Jump to content

Can't remove the PUP.Optional.Conduit.A malware


Recommended Posts

Hello,

 

So I am having trouble removing the PUP.Optional.Conduit.A malware from my PC. Each time I run a threat scan, the potential threat shows up and I quarantine it. When I run the scan again, it still shows up. 

 

PfvA5dN.jpg

 

It looks like it is located in my Google Chrome app data preferences.

 

I located some forum threads with similar problems regarding this specific malware. I follow the instructions given to the users with the same problem, but it doesn't seem to go away. I followed the instructions here:

 

https://forums.malwarebytes.org/index.php?showtopic=130750

 

But everything I run the threat scan, I still see the threat.

 

Any advice? I'm running Windows 8 if that helps at all.

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Open Malwarebytes,

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

How to get logs:

(Export log to save as txt)

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

 

 

 

Link to post
Share on other sites

The exported Malwarebytes log and addition.txt are attached.

 

Here is the contents of the text file for ADWCleaner:

 

# AdwCleaner v3.023 - Report created 06/04/2014 at 11:01:27
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Andy - ANDYSGAMINGPC
# Running from : C:\Users\Andy\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [913 octets] - [05/04/2014 19:17:32]
AdwCleaner[R1].txt - [854 octets] - [05/04/2014 19:29:34]
AdwCleaner[R2].txt - [972 octets] - [06/04/2014 11:01:04]
AdwCleaner[s0].txt - [983 octets] - [05/04/2014 19:18:28]
AdwCleaner[s1].txt - [914 octets] - [05/04/2014 19:29:54]
AdwCleaner[s2].txt - [894 octets] - [06/04/2014 11:01:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [953 octets] ##########
 
 
 
 
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Here are the contents of the JRT text:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Andy on Sun 04/06/2014 at 11:07:10.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/06/2014 at 11:09:02.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Here are the contents for the FRST scans:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Andy (administrator) on ANDYSGAMINGPC on 06-04-2014 11:10:08
Running from C:\Users\Andy\Downloads
Windows 8.1 Pro (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
() C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) D:\ClassicStartMenu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Flux Software LLC) C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Spotify Ltd) C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-25] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] - D:\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [6226624 2014-02-02] (FNet Co., Ltd.)
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [f.lux] - C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [Fatal1tySTU] - [X]
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [ASRockHDMISwitch] - [X]
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [spotify Web Helper] - C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-03-29] (Spotify Ltd)
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [GoogleChromeAutoLaunch_D9C6B67A63EF2C294D4A204374B6A795] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\Run: [spotify] - C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe [6118400 2014-03-29] (Spotify Ltd)
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day0] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day1] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day2] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day3] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day4] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day5] - 0x00000000
HKU\S-1-5-21-2277182145-3031813170-2803461784-1001\...\RunOnce: [AsrOMG_Day6] - 0x00000000
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAF813D970520CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\ClassicExplorer64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (James White) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (AdBlock) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-01]
CHR Extension: (Facebook Unseen) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2014-02-01]
CHR Extension: (Deathamns) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2014-02-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-02-01]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2014-02-01]
CHR Extension: (Google Maps) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Auto Refresh Plus) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2014-02-01]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
 
==================== Services (Whitelisted) =================
 
R2 ASRockIOMon; C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-03-05] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AsrDrv101; C:\WINDOWS\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-02-02] (ASRock Incorporation)
S3 AsrHidFilter; C:\Windows\system32\DRIVERS\AsrHidFilter.sys [20232 2013-09-09] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-03-29] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-02-02] (FNet Co., Ltd.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-01] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-11-14] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-01] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-06 11:10 - 2014-04-06 11:10 - 00012248 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-04-06 11:09 - 2014-04-06 11:10 - 00000000 ____D () C:\FRST
2014-04-06 11:09 - 2014-04-06 11:09 - 02157056 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-04-06 11:09 - 2014-04-06 11:09 - 00000625 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-04-06 11:06 - 2014-04-05 23:36 - 01016261 _____ (Thisisu) C:\Users\Andy\Desktop\JRT_NEW.exe
2014-04-06 11:04 - 2014-04-06 11:04 - 00001032 _____ () C:\Users\Andy\Desktop\adwcleaner.txt
2014-04-06 10:59 - 2014-04-06 10:59 - 00001332 _____ () C:\Users\Andy\Desktop\EXPORT.txt
2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 19:25 - 2014-04-05 19:25 - 01038974 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-04-05 19:17 - 2014-04-06 11:01 - 00000000 ____D () C:\AdwCleaner
2014-04-05 19:17 - 2014-04-05 19:17 - 01426178 _____ () C:\Users\Andy\Downloads\adwcleaner.exe
2014-04-05 19:14 - 2014-04-05 19:14 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Downloads\TFC.exe
2014-04-05 17:30 - 2014-04-06 10:54 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-05 17:30 - 2014-04-05 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 17:30 - 2014-04-05 17:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 17:30 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-05 17:30 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-05 17:30 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-05 17:28 - 2014-04-05 17:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-05 17:27 - 2014-04-05 18:56 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-05 17:23 - 2014-04-05 17:54 - 00000000 ____D () C:\Users\Andy\Downloads\Apocalypto [2006] 720p BRRip H264 AC3 - CODY
2014-04-04 21:28 - 2014-04-04 21:37 - 00000000 ____D () C:\Users\Andy\Downloads\Usher Complete Discography (iTunes Edition) [theLEAK]
2014-03-31 20:42 - 2014-04-06 11:07 - 00524978 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-29 14:48 - 2014-03-29 17:50 - 00000000 ____D () C:\Users\Andy\AppData\Local\Spotify
2014-03-29 14:48 - 2014-03-29 14:48 - 00001794 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-29 14:47 - 2014-04-06 11:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Spotify
2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-29 13:04 - 2014-03-29 13:04 - 00000000 ___RD () C:\Users\Andy\Podcasts
2014-03-29 13:03 - 2014-03-29 13:03 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-03-29 13:03 - 2014-03-29 13:03 - 00000000 ____D () C:\Program Files\Zune
2014-03-24 20:34 - 2014-03-24 20:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-24 20:34 - 2014-03-04 04:32 - 00599840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-03-24 20:33 - 2014-03-04 07:35 - 31474976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 25255256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 23716640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 17755424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 17561544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 15783992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 12708128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-03-24 20:33 - 2014-03-04 07:35 - 11636176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 11589272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 09728064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 09690424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 03143456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 02958792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 02783008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 02411976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 01885472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433523.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 01516488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433523.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00877856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00863064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00846168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00832936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00484296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00409544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00377688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00353504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00333600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00174296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-03-24 20:33 - 2014-03-04 07:35 - 00148016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-03-24 20:32 - 2014-03-24 20:32 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-03-18 17:16 - 2014-01-07 18:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 17:16 - 2014-01-07 18:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 17:16 - 2014-01-07 18:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 17:16 - 2014-01-04 08:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 17:16 - 2014-01-04 08:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 17:16 - 2014-01-04 07:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 17:16 - 2014-01-04 06:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 17:16 - 2014-01-02 16:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 17:16 - 2014-01-02 16:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 17:16 - 2013-12-31 18:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 17:16 - 2013-12-31 18:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 17:16 - 2013-12-31 17:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 17:16 - 2013-12-31 17:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 17:16 - 2013-12-31 16:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 17:16 - 2013-12-31 16:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 17:16 - 2013-12-31 16:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 17:16 - 2013-12-30 16:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 17:16 - 2013-12-30 16:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 17:16 - 2013-12-30 16:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 17:16 - 2013-12-30 16:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 17:16 - 2013-12-30 16:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 17:16 - 2013-12-27 08:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 17:16 - 2013-12-27 01:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 17:16 - 2013-12-27 01:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 17:16 - 2013-12-27 01:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 17:16 - 2013-12-27 00:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 17:16 - 2013-12-27 00:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 17:16 - 2013-12-26 23:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 17:16 - 2013-12-21 00:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 17:16 - 2013-12-17 00:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 17:16 - 2013-12-13 23:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 17:16 - 2013-12-13 23:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 17:16 - 2013-12-13 03:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 17:16 - 2013-12-13 00:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-03-18 17:16 - 2013-12-12 23:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 17:16 - 2013-12-12 22:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 17:16 - 2013-12-09 01:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 17:16 - 2013-12-08 21:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-16 17:10 - 2014-03-16 17:24 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-15 21:57 - 2014-03-16 17:10 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Origin
2014-03-15 21:57 - 2014-03-16 17:10 - 00000000 ____D () C:\Users\Andy\AppData\Local\Origin
2014-03-15 21:56 - 2014-03-30 15:59 - 00000000 ____D () C:\ProgramData\Origin
2014-03-15 21:56 - 2014-03-27 17:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-15 20:55 - 2014-03-24 20:39 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-03-15 20:55 - 2014-03-15 20:56 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-03-15 20:55 - 2014-03-15 20:55 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-03-13 06:07 - 2014-02-22 05:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-13 06:07 - 2014-02-22 04:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-12 22:02 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 22:02 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 22:02 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 22:02 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 22:02 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 22:02 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 22:02 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 22:02 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 22:02 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 22:02 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 22:02 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 22:02 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 22:02 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 22:02 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 22:02 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 22:02 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 22:02 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 22:02 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 22:02 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 22:02 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 22:02 - 2014-01-31 09:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 22:02 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 22:02 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 22:02 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 22:02 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 22:02 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 22:02 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 22:02 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 22:02 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 22:02 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 22:02 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 22:02 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 22:02 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 22:02 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 22:02 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 22:02 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 22:02 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 22:02 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 22:02 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 22:02 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 22:02 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 22:02 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 22:02 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 22:02 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 22:02 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 22:02 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 22:02 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 22:02 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 22:02 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 22:02 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 22:02 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 22:02 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 22:02 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 22:02 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 22:02 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 22:02 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 22:02 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 22:02 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
 
==================== One Month Modified Files and Folders =======
 
2014-04-06 11:10 - 2014-04-06 11:10 - 00012248 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-04-06 11:10 - 2014-04-06 11:09 - 00000000 ____D () C:\FRST
2014-04-06 11:09 - 2014-04-06 11:09 - 02157056 _____ (Farbar) C:\Users\Andy\Downloads\FRST64.exe
2014-04-06 11:09 - 2014-04-06 11:09 - 00000625 _____ () C:\Users\Andy\Desktop\JRT.txt
2014-04-06 11:08 - 2014-03-29 14:47 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Spotify
2014-04-06 11:07 - 2014-03-31 20:42 - 00524978 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-06 11:07 - 2013-11-14 00:29 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-06 11:05 - 2014-02-09 18:34 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\ClassicShell
2014-04-06 11:04 - 2014-04-06 11:04 - 00001032 _____ () C:\Users\Andy\Desktop\adwcleaner.txt
2014-04-06 11:03 - 2014-02-02 11:24 - 00003048 _____ () C:\WINDOWS\System32\Tasks\AsrKM
2014-04-06 11:03 - 2014-02-02 11:24 - 00002988 _____ () C:\WINDOWS\System32\Tasks\HDMISwitch
2014-04-06 11:03 - 2014-02-02 03:58 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 11:01 - 2014-04-05 19:17 - 00000000 ____D () C:\AdwCleaner
2014-04-06 11:01 - 2014-02-01 17:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-06 11:01 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-06 11:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-06 10:59 - 2014-04-06 10:59 - 00001332 _____ () C:\Users\Andy\Desktop\EXPORT.txt
2014-04-06 10:54 - 2014-04-05 17:30 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 10:53 - 2014-02-11 17:53 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\uTorrent
2014-04-06 00:14 - 2014-02-02 03:58 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 23:36 - 2014-04-06 11:06 - 01016261 _____ (Thisisu) C:\Users\Andy\Desktop\JRT_NEW.exe
2014-04-05 23:36 - 2014-02-02 03:57 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2277182145-3031813170-2803461784-1001
2014-04-05 23:27 - 2014-02-23 20:50 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-04-05 19:27 - 2014-04-05 19:27 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 19:25 - 2014-04-05 19:25 - 01038974 _____ (Thisisu) C:\Users\Andy\Downloads\JRT.exe
2014-04-05 19:18 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-05 19:17 - 2014-04-05 19:17 - 01426178 _____ () C:\Users\Andy\Downloads\adwcleaner.exe
2014-04-05 19:14 - 2014-04-05 19:14 - 00448512 _____ (OldTimer Tools) C:\Users\Andy\Downloads\TFC.exe
2014-04-05 19:01 - 2014-02-01 14:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-05 18:56 - 2014-04-05 17:27 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-05 17:54 - 2014-04-05 17:23 - 00000000 ____D () C:\Users\Andy\Downloads\Apocalypto [2006] 720p BRRip H264 AC3 - CODY
2014-04-05 17:30 - 2014-04-05 17:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-05 17:30 - 2014-04-05 17:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 17:28 - 2014-04-05 17:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andy\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-04 21:37 - 2014-04-04 21:28 - 00000000 ____D () C:\Users\Andy\Downloads\Usher Complete Discography (iTunes Edition) [theLEAK]
2014-04-03 20:09 - 2014-02-02 03:58 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-03 20:09 - 2014-02-02 03:58 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 09:51 - 2014-04-05 17:30 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-05 17:30 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-05 17:30 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 19:24 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-30 15:59 - 2014-03-15 21:56 - 00000000 ____D () C:\ProgramData\Origin
2014-03-29 17:50 - 2014-03-29 14:48 - 00000000 ____D () C:\Users\Andy\AppData\Local\Spotify
2014-03-29 14:48 - 2014-03-29 14:48 - 00001794 _____ () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2014-03-29 14:22 - 2014-03-29 14:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-03-29 13:04 - 2014-03-29 13:04 - 00000000 ___RD () C:\Users\Andy\Podcasts
2014-03-29 13:04 - 2014-02-01 17:25 - 00000000 ____D () C:\Users\Andy
2014-03-29 13:03 - 2014-03-29 13:03 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-03-29 13:03 - 2014-03-29 13:03 - 00000000 ____D () C:\Program Files\Zune
2014-03-29 13:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-29 12:57 - 2014-02-02 11:26 - 00032320 _____ (FNet Co., Ltd.) C:\WINDOWS\system32\Drivers\FNETTBOH_305.SYS
2014-03-29 12:44 - 2014-02-24 21:27 - 00000000 ____D () C:\Users\Andy\Documents\TurboTax
2014-03-27 17:52 - 2014-03-15 21:56 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-24 20:39 - 2014-03-15 20:55 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-03-24 20:34 - 2014-03-24 20:34 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-24 20:34 - 2014-02-01 17:20 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-24 20:32 - 2014-03-24 20:32 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-03-24 20:16 - 2014-02-02 13:39 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\NVIDIA
2014-03-22 22:06 - 2014-02-10 19:26 - 00000000 ____D () C:\Users\Andy\Documents\My Games
2014-03-21 21:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-03-20 22:13 - 2014-02-02 03:51 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 22:13 - 2014-02-02 03:51 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-20 22:12 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-18 17:27 - 2014-02-01 12:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 17:26 - 2014-02-01 12:19 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-16 17:24 - 2014-03-16 17:10 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-03-16 17:10 - 2014-03-15 21:57 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Origin
2014-03-16 17:10 - 2014-03-15 21:57 - 00000000 ____D () C:\Users\Andy\AppData\Local\Origin
2014-03-15 20:56 - 2014-03-15 20:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-03-15 20:55 - 2014-03-15 20:55 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-03-15 20:36 - 2014-02-04 21:19 - 00000000 ____D () C:\Users\Andy\Documents\4A Games
2014-03-15 20:32 - 2014-02-04 21:18 - 00000000 ____D () C:\Users\Andy\AppData\Local\4A Games
2014-03-14 18:22 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-03-12 22:14 - 2013-08-22 07:44 - 00344664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 22:13 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 22:13 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 22:13 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 22:13 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 21:39 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-07 23:29 - 2014-03-05 18:55 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-03-07 23:29 - 2014-03-05 18:53 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-03-07 16:43 - 2014-03-05 18:53 - 00280792 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
 
Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 22:02] - [2014-01-31 09:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02
 
 
 
LastRegBack: 2014-04-01 21:29
 
==================== End Of Log ============================
 
 

EXPORT.txt

Addition.txt

Link to post
Share on other sites

Zoek.exe v5.0.0.0 Updated 07-March-2014

Tool run by Andy on Sun 04/06/2014 at 19:58:53.38.

Microsoft Windows 8.1 Pro 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Andy\Desktop\zoek\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2014-04-07-025751.log 28643 bytes

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Running Processes ======================

 

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\WINDOWS\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Program Files (x86)\XFastUSB\XFastUsb.exe

C:\Users\Andy\Desktop\zoek\zoek.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

 

==== Deleting Services ======================

 

 

==== System Specs ======================

 

Windows: Windows Version 6.2 (Build 9200)

Memory (RAM): 8123 MB

CPU Info: Intel® Core i5-4670K CPU @ 3.40GHz

CPU Speed: 3452.0 MHz

Sound Card: ASUS VN248-4 (NVIDIA High Defin | 

Realtek HD Audio 2nd output (Re | 

Headset Earphone (Logitech USB  | 

Display Adapters: NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760 | NVIDIA GeForce GTX 760

Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | 802.11n USB Wireless LAN Card

CD / DVD Drives: No optical drives found.

Ports: COM1 LPT Port NOT Present. 

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C:  238.0GB | D:  931.4GB

Hard Disks - Free: C:  126.3GB | D:  807.0GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE |  | ALASKA - 1072009

Time Zone: US Mountain Standard Time

Motherboard *: ASRock Z87 Killer

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Default Browser: Google Chrome 33.0.1750.154

Internet Explorer Version: 11.0.9600.16521 

Google Chrome version: 33.0.1750.154

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Andy\AppData\Local\Temp ====

====== Java Cache =====

====== C:\WINDOWS\SysWOW64 =====

2014-03-25 03:34:34 03F4527F7989F3C0A32CC8250353521E 599840 ----a-w- C:\WINDOWS\SysWOW64\nvStreaming.exe

2014-03-25 03:33:21 F2629C63EBB10DC8023D6C9F91E5EAF4 305600 ----a-w- C:\WINDOWS\SysWOW64\nvoglshim32.dll

2014-03-25 03:33:21 F251000405901AF2D072F8DAA2E20052 333600 ----a-w- C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2014-03-25 03:33:21 D1E06161D1CFCB9EE09DE83F933FEEB0 863064 ----a-w- C:\WINDOWS\SysWOW64\NvIFR.dll

2014-03-25 03:33:21 840D0A13CE31A6B77F462A3A7635C346 832936 ----a-w- C:\WINDOWS\SysWOW64\nvumdshim.dll

2014-03-25 03:33:21 6B52E3F4F83281FEA61A64B49DA28A36 2958792 ----a-w- C:\WINDOWS\SysWOW64\nvcuvid.dll

2014-03-25 03:33:21 61E9A874C8C9D37CB1C16FC8CD188219 409544 ----a-w- C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2014-03-25 03:33:21 4586B6778AB37073C6F9299A8ED9911C 2411976 ----a-w- C:\WINDOWS\SysWOW64\nvcuvenc.dll

2014-03-25 03:33:21 2999B2D007E85C0CAE4E924B5A968E5F 15783992 ----a-w- C:\WINDOWS\SysWOW64\nvwgf2um.dll

2014-03-25 03:33:21 2794CD0B5D3E1E58924F91F5B9090A00 23716640 ----a-w- C:\WINDOWS\SysWOW64\nvoglv32.dll

2014-03-25 03:33:21 233E9358B1CB24DA6EC8E4F9A92E8351 9690424 ----a-w- C:\WINDOWS\SysWOW64\nvopencl.dll

2014-03-25 03:33:21 16CE5F4841E5B9B439CB14D2055C7729 846168 ----a-w- C:\WINDOWS\SysWOW64\NvFBC.dll

2014-03-25 03:33:21 14609E9416E50FBF3FC2E503A6080540 148016 ----a-w- C:\WINDOWS\SysWOW64\nvinit.dll

2014-03-25 03:33:20 BDB449FF917D70D19674E0897AB6FB70 9728064 ----a-w- C:\WINDOWS\SysWOW64\nvcuda.dll

2014-03-25 03:33:20 BC391AFA1276949508044E3E04FBAEE3 17561544 ----a-w- C:\WINDOWS\SysWOW64\nvcompiler.dll

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

2014-03-25 03:33:21 D1DE017D96E03ED7D3B7FA2177F18CC4 11589272 ----a-w- C:\WINDOWS\Sysnative\nvopencl.dll

2014-03-25 03:33:21 C1D6FFF46028D72D52325E79537EBAD0 174296 ----a-w- C:\WINDOWS\Sysnative\nvinitx.dll

2014-03-25 03:33:21 AE8DEB3B016B10C15F9317656AA503D0 877856 ----a-w- C:\WINDOWS\Sysnative\NvFBC64.dll

2014-03-25 03:33:21 A7F85855BA07B5863F4F825DC0D13B23 1516488 ----a-w- C:\WINDOWS\Sysnative\nvdispgenco6433523.dll

2014-03-25 03:33:21 A7B21E5A7F2FBED2C0EBCEB132F5053A 1885472 ----a-w- C:\WINDOWS\Sysnative\nvdispco6433523.dll

2014-03-25 03:33:21 8FCD2647A7EC387CC042FDEF1E613A45 353504 ----a-w- C:\WINDOWS\Sysnative\nvoglshim64.dll

2014-03-25 03:33:21 713847FFF1C21AB146EC4BC77313E09C 3143456 ----a-w- C:\WINDOWS\Sysnative\nvcuvid.dll

2014-03-25 03:33:21 593F9F97F6EEACA8EEE9E86FF037DC89 892704 ----a-w- C:\WINDOWS\Sysnative\NvIFR64.dll

2014-03-25 03:33:21 56C4C713B243C63A8631CD49B75BCE30 484296 ----a-w- C:\WINDOWS\Sysnative\nvEncodeAPI64.dll

2014-03-25 03:33:21 3D6A11AFC01C64967DEE3114BBA15CF8 17755424 ----a-w- C:\WINDOWS\Sysnative\nvd3dumx.dll

2014-03-25 03:33:21 15B44E20796692FD787133F1A9B2785A 2783008 ----a-w- C:\WINDOWS\Sysnative\nvcuvenc.dll

2014-03-25 03:33:21 14269F531D6D894583FC2AB56B345698 377688 ----a-w- C:\WINDOWS\Sysnative\NvIFROpenGL.dll

2014-03-25 03:33:21 0DE740225F2FD43C45BA6D4A3378C3C1 31474976 ----a-w- C:\WINDOWS\Sysnative\nvoglv64.dll

2014-03-25 03:33:21 073FA5999FC8C2852F0667558D91049D 11636176 ----a-w- C:\WINDOWS\Sysnative\nvcuda.dll

2014-03-25 03:33:20 D83E3F4CDDA74D3493C818EDFD64FADA 25255256 ----a-w- C:\WINDOWS\Sysnative\nvcompiler.dll

====== C:\WINDOWS\Sysnative\drivers =====

2014-04-06 00:30:39 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys

2014-04-06 00:30:29 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys

2014-04-06 00:30:29 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys

2014-04-06 00:30:29 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys

2014-03-29 21:22:20 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

2014-03-29 21:22:20 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_WinUSB_01009.Wdf

2014-03-25 03:33:21 757ACE4D4C9FF0571F86AA5D586B45E8 12708128 ----a-w- C:\WINDOWS\Sysnative\drivers\nvlddmkm.sys

2014-03-19 00:16:11 13B160C1913F012BD1615EB1398D3779 1530712 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys

2014-03-19 00:16:10 D22EB844EB57D016CC34178AC86456DF 325464 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS

2014-03-19 00:16:10 22EDC0DE06A0272DFA4C7B47B5D8E377 382808 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys

2014-03-19 00:16:09 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\WINDOWS\Sysnative\drivers\rdbss.sys

2014-03-19 00:16:08 DF355EB0199198728027962DCFCDE5FB 121088 -c--a-w- C:\WINDOWS\Sysnative\drivers\USBAUDIO.sys

2014-03-13 05:02:22 ECC68BD5347BDE9631EE68274858A41F 2543960 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys

2014-03-13 05:02:21 C85C075DE5B6D0FE116043054DE8EE02 311640 -c--a-w- C:\WINDOWS\Sysnative\drivers\volsnap.sys

2014-03-13 05:02:19 C52148456E0F6EAD9E903020A79207FC 236888 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys

2014-03-13 05:02:19 57F22324FAAF92ADF957B281E88F1743 124760 ----a-w- C:\WINDOWS\Sysnative\drivers\WdNisDrv.sys

2014-03-13 05:02:19 241895E8A9C158DF86E12FDD21033A32 35856 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys

====== C:\WINDOWS\Tasks ======

2014-04-07 02:53:03 F02649240A3BAF882FC4FB112612CCF9 3144 ----a-w- C:\WINDOWS\Sysnative\Tasks\{F670771D-777A-43A0-8CD4-3F8B30EB6D85}

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2014-04-06 00:27:51 -------- d-----w- C:\Program Files\PeerBlock

2014-03-29 20:03:23 -------- d-----w- C:\Program Files\Zune

======= C:\PROGRA~2 =====

2014-03-17 01:56:18 -------- d--h--w- C:\PROGRA~2\COMMON~1\EAInstaller

2014-03-17 00:10:55 -------- d-----w- C:\PROGRA~2\Origin Games

2014-03-16 04:56:38 -------- d-----w- C:\PROGRA~2\Origin

2014-03-16 03:55:29 -------- d-----w- C:\PROGRA~2\MSI Afterburner

======= C: =====

====== C:\Users\Andy\AppData\Roaming ======

2014-04-07 02:57:52 -------- d-----w- C:\Users\Andy\AppData\Local\VirtualStore

2014-04-07 02:57:12 -------- d-----w- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp

2014-04-07 02:57:12 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp

2014-04-07 02:57:12 -------- d-----w- C:\Users\Default\AppData\Local\Temp

2014-04-07 02:57:12 -------- d-----w- C:\Users\Default User\AppData\Local\Temp

2014-04-07 02:57:12 -------- d-----w- C:\Users\Andy\AppData\Local\Temp

2014-03-29 21:48:14 -------- d-----w- C:\Users\Andy\AppData\Local\Spotify

2014-03-29 21:47:55 -------- d-----w- C:\Users\Andy\AppData\Roaming\Spotify

2014-03-16 04:57:41 -------- d-----w- C:\Users\Andy\AppData\Roaming\Origin

2014-03-16 04:57:40 -------- d-----w- C:\Users\Andy\AppData\Local\Origin

2014-03-16 03:55:37 -------- d-----w- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner

====== C:\Users\Andy ======

2014-04-06 18:09:40 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\Andy\Downloads\FRST64.exe

2014-04-06 18:06:30 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Andy\Desktop\JRT_NEW.exe

2014-04-06 02:25:37 519A940A2CDAADE35F1EC164CB81DD82 1038974 ----a-w- C:\Users\Andy\Downloads\JRT.exe

2014-04-06 02:17:12 04B47DEEB298AE90A0C42DEAED71F8BA 1426178 ----a-w- C:\Users\Andy\Downloads\adwcleaner.exe

2014-04-06 02:14:04 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Andy\Downloads\TFC.exe

2014-04-06 00:28:38 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Andy\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-06 00:27:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock

2014-03-29 20:04:15 -------- d-----r- C:\Users\Andy\Podcasts

2014-03-29 20:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune

2014-03-16 04:56:43 -------- d-----w- C:\ProgramData\Origin

 

====== C: exe-files ==

2014-04-06 18:09:54 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Andy\AppData\Local\Microsoft\Windows\INetCache\IE\M4XQJ9OZ\FRST64[1].exe

2014-04-06 18:09:40 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\Andy\Downloads\FRST64.exe

2014-04-06 18:06:30 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Andy\Desktop\JRT_NEW.exe

2014-04-06 02:25:37 519A940A2CDAADE35F1EC164CB81DD82 1038974 ----a-w- C:\Users\Andy\Downloads\JRT.exe

2014-04-06 02:17:12 04B47DEEB298AE90A0C42DEAED71F8BA 1426178 ----a-w- C:\Users\Andy\Downloads\adwcleaner.exe

2014-04-06 02:14:04 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Andy\Downloads\TFC.exe

2014-04-06 00:28:38 302103AF95A8F43AD85F80DAE14BDB9C 17305616 ----a-w- C:\Users\Andy\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-06 00:27:52 BA00E1FCDD7FDCA70024BE182EB2C158 2513992 ----a-w- C:\Program Files\PeerBlock\peerblock.exe

2014-04-06 00:27:51 E73A938DD7C05D41917F9D5C4D43CE0F 1194775 ----a-w- C:\Program Files\PeerBlock\unins000.exe

2014-04-04 05:52:04 0A0D5A3AA1A5CBC27EBE0A985B9DB900 3443872 ----a-w- C:\Users\Andy\AppData\Local\NVIDIA\NvBackend\Packages\000059bd\DAO.18192802.exe

2014-04-04 03:09:30 E093151047BBFFC0CD78D52F36490206 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe

2014-04-04 03:09:30 7E6B107120108B3A15BFECE0DE3201DB 228744 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

2014-04-04 03:09:30 6EFC5F64258FE0D9DA3CCFA7FF4D84BD 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdateComRegisterShell64.exe

2014-04-04 03:09:30 398F40FAE5ADA9521544393F1F67A17E 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdateBroker.exe

2014-04-04 03:09:30 0D5CE0E5AEC3ACC7930AB955334B8533 281480 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

2014-04-04 03:09:30 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdateSetup.exe

2014-04-04 03:09:29 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleUpdate.exe

2014-04-04 03:09:28 039DE3F65C7992994F788EAC8E79BF4F 884504 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.23.9\GoogleUpdateSetup.exe

2014-04-02 03:43:43 4C67B0A9D9D17BF19ED4A3724D1D4628 3428656 ----a-w- C:\Users\Andy\AppData\Local\NVIDIA\NvBackend\Packages\000059a4\DAO.18179243.exe

2014-04-01 03:42:45 5F27312A2C998C1B29773E23321D36A4 3428584 ----a-w- C:\Users\Andy\AppData\Local\NVIDIA\NvBackend\Packages\0000598f\DAO.18171778.exe

2014-04-01 03:42:43 94BF0D309CE93DC72734423107F53F93 304536 ----a-w- C:\Users\Andy\AppData\Local\NVIDIA\NvBackend\Packages\0000593b\drsupdate.18115115_RUNASUSER.exe

=== C: other files ==

2014-04-06 00:30:39 6140163BFE9D8F2DFDBA088ED5521C13 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-06 00:30:29 FD5465B876D55534117963FAAA4B9DFC 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-06 00:30:29 4A1356200B82B852E137B687F03E8054 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-06 00:30:29 3FFFB7F54CD7A792099C10402FCF8F56 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-06 00:27:52 D1F41F0CED2BDD82148D4E5269EE01B9 22600 ----a-w- C:\Program Files\PeerBlock\pbfilter.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-2277182145-3031813170-2803461784-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"="C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

"Spotify Web Helper"="C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Spotify"="C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart"

 

[HKEY_USERS\S-1-5-21-2277182145-3031813170-2803461784-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XFastUSB"="C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"f.lux"="C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"

"Spotify Web Helper"="C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Spotify"="C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe /uri spotify:autostart"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"Classic Start Menu"="D:\ClassicStartMenu.exe -autorun"

"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/02/2014 03:58 AM]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02/02/2014 03:58 AM]

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\AsrKM" [C:\Program Files (x86)\ASRock Utility\Key Master\AsrKM.exe]

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\HDMISwitch" [C:\Program Files (x86)\ASRock Utility\HDMISwitch\Bin\HDMISwitch.exe]

 

==== Chrome Look ======================

 

Google Docs - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

James White - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm

YouTube - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

AdBlock - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

Facebook Unseen - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop

Imagus - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab

Reddit Enhancement Suite - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb

Chromium Wheel Smooth Scroller - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb

Google Maps - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh

Google Wallet - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Auto Refresh Plus - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih

Gmail - Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - D:\ClassicExplorer32.dll

O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - D:\ClassicExplorer32.dll

O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

O4 - HKCU\..\Run: [f.lux] "C:\Users\Andy\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [spotify] "C:\Users\Andy\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\Fatal1ty Utility\F-Stream Tuning\Bin\IOMonitorSrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Andy\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

No Java Cache Found

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Andy\AppData\Local\Temp will be emptied at reboot

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\WINDOWS\Temp successfully emptied

C:\Users\Andy\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Sun 04/06/2014 at 20:03:08.74 ======================
Link to post
Share on other sites

It looks like it's still there, here is the log.

 

www.malwarebytes.org
 
Scan Date: 4/7/2014
Scan Time: 6:10:46 PM
Logfile: lolol.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.07.14
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 238342
Time Elapsed: 2 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Conduit.A, C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.conduit.com/?ctid=CT3323891&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP4C0E7008-BEEC-4FE7-A6BD-FE4B0F8F04A2&SSPV=" ],), ,[0387a681cbb050e69990390ab84ccd33]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Go to the following link: https://support.google.com/chrome/answer/3296214?hl=en follow those instructions and reset all browser settings, that will clear default startup URL`s When all settings are reset go to the following link: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb Install Adblock Plus.

 

and this link: https://chrome.google.com/webstore/detail/flashblock/gofhjkjmkpinhpoiabjplobcaignabnl?hl=en Install FlashBlock.

 

When the above actions are complete run another scan with Malwarebytes, post that log... Make sure all windows and browsers are closed during the scan...

 

Thank you,

 

Kevin

Link to post
Share on other sites

Looks like that did the job!

 

Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/8/2014
Scan Time: 8:05:40 PM
Logfile: EXPORT.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.08.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Andy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239562
Time Elapsed: 2 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Thanks for the log and update, run this please to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Remove disinfection tools
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. Let me know if any remaining issues or concerns... Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.