Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & google keeps redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 YoSePh

YoSePh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 05 December 2016 - 06:21 PM

Hello. A virus seems to have infected one of the computers in my home. I suspect I might be vulnerable to malware/ransomware or possibly Remote Desktop Protocol attack. I can't boot in safe mode, and when I try to do anything besides browsing, it keeps popping errors and degrading my ability to use my PC.

 

I don't know where to start or how sophisticated this attack is. I'm using Windows 7, not activated yet because I might have to securely erase my entire hard drive and re-install Windows. Hopefully I don't have to do that.

 

Below is a FRST64 log. Any advice?

 

 

Hello. A virus seems to have infected one of the computers in my home. I suspect I might be vulnerable to malware/ransomware or possibly Remote Desktop Protocol attack. I can't boot in safe mode, and when I try to do anything besides browsing, it keeps popping errors and degrading my ability to use my PC.

I don't know where to start or how sophisticated this attack is. I'm using Windows 7, not activated yet because I might have to securely erase my entire hard drive and re-install Windows. Hopefully I don't have to do that.

Below is a FRST64 log. Any advice?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by MasterUser (administrator) on HALL-PC (06-12-2016 02:08:33)
Running from C:\Users\MasterUser\Desktop
Loaded Profiles: MasterUser (Available Profiles: MasterUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Flux Software LLC) C:\Users\MasterUser\AppData\Local\FluxSoftware\Flux\flux.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-27] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-26] (AVAST Software)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{13F4FFB1-D253-4088-BF76-11FD3507B38F}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{16D6E90B-D3C6-4B89-9B27-DDAC65C65126}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E43964DA-9A3E-4B16-BB3F-EEC7E4E611B7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-869002345-37041992-173196515-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-869002345-37041992-173196515-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-869002345-37041992-173196515-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-11-27] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-27] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: hezqlb19.default
FF ProfilePath: C:\Users\MasterUser\AppData\Roaming\Mozilla\Firefox\Profiles\hezqlb19.default [2016-12-06]
FF Homepage: Mozilla\Firefox\Profiles\hezqlb19.default -> hxxps://google.com
FF Extension: (FireGestures) - C:\Users\MasterUser\AppData\Roaming\Mozilla\Firefox\Profiles\hezqlb19.default\Extensions\firegestures@xuldev.org.xpi [2016-11-28]
FF Extension: (HTTPS Everywhere) - C:\Users\MasterUser\AppData\Roaming\Mozilla\Firefox\Profiles\hezqlb19.default\Extensions\https-everywhere@eff.org.xpi [2016-12-03]
FF Extension: (Reddit Enhancement Suite) - C:\Users\MasterUser\AppData\Roaming\Mozilla\Firefox\Profiles\hezqlb19.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-11-27]
FF Extension: (Adblock Plus) - C:\Users\MasterUser\AppData\Roaming\Mozilla\Firefox\Profiles\hezqlb19.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-05]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-05]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-17] (NVIDIA Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default [2016-12-05]
CHR Extension: (Stormfall: Age of War) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnbadjdgnnkcenplnkbajmmkbpkhclp [2016-12-01]
CHR Extension: (Skype Calling) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-26]
CHR Extension: (YouTube) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-26]
CHR Extension: (Adblock Plus) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-26]
CHR Extension: (Polarr Photo Editor) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2016-11-26]
CHR Extension: (Pirates: Tides of Fortune) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\egphkafamimgcheglpbmfnnnojgpnolp [2016-11-26]
CHR Extension: (Hibox - Team productivity) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipkcfgchonabfcakembhpjiknkidgef [2016-11-26]
CHR Extension: (Avast SafePrice) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-26]
CHR Extension: (Avast Online Security) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-26]
CHR Extension: (Coggle - Collaborative Mind Maps) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcapocoafbfccjgdgammadkndakcfoi [2016-11-26]
CHR Extension: (Soldiers Inc.) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hondhndnlnmjbmlgjigpicjoijbecdgn [2016-11-26]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2016-11-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Gmail) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
CHR Extension: (Shadow Kings) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmiljlihhlfoekfknliaimndefafdml [2016-11-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-07-23] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-07-23] () [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-26] (AVAST Software)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-02] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2015-03-17] (The OpenVPN Project)
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-11-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-11-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-11-26] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-12-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-11-26] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2016-11-26] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-27] (AVAST Software)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [471496 2015-05-19] (Intel Corporation)
S3 hmatap; C:\Windows\System32\DRIVERS\hmatap.sys [45312 2016-11-09] (The OpenVPN Project)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-22] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [172832 2015-05-08] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 02:00 - 2016-12-06 02:08 - 00014028 _____ C:\Users\MasterUser\Desktop\FRST.txt
2016-12-06 02:00 - 2016-12-06 02:08 - 00000000 ____D C:\FRST
2016-12-06 01:58 - 2016-12-06 01:58 - 02419712 _____ (Farbar) C:\Users\MasterUser\Desktop\FRST64.exe
2016-12-05 19:02 - 2016-12-05 19:02 - 00001922 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2016-12-05 19:02 - 2016-12-05 19:02 - 00001922 _____ C:\ProgramData\Desktop\Avast Premier.lnk
2016-12-05 19:02 - 2016-12-05 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-05 19:01 - 2016-12-05 19:01 - 00453192 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-12-05 19:01 - 2016-11-26 20:41 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-05 18:53 - 2016-12-05 18:53 - 00000000 ____H C:\Users\MasterUser\Documents\Default.rdp
2016-12-05 18:18 - 2016-12-05 18:19 - 06334848 _____ (AVAST Software) C:\Users\MasterUser\Desktop\avast_free_antivirus_setup_online.exe
2016-11-30 22:42 - 2016-11-30 22:50 - 00000916 __RSH C:\ProgramData\ntuser.pol
2016-11-30 22:36 - 2016-11-30 22:36 - 00000000 ___RD C:\Users\MasterUser\Documents\Scanned Documents
2016-11-30 22:36 - 2016-11-30 22:36 - 00000000 ____D C:\Users\MasterUser\Documents\Fax
2016-11-29 22:35 - 2016-11-29 22:35 - 01056768 _____ C:\Windows\system32\defltbase.sdb
2016-11-29 22:19 - 2016-11-29 22:19 - 00016565 _____ C:\ComboFix.txt
2016-11-29 21:55 - 2016-11-29 21:55 - 00007608 _____ C:\Users\MasterUser\AppData\Local\Resmon.ResmonCfg
2016-11-29 21:48 - 2011-06-26 09:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-29 21:48 - 2010-11-07 20:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-29 21:48 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-29 21:48 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-29 21:48 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-29 21:48 - 2000-08-31 03:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-29 21:48 - 2000-08-31 03:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-29 21:48 - 2000-08-31 03:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-29 21:19 - 2016-11-29 22:19 - 00000000 ____D C:\Qoobox
2016-11-29 21:19 - 2016-11-29 21:52 - 00000000 ____D C:\Windows\erdnt
2016-11-29 21:11 - 2016-11-29 21:11 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-11-29 21:11 - 2016-11-29 21:11 - 00001945 _____ C:\Windows\epplauncher.mif
2016-11-29 21:11 - 2016-11-29 21:11 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-11-29 21:11 - 2016-11-29 21:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-29 16:58 - 2016-12-05 19:21 - 00000000 ____D C:\Program Files\CCleaner
2016-11-29 16:58 - 2016-12-05 19:10 - 00000000 ____D C:\Program Files\Recuva
2016-11-29 16:58 - 2016-12-01 18:11 - 00001702 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-11-29 16:58 - 2016-12-01 18:11 - 00001702 _____ C:\ProgramData\Desktop\Recuva.lnk
2016-11-29 16:58 - 2016-12-01 18:11 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-29 16:58 - 2016-12-01 18:11 - 00000866 _____ C:\ProgramData\Desktop\CCleaner.lnk
2016-11-29 16:58 - 2016-11-29 16:58 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-29 16:58 - 2016-11-29 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-11-29 16:58 - 2016-11-29 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-28 19:41 - 2016-11-28 19:41 - 00000000 ____D C:\Users\MasterUser\Desktop\Tor Browser
2016-11-28 19:30 - 2016-11-28 19:36 - 50689096 _____ C:\Users\MasterUser\Downloads\torbrowser-install-6.0.6_en-US.exe
2016-11-28 18:41 - 2016-11-28 18:41 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\MasterUser\Downloads\WinPcap_4_1_3.exe
2016-11-28 18:41 - 2016-11-28 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-11-28 18:41 - 2016-11-28 18:41 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-11-28 18:34 - 2016-11-28 18:34 - 03183949 _____ C:\Users\MasterUser\Downloads\Snort_2_9_8_3_Installer.exe
2016-11-28 18:34 - 2016-11-28 18:34 - 00000000 ____D C:\Snort
2016-11-28 18:34 - 2016-11-28 18:34 - 00000000 ____D C:\ProgramData\Firewall_Scanner
2016-11-28 18:34 - 2016-11-28 18:34 - 00000000 ____D C:\LOG
2016-11-27 23:35 - 2016-11-27 23:35 - 00000000 ____D C:\Users\MasterUser\AppData\Local\IsolatedStorage
2016-11-27 23:35 - 2016-11-27 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2016-11-27 23:34 - 2016-11-27 23:34 - 06202792 _____ (Privax Ltd) C:\Users\MasterUser\Downloads\HMA-Pro-VPN-2.8.24.0-installer.exe
2016-11-27 20:37 - 2016-12-05 19:24 - 00000000 ____D C:\Users\MasterUser\AppData\Roaming\foobar2000
2016-11-27 20:36 - 2016-11-27 20:36 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2016-11-27 20:36 - 2016-11-27 20:36 - 00001027 _____ C:\Users\Public\Desktop\foobar2000.lnk
2016-11-27 20:36 - 2016-11-27 20:36 - 00001027 _____ C:\ProgramData\Desktop\foobar2000.lnk
2016-11-27 20:36 - 2016-11-27 20:36 - 00000000 ____D C:\Program Files (x86)\foobar2000
2016-11-27 20:35 - 2016-11-27 20:36 - 03938879 _____ (foobar2000.org) C:\Users\MasterUser\Downloads\foobar2000_v1.3.13.exe
2016-11-27 16:21 - 2016-12-05 19:21 - 00000000 ____D C:\Users\MasterUser\AppData\Local\CrashDumps
2016-11-27 15:33 - 2016-11-27 21:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\MasterUser\Downloads\HijackThis.exe
2016-11-27 15:25 - 2016-11-29 22:15 - 00000000 ____D C:\Users\MasterUser\AppData\Local\ElevatedDiagnostics
2016-11-27 15:25 - 2016-11-27 15:26 - 00000000 ____D C:\MATS
2016-11-27 15:24 - 2016-11-27 15:24 - 00221662 _____ C:\Users\MasterUser\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-11-27 05:19 - 2016-11-27 05:19 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-27 05:19 - 2016-11-27 05:19 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-27 05:18 - 2016-12-05 19:21 - 00000000 ____D C:\Windows\Panther
2016-11-26 21:53 - 2016-11-26 21:54 - 06204336 _____ (AVAST Software) C:\Users\MasterUser\Downloads\avast_internet_security_setup_online.exe
2016-11-26 21:45 - 2016-11-27 23:35 - 00001147 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2016-11-26 21:45 - 2016-11-27 23:35 - 00001147 _____ C:\ProgramData\Desktop\HMA! Pro VPN.lnk
2016-11-26 21:45 - 2016-11-26 21:45 - 00000000 ____D C:\Users\MasterUser\Privax Ltd
2016-11-26 21:45 - 2016-11-26 21:45 - 00000000 ____D C:\Users\MasterUser\AppData\Local\Privax Ltd
2016-11-26 21:11 - 2016-12-03 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-26 21:11 - 2016-12-03 16:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-26 21:11 - 2016-11-26 21:11 - 00001155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-26 21:11 - 2016-11-26 21:11 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-11-26 21:11 - 2016-11-26 21:11 - 00001143 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-11-26 21:05 - 2016-11-27 23:35 - 00000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2016-11-26 21:04 - 2016-11-26 21:04 - 00597304 _____ C:\Users\MasterUser\Downloads\flux-setup.exe
2016-11-26 21:04 - 2016-11-26 21:04 - 00000000 ____D C:\Users\MasterUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-26 21:04 - 2016-11-26 21:04 - 00000000 ____D C:\Users\MasterUser\AppData\Local\FluxSoftware
2016-11-26 21:02 - 2016-11-26 21:02 - 00243600 _____ C:\Users\MasterUser\Downloads\Firefox Setup Stub 50.0.exe
2016-11-26 20:52 - 2016-12-01 00:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-26 20:51 - 2016-12-01 00:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-26 20:51 - 2016-11-17 05:04 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-26 20:51 - 2016-11-17 05:04 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 02477624 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 00546752 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-11-26 20:51 - 2016-11-17 04:03 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-11-26 20:51 - 2016-11-17 03:46 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-26 20:51 - 2016-11-16 12:52 - 07529957 _____ C:\Windows\system32\nvcoproc.bin
2016-11-26 20:50 - 2016-12-01 00:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-26 20:50 - 2016-11-17 05:04 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 34704952 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 28140088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 19936464 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 17440392 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 17361976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 14410120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 14048312 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-26 20:50 - 2016-11-17 05:04 - 10912232 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 10795128 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 10346024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 09150704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 08754160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 03941720 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 03645496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 03479560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 03206592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437595.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437595.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00943552 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00895424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00520912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00170872 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00104384 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00094144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-26 20:50 - 2016-11-17 05:04 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-26 20:50 - 2016-11-17 05:04 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-11-26 20:50 - 2016-11-17 05:04 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-26 20:50 - 2016-11-17 05:04 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-26 20:45 - 2016-12-05 19:02 - 00003888 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1480182329
2016-11-26 20:45 - 2016-12-01 18:11 - 00001165 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-11-26 20:45 - 2016-12-01 18:11 - 00001165 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2016-11-26 20:45 - 2016-11-26 21:13 - 00000000 ____D C:\Users\MasterUser\AppData\Local\Google
2016-11-26 20:45 - 2016-11-26 20:45 - 00001043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-26 20:44 - 2016-12-01 00:14 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-26 20:44 - 2016-11-26 20:44 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-11-26 20:44 - 2016-11-26 20:44 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-11-26 20:44 - 2016-11-26 20:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-26 20:41 - 2016-12-05 19:02 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-26 20:41 - 2016-11-27 15:43 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-11-26 20:41 - 2016-11-27 15:43 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-11-26 20:41 - 2016-11-27 15:42 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-11-26 20:41 - 2016-11-27 15:42 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148025058063210
2016-11-26 20:41 - 2016-11-27 15:42 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148025058259712
2016-11-26 20:41 - 2016-11-27 15:41 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148025057300207
2016-11-26 20:41 - 2016-11-26 20:41 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-26 20:41 - 2016-11-26 20:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-26 20:41 - 2016-11-26 20:41 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-11-26 20:41 - 2016-11-26 20:41 - 00044640 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-11-26 20:41 - 2016-11-26 20:41 - 00000000 ____D C:\Users\MasterUser\AppData\Roaming\AVAST Software
2016-11-26 20:38 - 2016-11-26 20:45 - 00000000 ____D C:\Users\MasterUser\Documents\Random
2016-11-26 20:38 - 2016-11-26 20:44 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-26 20:37 - 2016-11-27 19:58 - 00000000 ____D C:\Users\MasterUser\Documents\My Cookies
2016-11-26 20:37 - 2016-11-26 20:44 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-26 20:23 - 2016-11-27 22:44 - 07511248 _____ (Privax Ltd) C:\Users\MasterUser\Downloads\HMA-Pro-VPN-3.2.19.2-install.exe
2016-11-26 20:22 - 2016-11-26 20:23 - 06334848 _____ (AVAST Software) C:\Users\MasterUser\Downloads\avast_free_antivirus_setup_online.exe
2016-11-26 20:19 - 2016-11-26 20:26 - 386237616 _____ (NVIDIA Corporation) C:\Users\MasterUser\Downloads\375.95-desktop-win8-win7-64bit-international-whql.exe
2016-11-26 20:12 - 2016-12-01 00:17 - 00000000 ____D C:\Users\MasterUser\AppData\Local\NVIDIA Corporation
2016-11-26 20:12 - 2016-12-01 00:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-26 20:12 - 2016-12-01 00:17 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-26 20:12 - 2016-11-26 20:12 - 00000000 ____D C:\Users\MasterUser\AppData\Local\CEF
2016-11-26 20:12 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-11-26 20:12 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-11-26 20:12 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-11-26 20:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-11-26 20:12 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-11-26 20:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-11-26 20:02 - 2016-11-26 20:04 - 74516600 _____ (NVIDIA Corporation) C:\Users\MasterUser\Downloads\GeForce_Experience_v3.1.2.31.exe
2016-11-26 19:45 - 2016-12-05 22:43 - 00000000 ____D C:\Users\MasterUser\AppData\LocalLow\Mozilla
2016-11-26 19:45 - 2016-11-26 19:51 - 00000000 ____D C:\Users\MasterUser\AppData\Local\Mozilla
2016-11-26 19:45 - 2016-11-26 19:45 - 00000000 ____D C:\Users\MasterUser\AppData\Roaming\Mozilla
2016-11-26 19:37 - 2016-11-26 19:37 - 00000000 ____D C:\ProgramData\APRP
2016-11-26 19:37 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-11-26 19:37 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-11-26 19:37 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-11-26 19:37 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-11-26 19:37 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-11-26 19:37 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-11-26 19:37 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-11-26 19:37 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-11-26 19:37 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-11-26 19:37 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-11-26 19:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-11-26 19:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-11-26 19:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-11-26 19:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-11-26 19:19 - 2016-11-26 19:19 - 00057560 _____ C:\Users\MasterUser\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-26 19:15 - 2016-11-26 19:15 - 00000000 ____D C:\Program Files\DIFX
2016-11-26 18:38 - 2016-11-26 20:36 - 00000000 ____D C:\ProgramData\Norton
2016-11-26 18:37 - 2016-11-27 20:34 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2016-11-26 18:37 - 2016-11-26 18:37 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-11-26 18:36 - 2016-11-26 20:52 - 00000000 ____D C:\Temp
2016-11-26 18:36 - 2015-06-30 13:44 - 00814376 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-11-26 18:36 - 2015-06-26 18:13 - 00403752 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-11-26 18:35 - 2016-11-26 18:36 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-26 18:35 - 2016-11-26 18:35 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2016-11-26 18:35 - 2016-11-26 18:35 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-11-26 18:35 - 2016-11-26 18:35 - 00000000 ____D C:\ProgramData\Intel
2016-11-26 18:35 - 2015-06-22 06:42 - 01455552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2016-11-26 18:35 - 2015-06-22 06:42 - 00031144 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2016-11-26 18:34 - 2016-11-26 18:34 - 00000000 ____D C:\Users\MasterUser\Intel
2016-11-26 18:34 - 2015-05-08 01:30 - 00404752 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-11-26 18:34 - 2015-05-08 01:30 - 00001904 _____ C:\Windows\system32\SetupBD.din
2016-11-26 18:34 - 2012-07-26 07:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-11-26 18:34 - 2012-07-26 07:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-11-26 18:34 - 2012-07-26 05:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-11-26 18:34 - 2012-06-02 17:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-11-26 18:33 - 2015-06-02 16:10 - 00003130 _____ C:\Windows\system32\e1d62x64.din
2016-11-26 18:33 - 2015-05-19 10:39 - 00471496 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2016-11-26 18:33 - 2014-04-19 13:18 - 00073512 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2016-11-26 18:33 - 2014-04-18 23:17 - 00125728 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
2016-11-26 18:33 - 2014-03-18 12:33 - 00085808 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2016-11-26 18:32 - 2016-11-26 18:32 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-26 18:27 - 2016-11-26 18:27 - 00000000 ____D C:\Program Files\ASUSTeKcomputer.Inc
2016-11-26 18:27 - 2014-07-23 04:59 - 00003008 ____R C:\Windows\system32\Drivers\DTSU2P.DAT
2016-11-26 18:26 - 2016-11-26 18:35 - 00000000 ____D C:\Program Files\Intel
2016-11-26 18:26 - 2016-11-26 18:33 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-26 18:25 - 2016-11-26 21:18 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-11-26 18:25 - 2016-11-26 20:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-26 18:24 - 2016-11-26 18:39 - 00000792 _____ C:\Windows\Ascd_ProcessLog.ini
2016-11-26 18:23 - 2016-11-26 19:38 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-26 18:23 - 2016-11-26 18:24 - 00045215 _____ C:\Windows\Ascd_tmp.ini
2016-11-26 18:23 - 2014-09-09 05:14 - 00028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2016-11-26 18:23 - 2014-09-09 05:14 - 00015232 ____R C:\Windows\SysWOW64\Drivers\AsIO.sys
2016-11-26 18:21 - 2016-12-05 19:10 - 00000000 ____D C:\Users\MasterUser
2016-11-26 18:21 - 2016-11-27 15:34 - 00000000 ____D C:\Users\MasterUser\AppData\Local\VirtualStore
2016-11-26 18:21 - 2016-11-26 18:21 - 00001439 _____ C:\Users\MasterUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-26 18:21 - 2016-11-26 18:21 - 00001405 _____ C:\Users\MasterUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-11-26 18:21 - 2016-11-26 18:21 - 00000020 ___SH C:\Users\MasterUser\ntuser.ini
2016-11-26 18:21 - 2016-11-26 18:21 - 00000000 _SHDL C:\Users\MasterUser\My Documents
2016-11-26 18:21 - 2016-11-26 18:21 - 00000000 _SHDL C:\Users\MasterUser\Documents\My Videos
2016-11-26 18:21 - 2016-11-26 18:21 - 00000000 _SHDL C:\Users\MasterUser\Documents\My Pictures
2016-11-26 18:21 - 2016-11-26 18:21 - 00000000 _SHDL C:\Users\MasterUser\Documents\My Music
2016-11-26 18:21 - 2010-11-21 10:16 - 00000000 ____D C:\Users\MasterUser\AppData\Roaming\Media Center Programs
2016-11-09 20:01 - 2016-11-09 20:01 - 00045312 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\hmatap.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 01:45 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 01:45 - 2009-07-14 07:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-05 22:49 - 2009-07-14 08:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-05 22:49 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-12-05 22:43 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-30 22:40 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-29 22:18 - 2009-07-14 05:34 - 00000215 _____ C:\Windows\system.ini
2016-11-27 20:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-27 20:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\registration
2016-11-27 05:20 - 2009-07-14 07:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-27 05:20 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-11-27 05:19 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 05:19 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-11-27 05:18 - 2010-11-21 10:16 - 00000000 ____D C:\Windows\CSC
2016-11-27 05:18 - 2009-07-14 08:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-11-26 20:51 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Help
2016-11-26 19:42 - 2009-07-14 06:20 - 00000000 __RHD C:\Users\Public\Libraries

==================== Files in the root of some directories =======

2016-11-29 21:55 - 2016-11-29 21:55 - 0007608 _____ () C:\Users\MasterUser\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-30 15:56

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 06 December 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-869002345-37041992-173196515-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-30]
CHR Extension: (Avast Online Security) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-26]
CHR Extension: (Chrome Media Router) - C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\MasterUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Please let me know what problem persists.

p.s.
Include the addition.txt file that was created by the Farbar tool in your next reply.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:20 AM

Posted 12 December 2016 - 08:48 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users