Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TIDAL.exe detected as a suspicious path by RogueKIller


  • This topic is locked This topic is locked
4 replies to this topic

#1 cjnc

cjnc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 30 August 2017 - 04:14 PM

RogueKiller V12.11.12.0 (x64) [Aug 28 2017] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Nick [Administrator]
Started from : C:\Users\Nick\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 08/30/2017 14:39:00 (Duration : 00:22:52)
 
¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] TIDAL.exe(10796) -- C:\Users\Nick\AppData\Local\TIDAL\app-2.1.10\TIDAL.exe[7] -> Found
[Suspicious.Path] TIDAL.exe(10832) -- C:\Users\Nick\AppData\Local\TIDAL\app-2.1.10\TIDAL.exe[7] -> Found
[Suspicious.Path] TIDAL.exe(2032) -- C:\Users\Nick\AppData\Local\TIDAL\app-2.1.10\TIDAL.exe[7] -> Found
[Suspicious.Path] TIDAL.exe(5928) -- C:\Users\Nick\AppData\Local\TIDAL\app-2.1.10\TIDAL.exe[7] -> Found
[Suspicious.Path] TIDAL.exe(13516) -- C:\Users\Nick\AppData\Local\TIDAL\app-2.1.10\TIDAL.exe[7] -> Found
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 2 ¤¤¤
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Found
[PUP.AutoIt.Gen][File] C:\Users\Nick\Desktop\Auto-Clicker.exe -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP.Gen1|PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://search.yahoo.com?type=937811&fr=spigot-yhp-ch|http://search.b1.org/?bsrc=4hcxr&chid=c167991|https://search.yahoo.com/?type=937811&fr=yo-yhp-ch|https://encrypted.google.com] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM006-2DM164 +++++
--- User ---
[MBR] 122fe02509b9e2b01508ff94fe0a7f3c
[BSP] c78631ddfe1ef9f739b9cc5ad29dd957 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] 2135920df839d6278294087c8a1eed36
[BSP] 8bbf2e30258fb897ba556e8451914845 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 237923 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 487473152 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 476810 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: ST2000DM006-2DM164 +++++
--- User ---
[MBR] eca558c82b431bc5e78ab94c950de050
[BSP] ca239032a4f4dbd5fd9c727fc045b778 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive4: Samsung SSD 850 EVO 500GB +++++
--- User ---
[MBR] 4a3793a06471b119b78ff06b2b6bf56b
[BSP] e19000846ff0db8da9a77e5c7574894b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
-------------ADWCleaner log:
 
# AdwCleaner 7.0.1.0 - Logfile created on Wed Aug 30 20:29:23 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-30-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.StartNow, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C1].txt - [1690 B] - [2016/5/31 5:6:51]
C:/AdwCleaner/AdwCleaner[C2].txt - [1936 B] - [2016/11/12 18:34:4]
C:/AdwCleaner/AdwCleaner[C3].txt - [1690 B] - [2016/11/18 18:15:56]
C:/AdwCleaner/AdwCleaner[C4].txt - [1836 B] - [2016/11/20 4:1:40]
C:/AdwCleaner/AdwCleaner[C5].txt - [2748 B] - [2017/7/6 1:15:12]
C:/AdwCleaner/AdwCleaner[S0].txt - [2138 B] - [2015/5/27 10:18:11]
C:/AdwCleaner/AdwCleaner[S1].txt - [1504 B] - [2016/5/31 5:5:7]
C:/AdwCleaner/AdwCleaner[S2].txt - [2001 B] - [2016/11/12 18:33:35]
C:/AdwCleaner/AdwCleaner[S3].txt - [1833 B] - [2016/11/18 18:13:38]
C:/AdwCleaner/AdwCleaner[S4].txt - [1979 B] - [2016/11/20 3:50:34]
C:/AdwCleaner/AdwCleaner[S5].txt - [2125 B] - [2016/11/20 4:6:6]
C:/AdwCleaner/AdwCleaner[S6].txt - [2198 B] - [2016/11/27 15:38:14]
C:/AdwCleaner/AdwCleaner[S7].txt - [2502 B] - [2017/7/6 1:14:40]
C:/AdwCleaner/AdwCleaner[S8].txt - [2320 B] - [2017/8/7 20:4:39]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########
 
I've ran before, the AutoClicker is fine, same with SECOH-QAD. But today malicious sites were randomly opened and a scan with MalwareBytes didn't detect anything, while RK detected TIDAL. I think it might have been a Skype ad that opened the links, and I clicked it by accident, but TIDAL was open at the same time, so it could be either. Think it was just the ad and a false positive from RK or TIDAL did do it?

Edited by cjnc, 30 August 2017 - 04:18 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 PM

Posted 31 August 2017 - 07:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Wait for further instructions.

#3 cjnc

cjnc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 31 August 2017 - 02:28 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by Nick (administrator) on NICK-PC (31-08-2017 13:14:09)
Running from C:\Users\Nick\Desktop\frst
Loaded Profiles: Nick (Available Profiles: Nick)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Windows\System32\PnkBstrA.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files (x86)\ASUS\APRP\aprp.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13650648 2013-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-08-28] (Valve Corporation)
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-08-06] (Glarysoft Ltd)
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\...\Run: [Windscribe] => C:\Program Files (x86)\Windscribe\Windscribe.exe
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\...\MountPoints2: {43a80faf-cd87-11e4-9850-10c37b92a808} - "H:\LaunchU3.exe" -a
HKU\S-1-5-21-1747954166-2771719283-1588211767-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [228864 2017-03-18] (Microsoft Corporation)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{010739bf-a7ec-42d1-b593-f0fc1f0ea3ce}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{2f987351-3b23-48a1-b26e-006560449180}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6b42d792-801e-49b5-88ba-8e2a4e183dd3}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-20] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-08-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1747954166-2771719283-1588211767-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch","hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991","hxxps://search.yahoo.com/?type=937811&fr=yo-yhp-ch","hxxps://encrypted.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default [2017-08-31]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-08-23]
CHR Extension: (BetterTTV) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Google Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Slinky Elegant) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2015-12-23]
CHR Extension: (uBlock Origin) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-21]
CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-30]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21]
CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2016-01-23] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2016-01-23] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2016-01-23] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2016-01-23] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-04-30] ()
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-07-26] (EasyAntiCheat Ltd)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4385232 2017-07-12] (SecureMix LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2169696 2017-07-11] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3149672 2017-07-11] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-02-14] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2016-02-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-09-09] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-09-09] (Corsair)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-01-05] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [46392 2016-01-05] (Disc Soft Ltd)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d65x64.sys [559080 2016-04-20] (Intel Corporation)
S3 EvolveVirtualAdapter; C:\WINDOWS\System32\drivers\evolve.sys [21656 2016-04-12] (Echobit, LLC)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-12-24] (Glarysoft Ltd)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9ab613610b40aa98\nvlddmkm.sys [15610296 2017-08-10] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-21] (NVIDIA Corporation)
S3 PlantronicsGC; C:\WINDOWS\system32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [21160 2014-12-30] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [27816 2014-12-30] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [33448 2014-12-30] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [35496 2014-12-30] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [31912 2014-12-30] (Razer Inc)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-06-01] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [43616 2015-06-01] (SteelSeries ApS)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-31 13:13 - 2017-08-31 13:14 - 000000000 ____D C:\Users\Nick\Desktop\frst
2017-08-31 13:13 - 2017-08-31 13:14 - 000000000 ____D C:\FRST
2017-08-29 20:46 - 2017-08-29 20:46 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Bungie
2017-08-29 11:43 - 2017-08-29 11:43 - 000000379 _____ C:\Users\Public\Desktop\Destiny 2.lnk
2017-08-29 11:43 - 2017-08-29 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
2017-08-29 01:24 - 2017-08-29 01:24 - 000000218 _____ C:\Users\Nick\AppData\Local\recently-used.xbel
2017-08-27 15:27 - 2017-08-27 15:27 - 000000000 ____D C:\Users\Nick\Desktop\punked
2017-08-26 19:28 - 2017-08-26 19:28 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignf4367a7ccfab130f
2017-08-26 19:28 - 2017-08-26 19:28 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignd3eb07d2b85e82cf
2017-08-26 19:28 - 2017-08-26 19:28 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign1f900c482ba35c7c
2017-08-26 17:38 - 2017-08-26 17:38 - 000000000 ____D C:\Users\Nick\Desktop\Bleach Shirt Stuff
2017-08-26 17:32 - 2017-08-26 17:32 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignb4a39a6e3e6d97ee
2017-08-26 17:32 - 2017-08-26 17:32 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign59e98835c31d367b
2017-08-26 17:32 - 2017-08-26 17:32 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign16f6e49661266b60
2017-08-26 17:32 - 2017-08-26 17:32 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign11c1fd817ecf95ed
2017-08-26 17:31 - 2017-08-26 17:31 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsigncb6593eda11e97a2
2017-08-26 17:31 - 2017-08-26 17:31 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignab77e58e22022d54
2017-08-26 17:31 - 2017-08-26 17:31 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign80e76787499f1df7
2017-08-26 17:31 - 2017-08-26 17:31 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign0cbbc2a40ff34025
2017-08-26 17:12 - 2017-08-26 17:12 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignc01a2cea2409382d
2017-08-26 17:12 - 2017-08-26 17:12 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsigna5ed4e31cad3fa6d
2017-08-26 17:11 - 2017-08-26 17:11 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsigndc7adf6110785a12
2017-08-26 17:11 - 2017-08-26 17:11 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign4d2cb2e0e8f0728e
2017-08-26 16:53 - 2017-08-26 16:53 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsigne9646fae8ac339bb
2017-08-26 16:53 - 2017-08-26 16:53 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign3e4e3088767b9f61
2017-08-26 16:52 - 2017-08-26 16:52 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignc33f32bfb94f4a51
2017-08-26 16:52 - 2017-08-26 16:52 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign2d692756b41d9ef8
2017-08-26 14:45 - 2017-08-26 14:45 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsigne08c502170b47e06
2017-08-26 14:45 - 2017-08-26 14:45 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign1661cec0f480e9b6
2017-08-26 14:42 - 2017-08-26 19:28 - 000000033 _____ C:\Users\Nick\AppData\Roaming\AdobeWLCMCache.dat
2017-08-26 14:42 - 2017-08-26 14:42 - 000003662 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-iqqhardcrabjesus2@gmail.com
2017-08-26 14:42 - 2017-08-26 14:42 - 000002520 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
2017-08-26 14:42 - 2017-08-26 14:42 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsignc9f838303f0ede17
2017-08-26 14:42 - 2017-08-26 14:42 - 000000000 ____D C:\Users\Nick\AppData\Local\Tempzxpsign46419fa701db73b5
2017-08-26 11:40 - 2017-08-26 11:40 - 000000000 ____D C:\Users\Nick\AppData\Roaming\FiraxisLive
2017-08-26 11:39 - 2017-08-26 11:39 - 000000000 ____D C:\Users\Nick\AppData\Roaming\ModLauncherWPF
2017-08-19 21:53 - 2017-08-19 21:53 - 000000000 ____D C:\Users\Nick\AppData\Local\GlassWire
2017-08-19 21:53 - 2017-08-19 21:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2017-08-19 21:53 - 2017-08-19 21:53 - 000000000 ____D C:\ProgramData\GlassWire
2017-08-19 21:53 - 2017-08-19 21:53 - 000000000 ____D C:\Program Files (x86)\GlassWire
2017-08-19 21:53 - 2015-05-28 22:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2017-08-19 21:53 - 2015-05-28 22:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2017-08-19 15:13 - 2017-08-19 15:13 - 000000000 ____D C:\Users\Nick\AppData\Local\Windscribe
2017-08-19 15:13 - 2017-04-21 04:16 - 000054896 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tapwindscribe0901.sys
2017-08-19 11:27 - 2017-08-19 11:27 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2017-08-19 11:26 - 2017-08-30 12:42 - 000000000 ____D C:\Users\Nick\AppData\Local\JDownloader 2.0
2017-08-18 15:51 - 2017-08-18 16:30 - 000000000 ____D C:\Python3
2017-08-18 15:51 - 2017-08-18 15:51 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-08-18 15:51 - 2017-08-18 15:51 - 000000000 ____D C:\Users\Nick\AppData\Local\Package Cache
2017-08-18 15:38 - 2017-08-18 15:38 - 000000000 ____D C:\Users\Nick\.idlerc
2017-08-17 14:05 - 2017-08-17 14:05 - 000000000 ____D C:\Users\Nick\AppData\Local\SCE
2017-08-17 14:05 - 2017-08-17 14:05 - 000000000 ____D C:\Users\Nick\.TeamSpeak 3
2017-08-14 14:30 - 2017-08-09 16:21 - 000135616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-08-14 14:29 - 2017-08-09 18:34 - 040239552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 035846080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 028961912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 023074832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 018805160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 013649808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 012133296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 011585736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 004164032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 003596224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438528.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438528.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 001278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 001005176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000924096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000724928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000689808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-08-14 14:29 - 2017-08-09 18:34 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-08-12 17:56 - 2017-08-12 17:56 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-11 23:46 - 2017-08-11 23:46 - 000000000 ____D C:\Users\Nick\Desktop\sam
2017-08-07 23:07 - 2017-08-07 23:07 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Terrorhedron
2017-08-07 21:22 - 2017-08-07 21:22 - 000000000 ____D C:\Program Files\fnord software
2017-08-07 14:59 - 2017-08-07 14:59 - 000000000 ____D C:\Users\Nick\Desktop\84.65
2017-08-07 14:08 - 2017-05-13 14:47 - 000454570 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170807-140818.backup
2017-08-07 14:03 - 2017-08-07 14:03 - 008185288 _____ (Malwarebytes) C:\Users\Nick\Desktop\adwcleaner_7.0.1.0.exe
2017-08-01 17:25 - 2017-08-01 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-08-01 17:17 - 2017-08-01 17:58 - 000002596 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2017-08-01 17:17 - 2017-08-01 17:25 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-08-01 17:17 - 2017-08-01 17:17 - 000000000 ____D C:\ProgramData\Samsung
2017-08-01 17:17 - 2017-08-01 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-31 13:13 - 2016-04-17 16:52 - 000000000 ____D C:\Users\Nick\AppData\Local\LogMeIn Hamachi
2017-08-31 13:12 - 2017-04-08 18:55 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-31 13:12 - 2015-12-23 19:16 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Skype
2017-08-31 13:12 - 2015-12-23 18:55 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-31 13:11 - 2017-04-08 19:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-31 13:11 - 2017-03-23 22:07 - 000000000 __SHD C:\Users\Nick\IntelGraphicsProfiles
2017-08-31 01:45 - 2017-03-18 05:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-08-31 00:48 - 2017-07-08 01:28 - 000000000 ____D C:\Users\Nick\AppData\Roaming\TIDAL
2017-08-31 00:48 - 2017-04-08 19:01 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8A7E6D4C-1C7B-41F3-9D77-94D1AD262315}
2017-08-30 23:25 - 2017-04-08 18:55 - 000000000 ____D C:\Users\Nick
2017-08-30 23:25 - 2016-05-02 12:36 - 000000000 ____D C:\Users\Nick\AppData\Local\Battle.net
2017-08-30 20:19 - 2016-08-23 10:45 - 000000000 ____D C:\Users\Nick\AppData\Roaming\obs-studio
2017-08-30 20:13 - 2016-08-23 10:45 - 000001279 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-08-30 19:57 - 2015-12-24 16:06 - 000000000 ____D C:\Users\Nick\AppData\Roaming\OBS
2017-08-30 19:12 - 2016-01-28 20:36 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Mumble
2017-08-30 16:16 - 2015-12-24 00:24 - 000000000 ____D C:\Users\Nick\AppData\Local\CrashDumps
2017-08-30 16:15 - 2016-05-02 12:35 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-08-30 16:02 - 2015-12-24 16:01 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-08-30 15:57 - 2017-04-08 18:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-30 15:16 - 2015-05-27 04:17 - 000000000 ____D C:\AdwCleaner
2017-08-30 14:39 - 2016-10-22 08:48 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-30 14:36 - 2017-04-08 18:55 - 002335548 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-30 14:33 - 2017-07-05 19:17 - 026636872 _____ C:\Users\Nick\Desktop\RogueKiller_portable64.exe
2017-08-30 14:30 - 2015-12-23 19:04 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-30 11:43 - 2017-03-18 15:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-30 11:43 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-30 02:00 - 2015-12-23 18:53 - 000000000 ____D C:\Users\Nick\AppData\Local\Adobe
2017-08-29 18:09 - 2015-12-24 16:05 - 000000000 ____D C:\Users\Nick\AppData\Roaming\vlc
2017-08-29 11:32 - 2016-05-04 17:29 - 000000000 ____D C:\Program Files (x86)\Overwatch
2017-08-28 17:17 - 2016-02-28 16:56 - 000000000 ____D C:\Users\Nick\AppData\Roaming\deluge
2017-08-28 15:12 - 2016-01-03 17:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2017-08-28 15:04 - 2015-12-23 18:53 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-28 15:04 - 2015-12-23 18:52 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 14:45 - 2016-01-03 17:07 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-26 14:42 - 2016-01-03 17:05 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-26 14:42 - 2015-12-23 18:53 - 000000000 ____D C:\ProgramData\Adobe
2017-08-26 14:42 - 2015-12-23 18:42 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Adobe
2017-08-26 14:41 - 2016-01-03 17:05 - 000000000 ____D C:\Program Files\Adobe
2017-08-26 14:40 - 2016-01-03 17:01 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-08-26 14:40 - 2016-01-03 17:01 - 000001290 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-08-26 11:39 - 2015-01-20 23:59 - 000000000 ____D C:\Users\Nick\Documents\My Games
2017-08-21 20:06 - 2016-02-10 22:43 - 000000000 ____D C:\Users\Nick\Documents\Steam Screenshots
2017-08-20 10:07 - 2015-12-23 18:55 - 000000000 ____D C:\ProgramData\Skype
2017-08-19 15:13 - 2017-03-18 15:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-18 23:49 - 2016-09-25 07:29 - 000000000 ___HD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2017-08-18 23:49 - 2015-12-24 16:01 - 000000000 ____D C:\Users\Nick\AppData\Roaming\GlarySoft
2017-08-18 22:54 - 2015-12-28 19:00 - 000000000 ____D C:\Users\Nick\AppData\Roaming\TS3Client
2017-08-18 22:12 - 2015-12-23 18:55 - 000000000 ____D C:\Users\Nick\AppData\Local\Greenshot
2017-08-18 15:07 - 2015-12-23 21:53 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-18 14:37 - 2015-12-24 13:24 - 000000000 ____D C:\Users\Nick\AppData\Roaming\.minecraft
2017-08-18 14:37 - 2015-03-07 06:06 - 000000000 ____D C:\Users\Nick\Desktop\mc1
2017-08-18 11:01 - 2017-06-29 11:10 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-15 09:51 - 2017-07-08 01:57 - 000000000 ____D C:\Users\Nick\AppData\Local\TIDAL
2017-08-15 07:23 - 2017-03-09 18:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-14 14:31 - 2017-04-08 18:55 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-14 14:30 - 2016-03-10 22:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-13 22:05 - 2015-08-29 23:50 - 000000000 ____D C:\Users\Nick\Desktop\Wallpapers
2017-08-12 17:57 - 2016-06-07 21:01 - 000002269 _____ C:\Users\Nick\Desktop\Discord.lnk
2017-08-12 17:57 - 2016-06-07 21:01 - 000000000 ____D C:\Users\Nick\AppData\Roaming\discord
2017-08-12 17:57 - 2016-06-07 21:01 - 000000000 ____D C:\Users\Nick\AppData\Local\Discord
2017-08-09 18:34 - 2017-04-07 12:29 - 004209520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-09 18:34 - 2017-04-07 12:29 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-09 18:34 - 2017-04-07 12:29 - 001067968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-08-09 18:34 - 2017-04-07 12:29 - 000781728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-08-09 18:34 - 2017-04-07 12:29 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-09 16:53 - 2017-04-08 18:55 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 000549496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-09 16:53 - 2017-04-08 18:55 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-09 16:47 - 2017-04-08 18:55 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-09 16:41 - 2016-01-28 20:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2017-08-09 16:41 - 2016-01-28 20:36 - 000000000 ____D C:\Program Files (x86)\Mumble
2017-08-08 15:54 - 2015-12-26 17:16 - 000000000 ____D C:\Users\Nick\AppData\Local\Game Dev Tycoon - Steam
2017-08-08 12:23 - 2016-02-13 22:45 - 000000000 ____D C:\ProgramData\Origin
2017-08-08 12:22 - 2016-02-13 22:45 - 000000000 ____D C:\Users\Nick\AppData\Roaming\Origin
2017-08-08 10:18 - 2017-04-08 19:01 - 000004534 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-08 10:18 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-08 10:18 - 2017-03-18 15:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-08 03:39 - 2017-04-08 18:55 - 008112721 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-07 20:09 - 2017-02-24 16:18 - 000000000 ____D C:\Users\Nick\AppData\Roaming\EasyAntiCheat
2017-08-07 20:09 - 2016-01-18 15:25 - 000818216 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-08-07 14:22 - 2017-05-14 01:01 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-25 11:50 - 000001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-08-07 14:22 - 2017-04-08 19:01 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 19:01 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-07 14:22 - 2017-04-08 18:55 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-07 14:22 - 2017-04-08 18:55 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-07 14:07 - 2015-12-23 18:59 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-08-07 14:00 - 2017-04-08 19:01 - 000003378 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2017-08-07 14:00 - 2017-04-08 19:01 - 000003024 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2017-08-07 14:00 - 2015-12-24 16:01 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-08-07 14:00 - 2015-12-24 16:01 - 000001153 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2017-08-06 23:27 - 2015-12-23 21:48 - 000000000 ____D C:\Users\Nick\AppData\Local\Ubisoft Game Launcher
2017-08-03 14:08 - 2015-12-23 21:55 - 000000000 ____D C:\Users\Nick\AppData\Local\NVIDIA Corporation
2017-08-01 20:11 - 2017-03-04 14:57 - 000000000 ____D C:\Users\Nick\AppData\LocalLow\Hinterland
2017-08-01 17:25 - 2016-01-23 16:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
 
==================== Files in the root of some directories =======
 
2017-08-26 14:42 - 2017-08-26 19:28 - 000000033 _____ () C:\Users\Nick\AppData\Roaming\AdobeWLCMCache.dat
2017-08-29 01:24 - 2017-08-29 01:24 - 000000218 _____ () C:\Users\Nick\AppData\Local\recently-used.xbel
2016-01-22 13:06 - 2017-04-20 16:20 - 000007612 _____ () C:\Users\Nick\AppData\Local\resmon.resmoncfg
2017-04-08 18:55 - 2017-04-08 18:55 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2017-08-30 14:33 - 2017-03-18 14:57 - 001930320 _____ (Microsoft Corporation) C:\Users\Nick\AppData\Local\Temp\dllnt_dump.dll
2017-08-29 18:32 - 2017-08-29 18:32 - 000040448 ____N () C:\Users\Nick\AppData\Local\Temp\proxy_vole3456749360046565195.dll
2017-08-29 18:32 - 2017-08-29 18:32 - 000040448 ____N () C:\Users\Nick\AppData\Local\Temp\proxy_vole7489903341856166093.dll
2017-08-29 18:32 - 2017-08-29 18:32 - 000040448 ____N () C:\Users\Nick\AppData\Local\Temp\proxy_vole9173012482241613946.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-22 13:28
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 PM

Posted 01 September 2017 - 07:13 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR StartupUrls: Default -> "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ch","hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991","hxxps://search.yahoo.com/?type=937811&fr=yo-yhp-ch","hxxps://encrypted.google.com"
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
CustomCLSID: HKU\S-1-5-21-1747954166-2771719283-1588211767-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-AD1CF0E732C5}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1747954166-2771719283-1588211767-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1747954166-2771719283-1588211767-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1747954166-2771719283-1588211767-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Nick\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
AlternateDataStreams: C:\Users\Nick\AppData\Local\Temp:$DATA [16]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:34 PM

Posted 07 September 2017 - 09:21 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users