop\addons
2016-11-21 17:02 - 2016-11-21 17:03 - 00000000 ____D C:\Users\Gordon\Desktop\cfg
2016-11-15 18:51 - 2016-11-15 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-11-15 18:44 - 2016-11-18 15:46 - 00000000 ____D C:\Users\Gordon\Documents\Heroes of the Storm
2016-11-14 16:28 - 2016-11-14 16:28 - 00000000 ____D C:\Users\Gordon\Desktop\SRB2
2016-11-10 15:41 - 2016-10-29 00:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-10 15:41 - 2016-10-29 00:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-09 15:32 - 2016-11-17 16:45 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-09 15:02 - 2016-11-09 15:02 - 00002115 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2016-11-09 14:58 - 2016-11-02 23:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 14:58 - 2016-11-02 23:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 14:58 - 2016-11-02 17:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 14:58 - 2016-11-02 17:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 14:58 - 2016-10-27 21:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 14:58 - 2016-10-27 21:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 14:58 - 2016-10-27 21:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 14:58 - 2016-10-27 21:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 14:58 - 2016-10-27 21:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 14:58 - 2016-10-27 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 14:58 - 2016-10-27 21:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-11-09 14:58 - 2016-10-27 21:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 14:58 - 2016-10-27 20:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 14:58 - 2016-10-27 20:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 14:58 - 2016-10-27 20:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 14:58 - 2016-10-27 20:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 14:58 - 2016-10-27 20:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 14:58 - 2016-10-27 20:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 14:58 - 2016-10-27 20:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 14:58 - 2016-10-27 20:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 14:58 - 2016-10-27 20:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 14:58 - 2016-10-27 19:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 14:58 - 2016-10-27 18:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 14:58 - 2016-10-25 17:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 14:58 - 2016-10-22 20:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 14:58 - 2016-10-22 20:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 14:58 - 2016-10-22 20:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 14:58 - 2016-10-22 20:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 14:58 - 2016-10-22 19:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 14:58 - 2016-10-22 19:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-11-09 14:58 - 2016-10-22 19:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 14:58 - 2016-10-22 19:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 14:58 - 2016-10-22 19:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 14:58 - 2016-10-22 19:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 14:58 - 2016-10-22 19:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 14:58 - 2016-10-22 19:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 14:58 - 2016-10-22 19:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 14:58 - 2016-10-22 19:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 14:58 - 2016-10-22 19:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 14:58 - 2016-10-22 19:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 14:58 - 2016-10-22 19:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 14:58 - 2016-10-13 22:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 14:58 - 2016-10-13 22:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 14:58 - 2016-10-12 11:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-11-09 14:58 - 2016-10-11 23:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-11-09 14:58 - 2016-10-11 23:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-11-09 14:58 - 2016-10-11 21:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-11-09 14:58 - 2016-10-11 20:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 14:58 - 2016-10-11 19:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 14:58 - 2016-10-11 00:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 14:58 - 2016-10-11 00:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 14:58 - 2016-10-10 01:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-11-09 14:58 - 2016-10-09 02:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 14:58 - 2016-10-09 01:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 14:58 - 2016-10-09 01:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 14:58 - 2016-10-09 01:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-11-09 14:58 - 2016-10-09 01:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 14:58 - 2016-10-09 01:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 14:58 - 2016-10-09 00:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 14:58 - 2016-10-09 00:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 14:58 - 2016-10-08 04:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-11-09 14:58 - 2016-10-08 04:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-11-09 14:58 - 2016-10-04 23:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 14:58 - 2016-10-04 23:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 14:58 - 2016-10-04 23:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-11-09 14:58 - 2016-10-04 23:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-03 01:45 - 2016-11-03 01:45 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\Zero Escape
2016-11-03 01:44 - 2016-11-03 01:44 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\ZeroEscape-Launcher
2016-11-03 01:43 - 2016-11-03 01:43 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-11-03 01:43 - 2016-11-03 01:43 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-11-03 01:43 - 2016-11-03 01:43 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-11-03 01:43 - 2016-11-03 01:43 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-11-03 01:43 - 2016-11-03 01:43 - 00000000 ____D C:\Program Files (x86)\OpenAL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-03 17:35 - 2014-12-29 02:48 - 00000000 ____D C:\Users\Gordon\AppData\Local\CrashDumps
2016-12-03 17:32 - 2015-06-22 14:05 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131550009-3556149691-2081662277-1001UA.job
2016-12-03 17:15 - 2015-11-14 00:40 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\Skype
2016-12-03 16:55 - 2016-09-18 14:22 - 00000876 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-03 16:24 - 2014-12-28 18:54 - 00000000 ____D C:\Users\Gordon\Desktop\expires
2016-12-03 16:10 - 2014-12-28 18:59 - 00009547 _____ C:\Users\Gordon\Desktop\admins.cfg
2016-12-03 16:10 - 2014-12-28 18:32 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\FileZilla
2016-12-03 14:32 - 2015-06-22 14:05 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2131550009-3556149691-2081662277-1001Core.job
2016-12-03 07:38 - 2014-12-28 18:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-03 06:30 - 2015-12-10 22:10 - 00005040 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DISP-PC-Gordon Disp-PC
2016-12-03 06:00 - 2015-05-15 00:02 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2131550009-3556149691-2081662277-1001
2016-12-03 01:42 - 2014-12-28 18:15 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\Dropbox
2016-12-03 01:02 - 2015-09-28 16:47 - 00000600 _____ C:\Users\Gordon\AppData\Local\PUTTY.RND
2016-12-03 00:19 - 2014-12-27 20:50 - 00000000 ____D C:\Users\Gordon
2016-12-02 23:20 - 2016-07-11 21:18 - 00000000 ____D C:\Program Files (x86)\NirSoft
2016-12-02 23:17 - 2016-09-18 01:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2016-12-02 23:17 - 2013-08-23 01:54 - 00000000 ____D C:\Windows\ShellNew
2016-12-02 22:17 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-02 22:16 - 2014-12-27 21:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-02 22:15 - 2013-08-22 17:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-02 21:48 - 2013-08-22 18:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-02 20:58 - 2014-12-28 23:07 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-12-02 20:44 - 2015-02-05 17:29 - 00000000 ____D C:\Users\Gordon\AppData\Local\Steam
2016-12-02 20:33 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Inf
2016-12-02 19:48 - 2014-12-27 21:20 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-02 19:48 - 2014-12-27 21:20 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-02 17:00 - 2016-08-14 22:15 - 00000000 ____D C:\Users\Gordon\AppData\Roaming\vlc
2016-12-02 16:43 - 2014-12-28 18:39 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-02 16:14 - 2016-10-04 18:53 - 00000000 ____D C:\Users\Gordon\Documents\ShareX
2016-12-02 03:44 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-02 02:01 - 2014-12-28 18:53 - 00005284 _____ C:\Users\Gordon\Desktop\to do list.txt
2016-12-01 23:10 - 2014-12-28 23:34 - 00000000 ___RD C:\Users\Gordon\Dropbox
2016-12-01 22:41 - 2016-02-25 18:01 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-01 18:46 - 2015-10-27 14:18 - 00000000 ____D C:\Users\Gordon\AppData\Local\Battle.net
2016-12-01 18:46 - 2015-10-27 14:18 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-01 15:34 - 2016-02-25 18:53 - 00000892 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-12-01 00:39 - 2014-12-28 18:59 - 00000000 ____D C:\Users\Gordon\Desktop\Steam
2016-11-30 23:11 - 2016-07-12 21:35 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2016-11-30 05:01 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\oobe
2016-11-29 23:22 - 2014-12-27 21:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-29 16:33 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2016-11-29 16:03 - 2014-12-27 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-29 16:03 - 2014-12-27 21:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-29 16:01 - 2016-03-10 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-29 15:39 - 2016-07-06 21:18 - 00000000 ____D C:\Users\Gordon\AppData\Local\Ubisoft Game Launcher
2016-11-29 15:21 - 2015-12-13 16:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-29 15:21 - 2014-12-29 01:58 - 00000000 ____D C:\ProgramData\Skype
2016-11-29 14:27 - 2015-06-22 14:05 - 00003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2131550009-3556149691-2081662277-1001UA
2016-11-29 14:27 - 2015-06-22 14:05 - 00003506 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2131550009-3556149691-2081662277-1001Core
2016-11-29 13:42 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\ELAMBKUP
2016-11-26 01:00 - 2014-12-28 18:53 - 00011040 _____ C:\Users\Gordon\Desktop\custom-chatcolors.cfg
2016-11-25 21:23 - 2014-12-27 21:17 - 00000000 ____D C:\Users\Gordon\AppData\Local\Deployment
2016-11-25 17:10 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2016-11-25 15:38 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-25 15:38 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2016-11-25 15:27 - 2013-08-23 01:53 - 00718094 _____ C:\Windows\system32\perfh01F.dat
2016-11-25 15:27 - 2013-08-23 01:53 - 00147178 _____ C:\Windows\system32\perfc01F.dat
2016-11-24 23:54 - 2016-10-29 00:31 - 28139576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-24 23:54 - 2016-10-29 00:31 - 17373312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-24 23:54 - 2016-10-12 17:16 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-24 23:54 - 2016-07-30 19:15 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-24 23:54 - 2016-07-30 19:15 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-11-24 23:54 - 2015-01-23 19:48 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-24 23:54 - 2014-12-27 21:33 - 19948848 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-24 23:54 - 2014-12-27 21:33 - 03941720 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-24 22:39 - 2016-09-16 18:15 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-11-24 22:39 - 2016-01-12 22:29 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-24 22:39 - 2016-01-12 22:29 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-24 22:39 - 2014-12-27 21:09 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-24 22:39 - 2014-12-27 21:09 - 02477624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-24 22:39 - 2014-12-27 21:09 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-24 22:39 - 2014-12-27 21:09 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-24 22:39 - 2014-12-27 21:09 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-24 02:08 - 2014-12-28 18:53 - 00000000 ____D C:\Users\Gordon\Desktop\aaa
2016-11-24 01:17 - 2016-09-16 18:15 - 00003782 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:17 - 2016-09-16 18:15 - 00001438 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-24 01:16 - 2016-09-29 16:07 - 00003594 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:16 - 2016-09-16 18:15 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:16 - 2016-09-16 18:15 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:16 - 2016-09-16 18:15 - 00003770 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:16 - 2016-09-16 18:15 - 00003534 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-24 01:16 - 2014-12-27 21:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-24 01:16 - 2014-12-27 21:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-23 20:46 - 2014-12-28 18:59 - 00003148 _____ C:\Users\Gordon\Desktop\admin_overrides.cfg
2016-11-23 15:58 - 2014-12-27 21:09 - 07538847 _____ C:\Windows\system32\nvcoproc.bin
2016-11-20 23:49 - 2014-12-28 18:53 - 00006674 _____ C:\Users\Gordon\Desktop\sourcemod.cfg
2016-11-20 18:52 - 2015-12-19 17:05 - 00006464 _____ C:\Users\Gordon\Desktop\advertisements.txt
2016-11-20 18:26 - 2016-04-01 22:06 - 00002037 _____ C:\Users\Gordon\Desktop\maplist.txt
2016-11-20 18:25 - 2016-04-01 22:06 - 00002037 _____ C:\Users\Gordon\Desktop\mapcycle.txt
2016-11-18 15:45 - 2015-10-27 14:18 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-17 16:45 - 2016-09-16 18:15 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-11-17 16:45 - 2016-09-16 18:15 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-11-17 16:45 - 2016-09-16 18:15 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-11-17 16:45 - 2016-09-16 18:15 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-11-17 16:45 - 2016-09-16 18:15 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-11-10 15:39 - 2013-08-22 17:44 - 00482600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 17:12 - 2016-10-04 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2016-11-09 17:12 - 2016-10-04 19:00 - 00000000 ____D C:\Program Files\ShareX
2016-11-09 15:10 - 2014-12-29 01:08 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 15:04 - 2014-12-29 01:08 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 15:02 - 2015-01-08 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-11-09 15:02 - 2015-01-08 22:19 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-11-07 16:22 - 2014-12-28 18:53 - 00077470 _____ C:\Users\Gordon\Desktop\useful.txt
2016-11-06 16:43 - 2016-02-05 18:11 - 00000000 ____D C:\Users\Gordon\Documents\gudolfashionedcola
2016-11-04 03:11 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF
2016-11-03 01:44 - 2015-01-05 15:35 - 00000000 ____D C:\Users\Gordon\Documents\my games
 
==================== Files in the root of some directories =======
 
2015-09-28 16:47 - 2016-12-03 01:02 - 0000600 _____ () C:\Users\Gordon\AppData\Local\PUTTY.RND
2016-12-02 19:03 - 2016-12-02 19:03 - 0047205 _____ () C:\ProgramData\agent.1480694582.bdinstall.bin
2016-12-02 19:24 - 2016-12-02 19:24 - 0368193 _____ () C:\ProgramData\cl.1480695045.bdinstall.bin
2015-10-28 00:16 - 2015-10-28 00:16 - 0000121 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Gordon\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Gordon\AppData\Local\Temp\libeay32.dll
C:\Users\Gordon\AppData\Local\Temp\msvcr120.dll
C:\Users\Gordon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-12-03 06:00
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 AM

Posted 05 December 2016 - 10:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Extension: (BetterTTV) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-11]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please let me know what problem persists with this computer.

P.S.
Please post the Addition.txt file that was created by the Farbar tool for my review.

#3 Pirrus

Pirrus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 06 December 2016 - 08:30 AM

Since I couldn't generate an Addition.txt before I used the fix, I generated new logs after I used the fix. Here is the fixlog and the other two logs Farbar has provided me (after the fix).

 

The issue seemed to be gone for a good while but started happening again after sometime :/

Attached Files


Edited by Pirrus, 06 December 2016 - 08:56 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 AM

Posted 06 December 2016 - 10:55 AM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.75\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U25) - C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => No File
CHR Extension: (BetterTTV) - C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-12-06]
U0 aswVmm; no ImagePath
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
C:\Users\Gordon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped

Task: {C45A4FA8-0B82-4E65-B389-177FDC78ABB6} - System32\Tasks\{32D746B0-1F2E-40C0-ACD2-CD6D371744E8} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/en/go/help.faq.installer?LastError=1618
Task: {F966164B-7DE5-4B6A-851F-4E26C7C055B9} - System32\Tasks\{E82DEDD0-734F-41A1-981C-5FEDAE5D2C0F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.14.0.106/en/go/help.faq.installer?LastError=1618

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Please let me know what problem persists with this computer.

#5 Pirrus

Pirrus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 06 December 2016 - 11:16 AM

Alright just done the fix, so far things seem to be clean.

 

RogueKiller detected nothing so I didn't log it (hopefully that should be fine)

 

I will reply back to this thread if the problem persists, thanks a lot!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 AM

Posted 06 December 2016 - 11:38 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users