Jump to content

OmigaPlus

aspenufl
 Share

Recommended Posts

aspenufl

aspenufl

Posted
Posted

My computer has been infected by OmigaPlus. It appears every time I open my Firefox browser, and though I don't use them, it also appears with IE and Chrome. I am running Windows 8.1 64-bit. I am a paying customer of Malwarebytes and a full scan did not remove the issue. I would appreciate any help you can give.

 

I ran the Farbar Recovery Scan Tool. Here are copies of the FRST.txt and I tried to copy and past the Addition.txt as well, but it said the post was too long, so I added it as an attachment:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Aaron (administrator) on HABEASCORPUS on 18-06-2014 23:49:44
Running from C:\Users\Aaron\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe
(Examsoft Worldwide Inc.) C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.SoftShield.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\TrivialTechnology.BackgammonFree_1.1.0.2_neutral__0ynvawc60ma20\BackgammonFree.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-10-25] (IDT, Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-13] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2440161752-2662874076-3915418441-1002\...\Run: [Google Update] => C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-05] (Google Inc.)
HKU\S-1-5-21-2440161752-2662874076-3915418441-1002\...\Run: [Facebook Update] => C:\Users\Aaron\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-23] (Facebook Inc.)
HKU\S-1-5-21-2440161752-2662874076-3915418441-1002\...\Run: [GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {DE104AD4-D05E-4E13-B561-8BA2A29AB58C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {DE104AD4-D05E-4E13-B561-8BA2A29AB58C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {26001412-5F84-469C-A464-32640D6CAE91} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {26001412-5F84-469C-A464-32640D6CAE91} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {DE104AD4-D05E-4E13-B561-8BA2A29AB58C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\thhdd005.default-1403095053967
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Aaron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Aaron\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Aaron\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Aaron\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: hp.com/HPDetect - C:\Users\Aaron\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Aaron\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\vrdm0hec.default\extensions\faststartff@gmail.com

Chrome:
=======
CHR HomePage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX
CHR StartupUrls: "hxxp://isearch.omiga-plus.com/?type=hp&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX"
CHR NewTab: "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR DefaultSearchKeyword: omiga-plus
CHR DefaultSearchProvider: omiga-plus
CHR DefaultSearchURL: http://isearch.omiga-plus.com/web/?type=ds&ts=1402959408&from=ild&uid=HitachiXHTS547550A9E384_J2150050FTYEWDFTYEWDX&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-25]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-25]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-25]
CHR Extension: (Hangouts) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-25]

==================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-05] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-31] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2010-12-23] (Pharos Systems International) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67392 2014-05-30] (Hewlett-Packard)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-10-25] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-05] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [266896 2012-06-14] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
U4 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-18 23:49 - 2014-06-18 23:50 - 00027623 _____ () C:\Users\Aaron\Downloads\FRST.txt
2014-06-18 23:49 - 2014-06-18 23:49 - 00000000 ____D () C:\FRST
2014-06-18 23:48 - 2014-06-18 23:49 - 02082304 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2014-06-18 23:43 - 2014-06-18 23:43 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-18 14:43 - 2014-06-18 14:43 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-18 14:43 - 2014-06-18 14:43 - 00000000 _____ () C:\autoexec.bat
2014-06-18 14:42 - 2014-06-18 23:43 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-18 14:40 - 2014-06-18 14:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aaron\Downloads\SpyHunter-Installer.exe
2014-06-18 12:57 - 2014-06-18 12:57 - 00012800 ___SH () C:\Users\Aaron\Documents\Thumbs.db
2014-06-18 10:12 - 2014-06-18 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 01:00 - 2014-06-17 01:00 - 00001675 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-06-17 00:57 - 2014-06-17 01:03 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-17 00:57 - 2014-06-17 00:57 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\SupTab
2014-06-17 00:56 - 2014-06-17 00:56 - 00000000 ____D () C:\Program Files (x86)\Nosibay
2014-06-17 00:55 - 2014-06-17 01:00 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Nosibay
2014-06-17 00:55 - 2014-06-17 00:56 - 00013083 _____ () C:\Users\Aaron\AppData\Roaming\Bubble Dock.installation.log
2014-06-17 00:53 - 2014-06-17 00:58 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-17 00:53 - 2014-06-17 00:53 - 00000000 ____D () C:\Users\Aaron\AppData\Local\globalUpdate
2014-06-15 21:11 - 2014-06-18 09:06 - 00000384 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2014-06-15 21:11 - 2014-06-15 21:11 - 00002728 _____ () C:\WINDOWS\System32\Tasks\DriverToolkit Autorun
2014-06-15 21:02 - 2014-06-15 21:05 - 88725024 _____ (Lenovo Group Limited ) C:\Users\Aaron\Downloads\ggwv03ww.exe
2014-06-15 21:00 - 2014-06-15 21:12 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-06-15 21:00 - 2014-06-15 21:00 - 02395840 _____ (Megaify Software ) C:\Users\Aaron\Downloads\driver_setup.exe
2014-06-15 21:00 - 2014-06-15 21:00 - 00000000 ____D () C:\Users\Aaron\AppData\Local\DriverToolkit
2014-06-13 23:32 - 2014-06-13 23:32 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-11 22:56 - 2014-06-17 17:10 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAaron.job
2014-06-11 22:56 - 2014-06-17 08:22 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAaron
2014-06-10 00:08 - 2014-06-15 21:14 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Windows Live
2014-06-10 00:08 - 2014-06-10 00:08 - 00000000 ____D () C:\Users\Aaron\AppData\Local\{9C2A452C-A3C5-4583-AFA0-FB9CCD23BBBA}
2014-06-10 00:08 - 2014-06-10 00:08 - 00000000 ____D () C:\Users\Aaron\AppData\Local\{1419712E-24A0-4432-91D3-544DF1170F1F}
2014-06-10 00:07 - 2014-06-15 20:45 - 00000000 ___RD () C:\Users\Aaron\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2014-06-09 08:11 - 2014-06-08 18:12 - 1444460135 ____N () C:\Users\Aaron\Desktop\20140608_180106.mp4
2014-06-09 08:08 - 2014-06-09 08:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-06-03 23:42 - 2014-06-03 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-03 23:41 - 2014-06-03 23:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 23:41 - 2014-06-03 23:42 - 00000000 ____D () C:\Program Files\iTunes
2014-06-03 23:41 - 2014-06-03 23:42 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-03 23:41 - 2014-06-03 23:41 - 00000000 ____D () C:\Program Files\iPod
2014-06-02 23:55 - 2014-06-02 23:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-06-02 23:55 - 2014-06-02 23:55 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-06-02 23:52 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 18531568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-06-02 23:52 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433788.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433788.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-06-02 23:52 - 2014-05-20 04:44 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-06-02 23:15 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-06-02 23:15 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-06-01 20:41 - 2014-06-18 10:15 - 00000000 ____D () C:\Users\Aaron\Desktop\EU Law
2014-06-01 20:41 - 2014-06-17 10:38 - 00000000 ____D () C:\Users\Aaron\Desktop\IBT
2014-06-01 20:41 - 2014-06-01 20:42 - 00000000 ____D () C:\Users\Aaron\Desktop\Persepectives
2014-05-31 16:28 - 2014-05-31 16:28 - 13774637 _____ () C:\Users\Aaron\Downloads\IMG_3286.jpeg
2014-05-28 17:55 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-05-28 17:55 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-05-23 06:01 - 2014-05-23 06:01 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Disney Interactive
2014-05-23 05:55 - 2014-05-23 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive
2014-05-23 05:54 - 2014-05-23 05:54 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive

==================== One Month Modified Files and Folders =======

2014-06-18 23:50 - 2014-06-18 23:49 - 00027623 _____ () C:\Users\Aaron\Downloads\FRST.txt
2014-06-18 23:49 - 2014-06-18 23:49 - 00000000 ____D () C:\FRST
2014-06-18 23:49 - 2014-06-18 23:48 - 02082304 _____ (Farbar) C:\Users\Aaron\Downloads\FRST64.exe
2014-06-18 23:48 - 2013-10-24 22:19 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2440161752-2662874076-3915418441-1002
2014-06-18 23:46 - 2014-02-08 09:32 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F99088D2-D67F-427E-ACF6-D78A294B8379}
2014-06-18 23:44 - 2013-02-27 05:48 - 00000000 ____D () C:\Users\Aaron\Documents\EXE and ZIP Files
2014-06-18 23:43 - 2014-06-18 23:43 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-06-18 23:43 - 2014-06-18 14:42 - 00000000 ____D () C:\WINDOWS\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-06-18 23:34 - 2013-10-24 18:59 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 23:27 - 2013-10-24 19:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-18 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-18 22:53 - 2013-10-25 07:16 - 02011428 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 22:52 - 2013-12-20 20:27 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002UA.job
2014-06-18 22:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-18 15:03 - 2014-04-23 02:58 - 00000954 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002UA.job
2014-06-18 14:43 - 2014-06-18 14:43 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-18 14:43 - 2014-06-18 14:43 - 00000000 _____ () C:\autoexec.bat
2014-06-18 14:40 - 2014-06-18 14:40 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Aaron\Downloads\SpyHunter-Installer.exe
2014-06-18 12:57 - 2014-06-18 12:57 - 00012800 ___SH () C:\Users\Aaron\Documents\Thumbs.db
2014-06-18 12:56 - 2014-04-15 08:07 - 00000000 ____D () C:\Users\Aaron\Desktop\Sexual Assault in the Military
2014-06-18 10:30 - 2013-02-27 01:57 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Packages
2014-06-18 10:15 - 2014-06-01 20:41 - 00000000 ____D () C:\Users\Aaron\Desktop\EU Law
2014-06-18 10:13 - 2014-06-18 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 10:13 - 2014-05-10 06:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-06-18 10:13 - 2013-10-24 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 09:52 - 2013-12-20 20:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002Core.job
2014-06-18 09:47 - 2013-12-20 20:27 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002UA
2014-06-18 09:47 - 2013-12-20 20:27 - 00003500 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002Core
2014-06-18 09:11 - 2013-10-25 07:32 - 00000000 __RDO () C:\Users\Aaron\SkyDrive
2014-06-18 09:06 - 2014-06-15 21:11 - 00000384 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2014-06-18 09:06 - 2013-10-24 18:59 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-17 18:18 - 2013-06-17 03:22 - 00000000 ____D () C:\Users\Aaron\Downloads\Movies
2014-06-17 17:39 - 2013-10-25 20:57 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-17 17:39 - 2013-10-25 20:57 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-17 17:33 - 2013-09-30 06:04 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-17 17:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-17 17:14 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-17 17:10 - 2014-06-11 22:56 - 00000358 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAaron.job
2014-06-17 14:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-17 10:38 - 2014-06-01 20:41 - 00000000 ____D () C:\Users\Aaron\Desktop\IBT
2014-06-17 08:22 - 2014-06-11 22:56 - 00003172 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAaron
2014-06-17 08:10 - 2013-09-30 05:55 - 00266924 _____ () C:\WINDOWS\PFRO.log
2014-06-17 08:09 - 2013-02-27 05:55 - 00000000 ____D () C:\Users\Aaron\Downloads\Intall Files
2014-06-17 01:03 - 2014-06-17 00:57 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-17 01:00 - 2014-06-17 01:00 - 00001675 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-06-17 01:00 - 2014-06-17 00:55 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Nosibay
2014-06-17 00:58 - 2014-06-17 00:53 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-17 00:57 - 2014-06-17 00:57 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\SupTab
2014-06-17 00:56 - 2014-06-17 00:56 - 00000000 ____D () C:\Program Files (x86)\Nosibay
2014-06-17 00:56 - 2014-06-17 00:55 - 00013083 _____ () C:\Users\Aaron\AppData\Roaming\Bubble Dock.installation.log
2014-06-17 00:56 - 2013-10-25 07:24 - 00001682 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-17 00:56 - 2013-10-24 19:05 - 00001387 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 00:53 - 2014-06-17 00:53 - 00000000 ____D () C:\Users\Aaron\AppData\Local\globalUpdate
2014-06-16 23:59 - 2013-03-18 18:37 - 03663360 ___SH () C:\Users\Aaron\Desktop\Thumbs.db
2014-06-16 21:03 - 2014-04-23 02:58 - 00000932 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2440161752-2662874076-3915418441-1002Core.job
2014-06-15 21:14 - 2014-06-10 00:08 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Windows Live
2014-06-15 21:12 - 2014-06-15 21:00 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-06-15 21:11 - 2014-06-15 21:11 - 00002728 _____ () C:\WINDOWS\System32\Tasks\DriverToolkit Autorun
2014-06-15 21:10 - 2014-02-18 19:54 - 00000000 ____D () C:\WINDOWS\LastGood
2014-06-15 21:10 - 2013-08-22 16:46 - 00390247 _____ () C:\WINDOWS\setupact.log
2014-06-15 21:10 - 2013-08-22 16:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-06-15 21:05 - 2014-06-15 21:02 - 88725024 _____ (Lenovo Group Limited ) C:\Users\Aaron\Downloads\ggwv03ww.exe
2014-06-15 21:00 - 2014-06-15 21:00 - 02395840 _____ (Megaify Software ) C:\Users\Aaron\Downloads\driver_setup.exe
2014-06-15 21:00 - 2014-06-15 21:00 - 00000000 ____D () C:\Users\Aaron\AppData\Local\DriverToolkit
2014-06-15 20:45 - 2014-06-10 00:07 - 00000000 ___RD () C:\Users\Aaron\Downloads\Microsoft.SkypeApp_kzf8qxf38zg5c!App
2014-06-15 20:03 - 2013-10-24 19:13 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\BitTorrent
2014-06-15 12:59 - 2013-10-24 19:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-15 12:59 - 2013-10-24 19:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 23:32 - 2014-06-13 23:32 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-06-11 22:36 - 2013-11-12 22:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-11 22:34 - 2013-11-12 22:03 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-10 00:08 - 2014-06-10 00:08 - 00000000 ____D () C:\Users\Aaron\AppData\Local\{9C2A452C-A3C5-4583-AFA0-FB9CCD23BBBA}
2014-06-10 00:08 - 2014-06-10 00:08 - 00000000 ____D () C:\Users\Aaron\AppData\Local\{1419712E-24A0-4432-91D3-544DF1170F1F}
2014-06-09 08:08 - 2014-06-09 08:08 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-06-09 00:52 - 2013-10-24 19:06 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Mozilla
2014-06-09 00:46 - 2013-10-25 06:49 - 00000000 ____D () C:\Users\Aaron
2014-06-08 18:12 - 2014-06-09 08:11 - 1444460135 ____N () C:\Users\Aaron\Desktop\20140608_180106.mp4
2014-06-03 23:42 - 2014-06-03 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-03 23:42 - 2014-06-03 23:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 23:42 - 2014-06-03 23:41 - 00000000 ____D () C:\Program Files\iTunes
2014-06-03 23:42 - 2014-06-03 23:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-03 23:41 - 2014-06-03 23:41 - 00000000 ____D () C:\Program Files\iPod
2014-06-02 23:55 - 2014-06-02 23:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-06-02 23:55 - 2014-06-02 23:55 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-06-02 23:55 - 2012-12-31 08:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-02 23:14 - 2012-12-31 08:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-02 12:50 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-06-01 20:42 - 2014-06-01 20:41 - 00000000 ____D () C:\Users\Aaron\Desktop\Persepectives
2014-05-31 16:33 - 2013-03-01 18:14 - 01967616 ___SH () C:\Users\Aaron\Downloads\Thumbs.db
2014-05-31 16:28 - 2014-05-31 16:28 - 13774637 _____ () C:\Users\Aaron\Downloads\IMG_3286.jpeg
2014-05-30 19:54 - 2013-11-06 23:18 - 00000000 ____D () C:\ProgramData\SofTest
2014-05-30 19:54 - 2013-11-06 23:18 - 00000000 ____D () C:\Program Files (x86)\Examsoft
2014-05-30 01:07 - 2014-06-02 23:15 - 01715176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 23:15 - 01291232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-10-29 17:01 - 01279480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-10-29 17:01 - 01122312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-05-23 06:01 - 2014-05-23 06:01 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Disney Interactive
2014-05-23 05:55 - 2014-05-23 05:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive
2014-05-23 05:55 - 2012-09-11 22:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-23 05:54 - 2014-05-23 05:54 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
2014-05-20 04:44 - 2014-06-02 23:52 - 31387936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 24025376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 18531568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 17561544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 17480432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 16003912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 12688328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-05-20 04:44 - 2014-06-02 23:52 - 11644928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 11599072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 09735256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 09697640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 03141976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 02953672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 02785568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 02412376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 01889112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433788.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 01541576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433788.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00895776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00867784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00861128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-05-20 04:44 - 2014-06-02 23:52 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-05-20 04:44 - 2014-02-18 19:52 - 14434704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-05-20 04:44 - 2013-10-28 07:48 - 02730208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-05-20 04:44 - 2013-09-05 08:37 - 00952952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2014-05-20 04:44 - 2013-09-05 08:37 - 00837056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2014-05-20 04:44 - 2013-09-05 08:36 - 00166568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2014-05-20 04:44 - 2013-09-05 08:36 - 00146480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2014-05-20 04:44 - 2013-09-05 08:36 - 00026069 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-05-20 04:44 - 2013-09-05 08:35 - 03109248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 06769096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 03514144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 02560968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 01078616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 00927520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-05-20 03:25 - 2012-12-31 08:28 - 00387528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 00076064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2014-05-20 03:25 - 2012-12-31 08:28 - 00062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll

Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aaron\AppData\Local\Temp\Extract.exe
C:\Users\Aaron\AppData\Local\Temp\HPConnectedMusicInstaller_100100106.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Aaron\AppData\Local\Temp\SHSetup.exe
C:\Users\Aaron\AppData\Local\Temp\SP59593.exe
C:\Users\Aaron\AppData\Local\Temp\SP59882.exe
C:\Users\Aaron\AppData\Local\Temp\SP62765.exe
C:\Users\Aaron\AppData\Local\Temp\SP63752.exe
C:\Users\Aaron\AppData\Local\Temp\sp64126.exe
C:\Users\Aaron\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Aaron\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-16 12:15

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

  

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download AdwCleaner by Xplode onto your Desktop.

 

  • Double click on Adwcleaner.exe to run the tool.

  • Click on Scan

  • Once the scan is done, click on the Clean button.

  • You will get a prompt asking to close all programs. Click OK.

  • Click OK again to reboot your computer.

  • A text file will open after the restart. Please post the content of that logfile in your reply.

  • You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

 

  • Shut down your protection software now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message.

 

 

Next,

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thanks for the logs and the update, run the following please:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those two logs, also let me know if you have any remaining issues or concerns..

 

Kevin...

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.