Jump to content

Search the Community

Showing results for tags 'persistent'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 9 results

  1. So I had been dealing virus for a lot of times but this one just seem to be very persistent i should say. The Adware keeps coming back no matter how hard I tried. I had been running registry check, booting in safe mode and do a recovey state and a lot more stuff like using 5 antivirus to handle this not to mention searching one by one files to search it's core but to my demise I couldn't find it's core till now. Any help for cleaning this adware? cause i had done a factory reset and it was still here :")). Thx before hand
  2. Hello, I am having trouble with PUP.Optional.Legacy in Chrome. Tried multiple scanners, only AdwCleaner detects it I've been battling this beast for a while now. What I've done so far: I've clean installed windows twice. I have reset chrome settings multiple times. I have reset chrome sync multiple times.I have deleted cookies, preferences and all files from %LOCALAPPDATA% for Chrome. I have installed Chrome from the offline installer. I have cut the internet connection and did all of those steps again. I've narrowed it down to this: At first I thought it comes from my profile/sync. But I have done the steps below, without internet connection and it keeps coming back. It is somehow connected with the search engines/search providers of Chrome and/or Chrome settings. I can clean it with AdwCleaner, or manually remove the search engines from Chrome settings and it seems to disappear. But even if it does, after a few minutes, Chrome starts lagging, freezing a lot, and loading pages very, very slowly. I can tab out of Chrome and go to another browser, enter the web site and it will fully load, while in Chrome it is still loading. I run a scan with AdwCleaner - nothing, but I know it's there, my browser is lagging so bad... Here how it always comes back. Every time I click on "Reset settings" in Chrome, the adware/virus comes back. This additional search engines appear in the settings: And after a scan, these are the results: And here is the Log File from the scan: AdwCleaner[S70].txt I am not smart enough to handle this on my own. I need help.
  3. First off- using a vm machine, host OS is ubuntu linux- the logs attached are from Virtual Box of a Window 10 machine. I have to use a linux machine because; - can not reinstall any Windows without the infection hijacking the install, I've tried installing WinXP, 8.1, 7, 7 pro, WinUltimate, -during reinstall, at the cd/rom loads, then at a point the install instructions are taken over, and a similiar gui appears to complete install. -infects any device attached physical of network, usb will be formatted automatically (fake warning posted gui) -registry is infected -possible firmware exploited, usb and pci seem to be used as alternate devices, -system32 files are unusual -unable to flash bios -appears as hidden sector or directory, hijacks the mbr, -has the ability to replicate if deleted or core files, registry is changed -suspected WMI Shell running with TRUSTED INSTALLER -Possible ChipSec related? I think I've tried everthing as far as scans, rkhunter, Hirens Boot Cd, Process Monitor, msconfig, BIOS settings, hdd replacement. All my machines at home are down/infected. Only way to get back was Linux, and using VM to start Windows 10. This is from a enterprise PC Tech Level 2 working at home. FRST.txt Addition.txt mbt first scan.txt
  4. Hi everyone, My name is Ryan and I'm new to the community, and I'm coming to you all with some irritable reasons. I have had the most persistent malware infecting (I think only chrome - on Win 10) for the past 2 weeks with no avail. Currently I have used JRT, AdwCleaner, HitManPro, Malwarebytes and Avast. The last two never seem to detect anything, while the first three detect and delete, detect and delete, detect and delete... without permanently resolving my issue! I have removed all suspicious chrome extensions, reset my chrome several times, and even remain logged out of my chrome account with no avail - it keeps coming back essentially in the form of ad redirects. The most unusual element of this is whenever I click on any google docs urls it immediately turns into an ad redirect that malwarebytes blocks (even when not signed into chrome). I'm at a loss and not entirely sure what to do. I've attached some screenshots detailing some logs/readouts of what I've encountered so far in terms of problems. If there are any experts out here who can help me purge my chrome of this adware I would be overly appreciative (especially with regards to saving the money I'd have to spend on a computer guy). Best, Ryan P.S. HitManPro sometimes detects up to 25 tracers including the conduit, and I've managed to bring AdwCleaner to 3-4 each time. Funny thing is they usually detect nothing until I re-open chrome from my taskbar on Windows 10. The blocked site by malwarebytes is also the result of clicking a google docs link.
  5. We seem to have 4 VERY persistent infections. Mind Spark, Ask.com & others. No amount of cleaning gets rid of the problems! Please Help! After reinstalling Malwarebytes and scanning, it cleaned 327 items. Ran AdwCleaner it removed a bunch of threats. This morning 2 were right back so I ran AdwCleaner again and Hitmman pro after that and then 4 items were back. I am near my wits end!! The Hitman pro log is copied below. HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : ACER-PC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : acer-PC\acer UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-29 15:34:42 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 2,076,381 Files scanned . . . . : 66,173 Remnants scanned . . : 421,941 files / 1,588,267 keys Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ASock32.OCX Size . . . . . . . : 62,384 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5DB604CEEE5C4502F7FB4DB77CDBBA70F0783AF3A92389749040167384ECDC9F Product . . . . . : ASOCKET Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry ASocket Control Version . . . . . : 5.00.012 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\GetHst32.OCX Size . . . . . . . : 46,512 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.5 SHA-256 . . . . . : 37643B0F7D6B680B79CC6F53A34E4F655E5649AC83703C5531E6598950076ED6 Product . . . . . : GetHst Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet GetHst Control Version . . . . . : 5.00.007 Copyright . . . . : Copyright © 1996-1998 by Mabry Software, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\Mftp32.ocx Size . . . . . . . : 75,696 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.8 SHA-256 . . . . . : 6249744A37B44608E569160B7281D34AFA6BFDF625FF60237C400067575F54A5 Product . . . . . : Mabry Internet FTP Control Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet FTP Control Version . . . . . : 5.00.015 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-4003829262-2848994777-1340562341-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
  6. I was plagued with multiple incoming IP block messages. After reading some of the suggested solutions, which included downloading software packages, I decided upon a different approach. (I am using Symantec End Point as an antivirus unmanaged.) I went to the Malware protection log and did an IP trace of the IP addresses…there were multiple entries for the same IPs. I then did a Whois for the area (Russia, Ukrane, Netherlands and Spain) and got the IP block associated with the IPs and the slash. Since I do not do business with any of these countries, I went into my edn Point firewall and blocked the IP blocks. The problem persisted even after blocking the IPs in the firewall…it appears that Malwarebytes was intercepting the intrusion before the IP got to the firewall. I then uninstalled Malwarebytes and restarted my computer. After restart, I ran a full scan with endpoint…no problems were found. I then re-installed Malwarebytes and restarted my machine again. After restart, I ran a full scan with Malwarebytes…no problems detected. After do this, the persistent incoming IP blocked occurrences stopped. I repeated the process for all of my servers and work stations. From time to time I do get a message of an IP blockage but such attempted intrusions are now manageable. I check the protection log each day and do a firewall block for that IP block and it now appears that the IPs are getting blocked before Malwarebytes can detect recurring intrusions from the newly added firewall IP blockages. I have absolutely no rational as to why this worked, I only know that it worked for me and I did not have to download any additional software. Smiles
  7. I scanned my computer for malware and it only comes up with 1 "non malware" registry key problem but when I tell it to quarantine it, restart my computer, and rescan, it shows it again. It says its non malware but I want to remove it just to be safe because the fact that it doesn't go away worries me that it might be hiding something else. I had a similar virus before and got help on this site but I can't find the forum and when I tried to recover my password from my old account it wouldn't send me the email and I checked my inbox and junk.
  8. For some time now MBAM finds one key and 6 other registry entries entitled pup funmoods. I delete them and they always return on the subsequent scans. ADW Cleaner also finds two registry entries to do with Search Scopes. I ran JRT and it finds something similar. They all find these repeatedly despite my removing/fixing them. No other indications on my computer of malware. ADW and MBAM texts attached along with FRST and Additions text. Strangly MBAM always finds 7 and ADW cleaner only two entries. Addition.txt FRST.txt AdwCleanerR27.txt mbam pup2.txt
  9. FRST log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014 Ran by Nikolas Kosse (administrator) on NIKOLAS on 07-05-2014 13:03:57Running from C:\Users\Nikolas Kosse\DesktopWindows 8.1 Pro (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Microsoft Corporation) C:\Windows\System32\vmms.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe(Beepa P/L) F:\Fraps\fraps.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe(ASUSTeK Computer Inc.) F:\Program Files (x86)\AI Suite II\AsRoutineController.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Beepa P/L) F:\Fraps\fraps64.dat(Flux Software LLC) C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe(Akamai Technologies, Inc.) C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe(Akamai Technologies, Inc.) C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\WhatPulse2\whatpulse.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dropbox, Inc.) C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox\bin\Dropbox.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) F:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Advanced Micro Devices, Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices, Inc.) F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar64.exe(ASUSTeK Computer Inc.) F:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [LGODDFU] => F:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2013-03-20] (Bitleader)HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] => F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [F.lux] => C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [DAEMON Tools Ultra Agent] => F:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3054592 2014-04-17] ()HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [F.lux] => C:\Users\Nikolas Kosse\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Nikolas Kosse\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Ultra Agent] => F:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)HKU\S-1-5-21-4032097650-2782287338-3786064700-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3054592 2014-04-17] ()Startup: C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> F:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3A70DDAFE6B2CE01SearchScopes: HKCU - {150DC209-6D8B-40E7-9A82-1D060BEEE62F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 172.16.1.1 FireFox:========FF ProfilePath: C:\Users\Nikolas Kosse\AppData\Roaming\Mozilla\Firefox\Profiles\awesg5dg.default-1393998567899FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - F:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.1.2 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @videolan.org/vlc,version=2.1.3 - F:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No FileFF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: vmware.com/client-support-plugin - C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll (VMware, Inc.)FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nikolas Kosse\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-04]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-04]FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - F:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\FF Extension: Freemake Video Converter Plugin - F:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-04-03] Chrome: =======CHR Extension: (Entanglement Web App) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-05-06]CHR Extension: (reddit companion) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-05-06]CHR Extension: (Google Docs) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-06]CHR Extension: (Google Drive) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-06]CHR Extension: (YouTube) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]CHR Extension: (Honey) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-05-06]CHR Extension: (Facebook) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-05-06]CHR Extension: (Adblock Plus) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-06]CHR Extension: (Webpage Screenshot) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-05-06]CHR Extension: (Nanny for Google Chrome ) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2014-05-06]CHR Extension: (Google Search) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]CHR Extension: (20 Things I Learned About Browsers & the Web) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdlnlenokgjjchimonbekcmnofmlibg [2014-05-06]CHR Extension: (Logitech SetPoint) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2014-05-06]CHR Extension: (Blox) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdpcmbkiglkkgciedmkdlbnpjdinchm [2014-05-06]CHR Extension: (GIF Scrubber) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp [2014-05-06]CHR Extension: (Chuck Anderson) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegkoiakifeoejnjkbnnojkkdoegeofp [2014-05-06]CHR Extension: (AdBlock) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-06]CHR Extension: (Hover Free) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2014-05-06]CHR Extension: (Cloud Reader) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-06]CHR Extension: (OpinionCloud (for YouTube™ & Flickr™)) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobpaepjhflihdcgajlbmkipfdmjmkda [2014-05-06]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-06]CHR Extension: (StumbleUpon) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-05-06]CHR Extension: (Beautify FB) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldngjhkgckijklngngononnejmadojce [2014-05-06]CHR Extension: (Google Mail Checker) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-06]CHR Extension: (Graph.tk) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk [2014-05-06]CHR Extension: (Google Wallet) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Google Quick Scroll) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-05-06]CHR Extension: (Sinuous) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl [2014-05-06]CHR Extension: (Gmail) - C:\Users\Nikolas Kosse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-04-03]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] ==================== Services (Whitelisted) ================= S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)S4 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-11] (Freemake)R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [14760 2012-09-26] (Microsoft Corporation)R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc.exe [4370736 2014-04-21] (Leap Motion, Inc.)R2 MBAMScheduler; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)R2 MBAMService; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)S3 Microsoft SharePoint Workspace Audit Service; F:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-20] ()R2 vmms; C:\Windows\system32\vmms.exe [13368832 2013-09-14] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-10-29] (Disc Soft Ltd)S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-10-29] (Microsoft Corporation)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 Linksys_adapter_H; C:\Windows\system32\DRIVERS\AE1200w764.sys [1254464 2011-03-29] (Broadcom Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-10-29] (Microsoft Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-07] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-10-29] (Microsoft Corporation)S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-10-29] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-07-16] (Splashtop Inc.)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [19456 2013-10-29] (Microsoft Corporation)R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)S3 NPF; system32\drivers\NPF.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-07 13:03 - 2014-05-07 13:04 - 00029561 _____ () C:\Users\Nikolas Kosse\Desktop\FRST.txt2014-05-07 13:03 - 2014-05-07 13:03 - 00000000 ____D () C:\FRST2014-05-07 13:02 - 2014-05-07 13:02 - 02063872 _____ (Farbar) C:\Users\Nikolas Kosse\Desktop\FRST64.exe2014-05-06 23:08 - 2014-05-06 23:08 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\DropboxMaster2014-05-06 22:12 - 2014-05-06 22:12 - 00247592 _____ (Premium Installer ) C:\Users\Nikolas Kosse\Downloads\Player-Chrome.exe2014-05-06 14:40 - 2014-05-06 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-06 14:35 - 2014-05-06 14:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-05-06 13:53 - 2014-05-06 14:36 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-06 13:24 - 2014-05-06 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-05-06 12:53 - 2014-05-06 12:55 - 00000000 ____D () C:\AdwCleaner2014-05-06 12:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-05-05 22:42 - 2014-05-07 12:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-05 22:41 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-05 22:41 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-05 22:41 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-02 22:07 - 2014-04-29 11:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-02 22:07 - 2014-04-29 09:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-29 16:33 - 2014-04-29 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-04-24 12:55 - 2014-04-24 12:55 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-22 22:41 - 2014-04-23 18:14 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\dxhr2014-04-22 22:40 - 2014-04-22 22:40 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\280502014-04-22 22:37 - 2014-04-22 22:37 - 00000000 ____D () C:\Users\Nikolas Kosse\Documents\Square Enix2014-04-12 14:36 - 2014-04-12 14:37 - 13697924 _____ () C:\Users\Nikolas Kosse\Documents\Stormdata.xlsx2014-04-09 12:27 - 2014-03-10 05:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-04-09 12:27 - 2014-03-10 05:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys2014-04-09 12:27 - 2014-03-06 04:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 12:27 - 2014-03-06 04:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-04-09 12:27 - 2014-03-06 01:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-04-09 12:27 - 2014-03-06 01:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb ==================== One Month Modified Files and Folders ======= 2014-05-07 13:04 - 2014-05-07 13:03 - 00029561 _____ () C:\Users\Nikolas Kosse\Desktop\FRST.txt2014-05-07 13:03 - 2014-05-07 13:03 - 00000000 ____D () C:\FRST2014-05-07 13:02 - 2014-05-07 13:02 - 02063872 _____ (Farbar) C:\Users\Nikolas Kosse\Desktop\FRST64.exe2014-05-07 13:02 - 2013-10-29 15:35 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5E4DEF81-3143-4E90-A40A-6EF6D0BB775A}2014-05-07 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru2014-05-07 12:55 - 2013-06-24 15:34 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\WhatPulse2014-05-07 12:53 - 2014-05-05 22:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-07 12:47 - 2013-03-13 17:12 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-07 12:40 - 2013-09-02 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-07 11:55 - 2013-10-29 00:18 - 01429620 _____ () C:\Windows\WindowsUpdate.log2014-05-07 08:54 - 2012-11-28 02:34 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4032097650-2782287338-3786064700-10012014-05-07 08:49 - 2013-03-13 17:46 - 00000000 ___RD () C:\Users\Nikolas Kosse\Google Drive2014-05-07 08:48 - 2013-03-13 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-05-07 08:35 - 2014-03-01 19:32 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for NIKOLAS-Nikolas Kosse Nikolas2014-05-07 08:27 - 2012-12-15 13:18 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\LogMeIn Hamachi2014-05-07 08:25 - 2013-09-12 20:27 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Dropbox2014-05-07 08:24 - 2013-10-29 01:41 - 00000000 __RDO () C:\Users\Nikolas Kosse\SkyDrive2014-05-07 08:24 - 2013-09-10 14:21 - 00003152 _____ () C:\Windows\System32\Tasks\FRAPS2014-05-07 08:24 - 2013-03-13 17:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-07 03:57 - 2013-10-13 20:06 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\vlc2014-05-06 23:28 - 2012-12-11 14:30 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-05-06 23:15 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness2014-05-06 23:08 - 2014-05-06 23:08 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\DropboxMaster2014-05-06 23:08 - 2013-09-29 23:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-06 23:08 - 2013-09-12 20:28 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-05-06 23:08 - 2012-11-27 02:41 - 00000000 ___RD () C:\Users\Nikolas Kosse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-06 23:03 - 2013-10-29 00:18 - 27590656 _____ () C:\Windows\system32\vmguest.iso2014-05-06 23:02 - 2013-09-29 22:55 - 00030782 _____ () C:\Windows\PFRO.log2014-05-06 23:02 - 2013-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-05-06 23:02 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-06 23:01 - 2013-08-22 08:25 - 03407872 ___SH () C:\Windows\system32\config\BBI2014-05-06 22:12 - 2014-05-06 22:12 - 00247592 _____ (Premium Installer ) C:\Users\Nikolas Kosse\Downloads\Player-Chrome.exe2014-05-06 14:40 - 2014-05-06 14:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-05-06 14:40 - 2012-11-30 20:22 - 00000000 ____D () C:\Program Files (x86)\Google2014-05-06 14:36 - 2014-05-06 13:53 - 00000000 ____D () C:\ProgramData\HitmanPro2014-05-06 14:36 - 2012-11-30 20:19 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Google2014-05-06 14:35 - 2014-05-06 14:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-05-06 14:35 - 2013-09-02 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-06 13:24 - 2014-05-06 13:24 - 00000000 ____D () C:\Windows\ERUNT2014-05-06 12:55 - 2014-05-06 12:53 - 00000000 ____D () C:\AdwCleaner2014-05-06 00:03 - 2012-12-03 01:13 - 00000600 _____ () C:\Users\Nikolas Kosse\AppData\Local\PUTTY.RND2014-05-05 23:29 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\SchCache2014-05-05 23:25 - 2013-12-11 01:30 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\CRE2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-05 22:41 - 2014-05-05 22:41 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-05 14:09 - 2013-03-20 21:41 - 00000344 _____ () C:\Windows\lgfwup.ini2014-04-30 21:47 - 2013-10-29 00:10 - 00000000 ____D () C:\Users\Nikolas Kosse2014-04-30 13:20 - 2014-02-17 15:00 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Uber Entertainment2014-04-30 12:32 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-04-29 16:33 - 2014-04-29 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion2014-04-29 16:33 - 2014-01-30 14:26 - 00015118 _____ () C:\Windows\DPINST.LOG2014-04-29 16:33 - 2014-01-30 14:26 - 00000000 ____D () C:\ProgramData\Leap Motion2014-04-29 16:33 - 2013-07-22 14:10 - 00000000 ____D () C:\Program Files (x86)\Leap Motion2014-04-29 16:32 - 2013-08-22 09:44 - 00540816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-04-29 16:32 - 2013-05-28 11:36 - 00000000 ____D () C:\ProgramData\Package Cache2014-04-29 11:00 - 2014-05-02 22:07 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-29 09:47 - 2014-05-02 22:07 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-28 22:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-04-28 21:51 - 2012-11-28 22:57 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Roaming\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Skype2014-04-28 20:49 - 2014-04-28 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-04-28 20:49 - 2013-09-04 18:19 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-04-28 20:49 - 2012-12-01 00:43 - 00000000 ____D () C:\ProgramData\Skype2014-04-24 13:54 - 2013-01-05 11:50 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\Akamai2014-04-24 12:55 - 2014-04-24 12:55 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-24 12:55 - 2014-01-21 17:17 - 00000000 ____D () C:\ProgramData\Oracle2014-04-24 12:55 - 2013-06-25 14:53 - 00000000 ____D () C:\Program Files (x86)\Java2014-04-23 18:14 - 2014-04-22 22:41 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\dxhr2014-04-22 22:40 - 2014-04-22 22:40 - 00000000 ____D () C:\Users\Nikolas Kosse\AppData\Local\280502014-04-22 22:37 - 2014-04-22 22:37 - 00000000 ____D () C:\Users\Nikolas Kosse\Documents\Square Enix2014-04-22 19:24 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-04-22 19:24 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-04-21 15:00 - 2013-01-24 16:21 - 00000600 _____ () C:\Users\Nikolas Kosse\AppData\Roaming\winscp.rnd2014-04-18 09:43 - 2013-10-03 22:33 - 00000000 ____D () C:\Program Files (x86)\WhatPulse22014-04-14 20:13 - 2013-10-16 23:40 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-04-14 20:05 - 2013-10-16 23:40 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-04-14 20:05 - 2013-10-16 23:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-04-14 20:04 - 2013-10-16 23:40 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-04-12 17:46 - 2013-10-09 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132014-04-12 14:37 - 2014-04-12 14:36 - 13697924 _____ () C:\Users\Nikolas Kosse\Documents\Stormdata.xlsx2014-04-09 12:34 - 2013-08-11 18:10 - 00000000 ____D () C:\Windows\system32\MRT2014-04-09 12:34 - 2012-12-12 02:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 12:20 - 2014-04-09 12:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-08 15:16 - 2013-09-02 20:16 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater Files to move or delete:====================C:\Users\Nikolas Kosse\.csp_ovftool_settings.js Some content of TEMP:====================C:\Users\Nikolas Kosse\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\ChangeIcon.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb3a11h.dllC:\Users\Nikolas Kosse\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\LeapUpdate.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.1.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.2.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\npp.6.5.5.Installer.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\Quarantine.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\raptrpatch.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\raptr_stub.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\SkypeSetup.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\Smart Menu x64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\sonarinst.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.2-win32.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.2-win64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\vlc-2.1.3-win64.exeC:\Users\Nikolas Kosse\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-07 03:19 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.