Jump to content

almasy87

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks for your patience and for the help in cleaning my laptop, and for the extra tips :) Really appreciated!

  2. Results of screen317's Security Check version 0.99.88 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Reader XI Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Here you go.
  3. There you go, there is some stuff in here. Haven't received that pop up still as of now. eset scan.txt
  4. Here you go. Tdss didn't find anything. I don't understand the log of combofix so I'll attach them both here. On a side note, since yesterday I have not had that popup anymore. So maybe it's gone somehow? I'll wait a bit today to see if it comes back. Thanks TDSSKiller.3.0.0.40_11.10.2014_12.50.11_log.txt TDSSKiller.3.0.0.40_11.10.2014_12.54.05_log.txt ComboFix.txt
  5. edit: Found a Webssearches.com page saved in the Chrome search engines, I've deleted it, I think that's what adwcleaner was referring to
  6. Here are the files. I use adwcleaner a lot so the scan was quite empty except for that usual google chrome preference thing which is always shown there every time I scan and I'm not sure what to make of it. MBAM threat scan had no result so I didn't attach that log. The other programs did something - I'll let you have a look Fixlog.txt AdwCleanerS10.txt JRT.txt
  7. Ok, I made a scan but I can still see those adobe lines :/ I've deleted all the remains I could find about Photoshop (folders, Ccleaned registry etc etc), and the program isn't there anymore - the only things left are Adobe reader and flash player. But those lines still appear in the addition.txt file. No idea how to get rid of them. Can they be removed from the host in some way if the program isn't on the pc any longer? (dunno if it's a stupid question). Anyway, Photoshop was installed when the laptop was bought and this svchost popup has only started recently, not sure it was that causing it but I understand they should be removed Thanks for any help I'm attaching the files again though I dunno if it makes a difference.FRST.txt Addition.txt
  8. Sorry, I'm kind of a noob so I don't really know what your question means. O_o also it says from 2009 but this laptop was bought in 2013.. I did once install a photoshop with my bf to try making something but forgot it was there - it does not appear in the control panel > programs so I didn't see it before when cleaning. I've removed it now, maybe it was that? Do you want me to repost the logs?
  9. Hey and thanks for the reply. Here we go. MBAM: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 09/10/2014Scan Time: 09:46:00Logfile: log1.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.10.09.04Rootkit Database: v2014.10.08.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: aLMaSy Scan Type: Threat ScanResult: CompletedObjects Scanned: 323718Time Elapsed: 4 min, 4 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01Ran by aLMaSy (administrator) on ALMASY-PC on 09-10-2014 09:51:45Running from C:\Users\aLMaSy\DesktopLoaded Profile: aLMaSy (Available profiles: aLMaSy)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Alienware)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-09-01] (Dolby Laboratories Inc.)HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4368720 2013-04-30] ()HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1839928892-2586610890-71341644-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)HKU\S-1-5-21-1839928892-2586610890-71341644-1001\...\MountPoints2: E - E:\setup.exeHKU\S-1-5-21-1839928892-2586610890-71341644-1001\...\MountPoints2: {b71e5791-2466-11e3-90a3-240a64b5d31c} - E:\SETUP.EXEAppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dllStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x349D5A90693ACF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IEHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 89.2.0.1 89.2.0.2 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6514\ff [Not Found] Chrome: =======CHR DefaultSearchURL: Default -> https://docs.google.com/offline/backgroundshell#ouid=u7299fc6f5434df36CHR Profile: C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Theme Creator) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-07-21]CHR Extension: (Google Docs) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-23]CHR Extension: (Google Drive) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-23]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]CHR Extension: (YouTube) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-23]CHR Extension: (Adblock Plus) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-23]CHR Extension: (Google Search) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-23]CHR Extension: (Ponyhoof) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2013-10-13]CHR Extension: (Google Mail Checker) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-06-15]CHR Extension: (Google Wallet) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]CHR Extension: (ThemeBeta.com) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinbeenfnicgkmbdejbadnmljhbjiccl [2014-07-21]CHR Extension: (Gmail) - C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\PACSPTISVR.exe [167208 2013-09-20] (Sony Corporation)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-04-03] (Broadcom Corporation.)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-06] (Disc Soft Ltd)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-23] (GFI Software)R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-04-05] (Intel Corporation)R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2012-12-13] (Qualcomm Atheros, Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-09] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299152 2014-09-14] (NVIDIA Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-15] (Corel Corporation)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39608 2013-10-16] (The OpenVPN Project)S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-09 09:51 - 2014-10-09 09:51 - 00023097 _____ () C:\Users\aLMaSy\Desktop\FRST.txt2014-10-09 09:51 - 2014-10-09 09:51 - 00000000 ____D () C:\FRST2014-10-09 09:27 - 2014-10-09 09:27 - 18482776 _____ () C:\Users\aLMaSy\Desktop\RogueKillerX64.exe2014-10-09 09:27 - 2014-10-09 09:27 - 02109952 _____ (Farbar) C:\Users\aLMaSy\Desktop\FRST64.exe2014-10-08 12:55 - 2014-10-09 08:39 - 00000336 _____ () C:\Windows\setupact.log2014-10-08 12:55 - 2014-10-08 12:55 - 00000526 _____ () C:\Windows\PFRO.log2014-10-08 12:55 - 2014-10-08 12:55 - 00000000 _____ () C:\Windows\setuperr.log2014-10-07 22:44 - 2014-10-07 22:44 - 00000000 ____D () C:\Users\aLMaSy\AppData\Local\Remove_Empty_Directories2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remove Empty Directories2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\Program Files (x86)\Remove Empty Directories2014-10-07 22:24 - 2014-10-07 22:24 - 00000000 ____D () C:\Users\aLMaSy\AppData\Local\VS Revo Group2014-10-07 22:24 - 2014-10-07 22:24 - 00000000 ____D () C:\ProgramData\VS Revo Group2014-10-07 22:24 - 2014-10-07 22:24 - 00000000 ____D () C:\Program Files\VS Revo Group2014-10-01 11:08 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2014-10-01 11:08 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2014-09-29 22:17 - 2014-09-29 22:17 - 00089192 _____ (Hola Networks Ltd.) C:\Windows\system32\Drivers\hola_mon_drv.sys2014-09-29 14:52 - 2014-09-29 14:52 - 00001312 _____ () C:\Users\aLMaSy\Desktop\Mods - Shortcut.lnk2014-09-28 21:11 - 2014-09-28 21:11 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\Arrowhead2014-09-28 21:11 - 2014-09-28 21:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-09-24 10:25 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 10:25 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-22 17:49 - 2014-09-22 17:49 - 00000412 _____ () C:\Users\aLMaSy\Documents\new 1.txt2014-09-19 17:29 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-09-19 17:28 - 2014-09-19 17:28 - 00000000 ____D () C:\Windows\SysWOW64\NV2014-09-19 17:28 - 2014-09-19 17:28 - 00000000 ____D () C:\Windows\system32\NV2014-09-19 17:27 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-09-19 17:27 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-09-19 17:27 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-09-19 17:27 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-09-19 17:27 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-09-19 17:27 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-09-19 17:27 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-09-19 17:27 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-09-19 17:27 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-09-19 17:27 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-09-19 17:27 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-09-19 17:27 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-09-19 17:27 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-09-19 17:27 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-09-19 17:27 - 2014-09-14 01:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-09-19 17:27 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll2014-09-19 17:27 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-09-19 17:27 - 2014-09-14 01:48 - 00299152 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys2014-09-19 17:27 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys2014-09-19 17:27 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys2014-09-19 17:27 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll2014-09-16 15:12 - 2014-09-16 15:12 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\FlashGet2014-09-15 21:12 - 2014-09-15 21:15 - 00000000 ____D () C:\Windows\Minidump2014-09-15 18:49 - 2014-09-15 18:49 - 00003324 _____ () C:\Windows\System32\Tasks\{4A9A6042-8A1D-4430-A79A-7A60A6F5A568}2014-09-13 15:17 - 2014-09-13 15:17 - 00000909 _____ () C:\Users\aLMaSy\Desktop\Play The Sims 4.lnk2014-09-13 15:13 - 2014-10-07 13:51 - 00000000 ____D () C:\ProgramData\Origin2014-09-13 15:13 - 2014-09-14 11:38 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\Origin2014-09-13 15:13 - 2014-09-13 15:20 - 00000000 ____D () C:\Users\aLMaSy\AppData\Local\Origin2014-09-13 15:13 - 2014-09-13 15:20 - 00000000 ____D () C:\ProgramData\Electronic Arts2014-09-13 15:13 - 2014-09-13 15:13 - 00000628 _____ () C:\Users\Public\Desktop\Origin.lnk2014-09-13 15:13 - 2014-09-13 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin2014-09-11 23:38 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-09-11 23:38 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-09-11 23:38 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-11 23:38 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-11 23:38 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-09-11 23:38 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-09-11 23:38 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-11 23:38 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-11 23:38 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-11 23:38 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-09-11 23:38 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-09-11 23:38 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-09-11 23:38 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-09-11 23:38 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-11 23:38 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-09-11 23:38 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-11 23:38 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-09-11 23:38 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-11 23:38 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-09-11 23:38 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-09-11 23:38 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-09-11 23:38 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-11 23:38 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-09-11 23:38 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-09-11 23:38 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-09-11 23:38 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-09-11 23:38 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-09-11 23:38 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-09-11 23:38 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-09-11 23:38 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-11 23:38 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-09-11 23:38 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-09-11 23:38 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-11 23:38 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-09-11 23:38 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-09-11 23:38 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-09-11 23:38 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-09-11 23:38 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-11 23:38 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-09-11 23:38 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-11 23:38 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-09-11 23:38 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-09-11 23:38 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-09-11 23:38 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-09-11 23:38 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-09-11 23:38 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-11 23:38 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-09-11 23:38 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-11 23:38 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-09-11 23:38 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-09-11 23:38 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-09-11 23:38 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-11 23:38 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-09-11 23:38 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-09-11 23:38 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-09-11 23:38 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-09-11 23:34 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-09-11 23:34 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-09-11 13:05 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-09-11 13:05 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-09-11 13:04 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-09-11 13:04 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-09-11 13:04 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-09-11 13:04 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-09-11 13:04 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-09-11 13:04 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-09-11 13:04 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-09-11 13:04 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-09-11 13:04 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-09 09:27 - 2013-09-23 17:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-09 09:20 - 2014-06-05 21:43 - 00236032 ___SH () C:\Users\aLMaSy\Thumbs.db2014-10-09 09:20 - 2013-09-23 22:57 - 00000000 ___RD () C:\Users\aLMaSy\roba varia pc2014-10-09 09:16 - 2014-03-30 09:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-09 09:16 - 2013-09-02 21:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-10-09 09:15 - 2014-03-23 23:09 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts2014-10-09 09:14 - 2014-03-24 01:05 - 00000000 ____D () C:\Users\aLMaSy\Documents\Electronic Arts2014-10-09 09:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-10-09 09:05 - 2014-03-23 01:05 - 00000000 __HDC () C:\ProgramData\~02014-10-09 09:05 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-10-09 09:04 - 2013-10-30 16:59 - 00000000 ____D () C:\Program Files\Adobe2014-10-09 09:04 - 2013-09-24 00:08 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-10-09 09:04 - 2013-09-23 17:41 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\Adobe2014-10-09 08:57 - 2013-09-02 21:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-09 08:55 - 2009-07-14 07:13 - 00783730 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-09 08:49 - 2014-07-19 14:19 - 00000000 ____D () C:\Users\aLMaSy\AppData\Local\Adobe2014-10-09 08:46 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-09 08:46 - 2009-07-14 06:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-09 08:42 - 2013-09-02 21:24 - 01664240 _____ () C:\Windows\WindowsUpdate.log2014-10-09 08:40 - 2013-09-23 17:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-09 08:40 - 2013-09-02 22:02 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2014-10-09 08:40 - 2013-09-02 22:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2014-10-09 08:40 - 2013-09-02 21:55 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn2014-10-09 08:39 - 2013-09-02 21:42 - 00000000 ____D () C:\ProgramData\NVIDIA2014-10-09 08:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-08 23:16 - 2013-09-23 17:39 - 00000000 ____D () C:\Users\aLMaSy2014-10-08 23:13 - 2014-04-08 15:09 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\Notepad++2014-10-08 16:01 - 2013-09-23 17:52 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask2014-10-08 14:09 - 2013-09-23 22:58 - 00000000 ____D () C:\Users\aLMaSy\AppData\Roaming\vlc2014-10-07 22:56 - 2013-09-23 18:51 - 00000000 ____D () C:\Program Files\CCleaner2014-10-07 22:20 - 2013-09-24 01:16 - 00000000 ____D () C:\Users\aLMaSy\AppData\Local\Battle.net2014-10-07 22:05 - 2014-04-10 23:53 - 00000000 ____D () C:\AdwCleaner2014-10-05 18:41 - 2013-09-02 21:58 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-05 13:06 - 2014-07-24 00:57 - 00000000 ____D () C:\Users\aLMaSy\Desktop\Friends2014-10-04 08:42 - 2014-06-03 12:47 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2014-10-04 08:42 - 2014-03-23 02:08 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2014-10-04 08:41 - 2014-06-03 12:47 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2014-10-04 08:41 - 2014-03-23 02:08 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2014-09-30 10:10 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages2014-09-28 20:36 - 2013-09-23 19:27 - 00000283 _____ () C:\Users\aLMaSy\Documents\one note data.txt2014-09-24 20:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache2014-09-24 17:57 - 2013-09-02 21:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-24 17:57 - 2013-09-02 21:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-09-24 17:57 - 2013-09-02 21:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-20 13:35 - 2009-07-14 07:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-09-19 17:29 - 2013-09-23 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-09-19 17:29 - 2013-09-02 21:55 - 00000000 ____D () C:\Temp2014-09-19 17:29 - 2013-09-02 21:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-09-19 17:29 - 2013-09-02 21:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-09-17 09:44 - 2013-09-02 22:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-09-16 12:36 - 2014-08-14 15:43 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-09-16 12:34 - 2014-08-20 16:54 - 00000034 _____ () C:\Users\aLMaSy\AppData\Roaming\AdobeWLCMCache.dat2014-09-15 19:19 - 2013-09-23 17:41 - 00000993 _____ () C:\Users\aLMaSy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-09-15 19:13 - 2014-03-30 02:23 - 00000000 ____D () C:\Windows\pss2014-09-15 19:04 - 2014-07-02 19:40 - 00002296 _____ () C:\Users\aLMaSy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk2014-09-15 19:04 - 2014-04-11 00:05 - 00004772 _____ () C:\Windows\system32\.crusader2014-09-15 18:57 - 2013-09-23 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-09-15 13:00 - 2013-09-23 17:41 - 00000000 ____D () C:\Users\aLMaSy\Documents\Bluetooth Exchange Folder2014-09-15 12:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-15 01:12 - 2013-09-24 00:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-09-15 01:12 - 2013-09-24 00:15 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-14 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports2014-09-14 01:48 - 2014-07-30 01:15 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-09-14 01:48 - 2014-07-30 01:15 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-09-14 01:48 - 2014-07-30 01:15 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-09-14 01:48 - 2014-07-30 01:15 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-09-14 01:48 - 2013-09-02 21:41 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-09-14 01:48 - 2013-09-02 21:41 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-09-14 01:48 - 2013-09-02 21:41 - 00026956 _____ () C:\Windows\system32\nvinfo.pb2014-09-13 23:53 - 2013-09-02 21:42 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2014-09-13 23:53 - 2013-09-02 21:42 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2014-09-13 23:53 - 2013-09-02 21:42 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll2014-09-13 23:53 - 2013-09-02 21:42 - 01087688 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll2014-09-13 23:53 - 2013-09-02 21:42 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2014-09-13 23:53 - 2013-09-02 21:42 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2014-09-13 23:53 - 2013-09-02 21:42 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll2014-09-13 23:53 - 2013-09-02 21:42 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2014-09-13 15:29 - 2013-09-02 21:44 - 00000000 ____D () C:\ProgramData\Package Cache2014-09-11 23:37 - 2013-09-29 21:41 - 00000000 ____D () C:\Windows\system32\MRT2014-09-11 23:37 - 2011-02-10 18:10 - 00768040 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-09-11 23:35 - 2013-09-29 21:41 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-09-11 23:34 - 2014-05-07 01:48 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-09-11 17:37 - 2013-09-02 21:42 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin Some content of TEMP:====================C:\Users\aLMaSy\AppData\Local\Temp\HitmanPro.exeC:\Users\aLMaSy\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 00:03 ==================== End Of Log ============================ Addition and Rogue Killer log attached. Thanks for any help Addition.txt RKreport_SCN_10092014_095512.log
  10. Hi, since a week or so I started getting these popups (screen attached), I don't think it's always the same IP and it's inbound and outbound. I have no idea what they are, if it's normal or not and how to get rid of them. So far I have run scans with: MBAM Hitman Pro Adw Cleaner And have found nothing except a few tracking cookies that I have removed. Also cleaned with CCleaner. How can I get rid of whatever it is that is connecting? Thanks in advance!
  11. Actually sorry nevermind, I figured it out I ran Adwcleaner again and there was another little thing to delete which was not deleted the first time apparently. You can ignore/delete this post
  12. Hello people Over the past week my MBAM has started detecting the Conduit and Sweetpacks PUP (I probably got it downloading some weird video converter and/or other files/codecs/addons etc). I've been over the internet and followed some guides to get rid of it, and I (at least I think) removed most of it. the Programs used were AdwCleaner, JRT, Hitman Pro and MBAM. Now I noticed that if my Chrome is turned off and I run a MBAM scan, it finds nothing. If I open Chrome and then run a scan, it still finds one entry: PUP.Optional.Conduit.A. Even if I click to quarantine it and then delete it, it basically appears again if I scan again until Chrome is on. It says it's located in AppData\Local\Google\Chrome\User Data\Preferences. I go there and there is this file named Preferences but it has just been created so I assume it's created every time you open Chrome or something. I found that in Chrome, when I go to Settings>On Start up, Open set of pages, there are indeed sweet packs and search conduit listed. I have removed them, restarted Chrome, and they reappeared. I don't know how to get rid of this thing. It's not in my Chrome extensions, nor in the programs to uninstall. But apparently it's in my Chrome somewhere? I will post my MBAM log and hope someone can shed some light or help me out ----------------------------- Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/04/2014Scan Time: 01:26:50Logfile: log.txtAdministrator: Yes Version: 2.00.1.1004Malware Database: v2014.04.11.01Rootkit Database: v2014.03.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: aLMaSy Scan Type: Threat ScanResult: CompletedObjects Scanned: 259974Time Elapsed: 6 min, 15 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Conduit.A, C:\Users\aLMaSy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.facebook.com/", "https://www.facebook.com/?ref=logo", "http://mysearch.sweetpacks.com/?barid=281200860139374509450710863165319926556&src=10&crg=3.5000006.10052&ppd=&did=10723&st=23", "http://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN27450566486252709&UM=2" ],), ,[669a0ff1b54b0000ff91390f2bd91ae6] Physical Sectors: 0(No malicious items detected) Thanks for any help - If I need to do something extra or run other programs please let me know.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.