Jump to content

Recommended Posts

Malwarebytes premium has been pestering me about an infection in my google chrome preferences file.  I cant seem to see any addons that should be causing a malware infection.  Logs are attached.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Office (administrator) on OFFICE-PC on 07-08-2014 12:00:57
Running from C:\Users\Office\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NRecord.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Users\Office\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SparkLabs) C:\Program Files\WiTopia\WiTopia.exe
(Google Inc.) C:\Users\Office\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\Office\AppData\Roaming\Spotify\spotify.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
(Dropbox, Inc.) C:\Users\Office\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Microsoft Corporation) C:\Windows\System32\wiawow64.exe
() C:\Users\Office\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Office\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Office\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Office\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Office\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Office\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft) C:\Program Files (x86)\NPVR\NDigitalHost.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Thorvald Natvig) C:\Program Files (x86)\Mumble\mumble.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442200 2013-09-28] (Razer Inc.)
HKLM-x32\...\Run: [syslog] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [RemotePotatoIRHelper] => C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-15] (Valve Corporation)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [WiTopia] => C:\Program Files\WiTopia\WiTopia.exe [814368 2014-06-06] (SparkLabs)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [Google Update] => C:\Users\Office\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-30] (Google Inc.)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [RemotePotatoIRHelper] => C:\Program Files (x86)\FatAttitude\Remote Potato\RPKeySender.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [Amazon Cloud Player] => C:\Users\Office\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [MusicManager] => C:\Users\Office\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4409480 2014-03-12] (Plex, Inc.)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [GoogleChromeAutoLaunch_DF31C8A2E4640D318CF7808D6E5C6704] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Run: [spotify] => C:\Users\Office\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-09] (Spotify Ltd)
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {3faace00-76ec-11e3-ac52-002522b1563b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {6b5450d1-93be-11e3-8eb3-002522b1563b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {6b5451d8-93be-11e3-8eb3-002522b1563b} - Q:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {6b5451e8-93be-11e3-8eb3-002522b1563b} - Q:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {f1114270-f526-11e3-9231-002522b1563b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {f111428f-f526-11e3-9231-002522b1563b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {f11142a3-f526-11e3-9231-002522b1563b} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3641980583-742003494-2150130222-1000\...\MountPoints2: {f3e850d2-c1e5-11e3-bbd4-002522b1563b} - Q:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NextPVR Tray.lnk
ShortcutTarget: NextPVR Tray.lnk -> C:\Program Files (x86)\NPVR\NTray.exe (Menten Holdings Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Office\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB9865FB0488DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SoundCloud Downloader -> {A817C286-3D6B-4ECD-A99C-E44E50DBC523} -> C:\Users\Office\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll (PC Gizmos)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{6E66EAF9-20FF-4821-8745-2B1E78B85660}: [NameServer]8.8.8.8,4.2.2.1
Tcpip\..\Interfaces\{B2F3DDBF-D530-4312-AB61-170FAD072D3A}: [NameServer]8.8.8.8,4.2.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Office\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Office\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Office\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPGTSPlugin.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Office\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: SQLite Manager - C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-11-12]
FF Extension: SoundCloud Downloader - C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default\Extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi [2014-06-20]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-07-30]
CHR Extension: (myPlex Queue Extension) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2013-07-30]
CHR Extension: (Gojee Food) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2013-07-30]
CHR Extension: (Angry Birds) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-07-30]
CHR Extension: (Google Docs) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-30]
CHR Extension: (Google Drive) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-30]
CHR Extension: (Cloud To Butt Plus) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai [2014-08-04]
CHR Extension: (Language Immersion for Chrome) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2013-07-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-30]
CHR Extension: (Google Cast) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-10-30]
CHR Extension: (Adblock Plus) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-30]
CHR Extension: (OneTab) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2013-11-06]
CHR Extension: (Google Search) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-30]
CHR Extension: (Good News) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj [2013-07-30]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2013-07-30]
CHR Extension: (Chromebleed) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-04-13]
CHR Extension: (NewsBlur) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchdledhagjbhhodjjhiclbnaioljomj [2013-07-30]
CHR Extension: (CanIStream.It Search) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\glefnlommggdhmkanajahcaedkpnhnlo [2013-07-30]
CHR Extension: (leNewz) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdphaabjbkfkjahfanijmfhknpdicjkh [2013-07-30]
CHR Extension: (Smile Always) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf [2014-04-02]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-07-30]
CHR Extension: (Google Voice (by Google)) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-08-07]
CHR Extension: (BugMeNot Lite) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2013-07-30]
CHR Extension: (Poppit!) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-07-30]
CHR Extension: (Google Wallet) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-07] () [File not signed]
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-01-12] (Nitro PDF Software)
R2 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [48640 2013-03-24] (Menten Holdings Ltd) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-02] ()
R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [70432 2014-06-06] (SparkLabs)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 2011-05-18] (GenesysLogic)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-18] (Intel Corporation)
S3 imperator2; C:\Windows\System32\DRIVERS\imperator2.sys [11776 2012-12-10] (Razer USA Ltd)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39096 2013-09-13] (Razer Inc)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 StnPport; C:\Windows\System32\DRIVERS\StnPport.sys [97280 2010-10-26] ()
R3 StnSport; C:\Windows\System32\DRIVERS\StnSport.sys [128000 2010-08-20] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [39048 2014-06-06] (The OpenVPN Project)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [285696 2007-06-17] (Jungo)
S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 11:56 - 2014-08-07 12:01 - 00032361 _____ () C:\Users\Office\Downloads\FRST.txt
2014-08-07 11:56 - 2014-08-07 12:00 - 00000000 ____D () C:\FRST
2014-08-07 11:56 - 2014-08-07 11:56 - 02094080 _____ (Farbar) C:\Users\Office\Downloads\FRST64.exe
2014-08-07 11:54 - 2014-08-07 11:54 - 00001293 _____ () C:\Users\Office\Desktop\1.txt
2014-08-04 21:00 - 2014-08-04 21:00 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-04 21:00 - 2014-08-04 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 14:23 - 2014-08-01 14:23 - 156111609 _____ () C:\Users\Office\Downloads\Fhernando - Last Days Of Disco (Deluxe Edition).zip
2014-08-01 14:21 - 2014-08-01 14:22 - 02554924 _____ (Dominik Reichl ) C:\Users\Office\Downloads\KeePass-2.27-Setup.exe
2014-07-31 20:43 - 2014-07-31 20:43 - 00000896 _____ () C:\Users\Office\Desktop\JRT.txt
2014-07-31 20:37 - 2014-07-31 20:37 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 20:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-31 20:32 - 2014-07-31 20:35 - 00000000 ____D () C:\AdwCleaner
2014-07-31 20:31 - 2014-07-31 20:31 - 01361309 _____ () C:\Users\Office\Downloads\AdwCleaner (1).exe
2014-07-31 20:28 - 2014-07-31 20:28 - 01016261 _____ (Thisisu) C:\Users\Office\Downloads\JRT.exe
2014-07-31 20:22 - 2014-07-31 20:29 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 20:22 - 2014-07-31 20:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 20:21 - 2014-07-31 20:21 - 05379160 _____ () C:\Users\Office\Downloads\RogueKillerX64.exe
2014-07-30 20:27 - 2014-07-30 20:27 - 63283272 _____ (Plex, Inc.) C:\Users\Office\Downloads\Plex-Media-Server-0.9.910.458-008ea34-en-US.exe
2014-07-30 14:53 - 2014-07-02 13:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-30 14:52 - 2014-07-02 16:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 14:52 - 2014-07-02 16:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-30 14:52 - 2014-07-02 16:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-28 22:06 - 2014-07-28 22:15 - 00007880 _____ () C:\Users\Office\Downloads\TransactionInfoRequestServlet
2014-07-28 12:41 - 2014-07-28 12:41 - 00294565 _____ () C:\Users\Office\Downloads\update_k5_rescue_pack.zip
2014-07-28 12:10 - 2014-07-28 12:15 - 185928464 _____ () C:\Users\Office\Downloads\update_kindle_5.4.5.bin
2014-07-28 12:06 - 2014-07-28 12:06 - 00097035 _____ () C:\Users\Office\Downloads\k5_rescue_pack_20131220.zip
2014-07-28 11:58 - 2014-07-28 11:59 - 08500254 _____ () C:\Users\Office\Downloads\kindle-usbnet-0.16.N.zip
2014-07-28 11:37 - 2014-07-28 11:37 - 00320995 _____ () C:\Users\Office\Downloads\kindletool-v1.6.2.1-mingw.zip
2014-07-28 11:31 - 2014-07-28 11:32 - 00275532 _____ () C:\Users\Office\Downloads\kindle-jailbreak-1.10.N-r10721.tar.xz
2014-07-28 11:29 - 2014-07-28 13:00 - 00000000 ____D () C:\Users\Office\Downloads\kindle
2014-07-28 11:28 - 2014-07-28 11:28 - 00024927 _____ () C:\Users\Office\Downloads\kindle-jailbreak-1.10.N.zip
2014-07-10 03:00 - 2010-02-23 04:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2014-07-09 09:54 - 2014-07-09 09:54 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-09 09:54 - 2014-07-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-08 17:09 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-08 17:09 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 17:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 17:09 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 17:09 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-08 17:09 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 17:09 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 17:09 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-08 17:09 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-08 17:09 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-08 17:09 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 17:09 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-08 17:09 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 17:09 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 17:09 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-08 17:09 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-08 17:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 17:09 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-08 17:09 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 17:09 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-08 17:09 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 17:09 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-08 17:09 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 17:09 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 17:09 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 17:09 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-08 17:09 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-08 17:09 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 17:09 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-08 17:09 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-08 17:09 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 17:09 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 17:09 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 17:09 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 17:09 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 17:09 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-08 17:09 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 17:09 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-08 17:09 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-08 17:09 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 17:09 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-08 17:09 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 17:09 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 17:09 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 17:09 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 17:09 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 17:09 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 17:09 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 17:09 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-08 17:09 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 17:09 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 17:09 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 17:09 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-08 17:09 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 17:09 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 17:09 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-08 17:02 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-08 17:02 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-08 17:01 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-08 17:01 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 17:01 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 17:01 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 17:01 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-08 17:01 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 17:01 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-08 17:01 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-08 16:56 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-08 16:56 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 16:56 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-07 12:01 - 2014-08-07 11:56 - 00032361 _____ () C:\Users\Office\Downloads\FRST.txt
2014-08-07 12:00 - 2014-08-07 11:56 - 00000000 ____D () C:\FRST
2014-08-07 11:59 - 2013-08-02 00:05 - 00000000 ____D () C:\Users\Office\AppData\Roaming\uTorrent
2014-08-07 11:58 - 2013-07-30 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 11:56 - 2014-08-07 11:56 - 02094080 _____ (Farbar) C:\Users\Office\Downloads\FRST64.exe
2014-08-07 11:56 - 2013-07-30 13:18 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-07 11:54 - 2014-08-07 11:54 - 00001293 _____ () C:\Users\Office\Desktop\1.txt
2014-08-07 11:34 - 2014-04-11 09:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 11:22 - 2013-08-19 15:07 - 00268070 _____ () C:\Windows\DirectX.log
2014-08-07 11:17 - 2013-09-03 11:12 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C23F9974-474B-44AD-ADE4-7F7F11B9881B}
2014-08-07 11:11 - 2013-07-31 12:32 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641980583-742003494-2150130222-1000UA.job
2014-08-07 09:57 - 2014-04-23 11:19 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Spotify
2014-08-07 09:15 - 2014-04-23 11:20 - 00000000 ____D () C:\Users\Office\AppData\Local\Spotify
2014-08-07 03:00 - 2013-07-30 13:10 - 01430626 _____ () C:\Windows\WindowsUpdate.log
2014-08-07 02:06 - 2013-08-29 11:15 - 00000000 ____D () C:\Users\Public\NPVR
2014-08-06 20:56 - 2013-07-30 13:18 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 20:41 - 2009-07-14 00:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 20:41 - 2009-07-14 00:45 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 19:11 - 2013-07-31 12:32 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3641980583-742003494-2150130222-1000Core.job
2014-08-04 21:01 - 2013-09-27 13:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 21:00 - 2014-08-04 21:00 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-04 21:00 - 2014-08-04 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 21:00 - 2013-09-27 13:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 15:31 - 2013-09-28 23:29 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Mumble
2014-08-01 19:48 - 2013-07-30 13:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-01 14:23 - 2014-08-01 14:23 - 156111609 _____ () C:\Users\Office\Downloads\Fhernando - Last Days Of Disco (Deluxe Edition).zip
2014-08-01 14:22 - 2014-08-01 14:21 - 02554924 _____ (Dominik Reichl ) C:\Users\Office\Downloads\KeePass-2.27-Setup.exe
2014-08-01 14:22 - 2013-08-15 03:18 - 00000000 ____D () C:\Users\Office\AppData\Roaming\KeePass
2014-08-01 14:22 - 2013-08-01 14:13 - 00001154 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-08-01 14:22 - 2013-08-01 14:13 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-07-31 20:44 - 2013-08-16 19:10 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Skype
2014-07-31 20:43 - 2014-07-31 20:43 - 00000896 _____ () C:\Users\Office\Desktop\JRT.txt
2014-07-31 20:42 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 20:37 - 2014-07-31 20:37 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 20:37 - 2013-08-02 00:13 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Nitro PDF
2014-07-31 20:37 - 2013-07-30 20:27 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-31 20:37 - 2013-07-30 19:48 - 00000000 ___RD () C:\Users\Office\Dropbox
2014-07-31 20:37 - 2013-07-30 19:48 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Dropbox
2014-07-31 20:36 - 2013-07-30 13:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 20:36 - 2010-11-20 23:47 - 00014802 _____ () C:\Windows\PFRO.log
2014-07-31 20:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 20:36 - 2009-07-14 00:51 - 00093888 _____ () C:\Windows\setupact.log
2014-07-31 20:35 - 2014-07-31 20:32 - 00000000 ____D () C:\AdwCleaner
2014-07-31 20:31 - 2014-07-31 20:31 - 01361309 _____ () C:\Users\Office\Downloads\AdwCleaner (1).exe
2014-07-31 20:29 - 2014-07-31 20:22 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 20:28 - 2014-07-31 20:28 - 01016261 _____ (Thisisu) C:\Users\Office\Downloads\JRT.exe
2014-07-31 20:22 - 2014-07-31 20:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 20:21 - 2014-07-31 20:21 - 05379160 _____ () C:\Users\Office\Downloads\RogueKillerX64.exe
2014-07-30 20:30 - 2014-05-09 11:44 - 00000000 ____D () C:\Program Files (x86)\HVAC-Calc
2014-07-30 20:30 - 2013-12-02 02:57 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-30 20:29 - 2013-08-29 10:55 - 00000000 ____D () C:\ProgramData\RemotePotato
2014-07-30 20:27 - 2014-07-30 20:27 - 63283272 _____ (Plex, Inc.) C:\Users\Office\Downloads\Plex-Media-Server-0.9.910.458-008ea34-en-US.exe
2014-07-30 20:26 - 2013-07-30 19:27 - 00000000 ____D () C:\Program Files (x86)\Trillian
2014-07-30 20:25 - 2013-07-30 20:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 20:25 - 2013-07-30 20:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 14:53 - 2013-08-30 12:08 - 00000000 ____D () C:\Temp
2014-07-30 14:53 - 2013-07-30 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 14:53 - 2013-07-30 13:19 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 09:52 - 2013-07-30 19:48 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-30 09:21 - 2013-11-12 15:32 - 00000000 ____D () C:\Users\Office\AppData\Local\NVIDIA Corporation
2014-07-28 22:15 - 2014-07-28 22:06 - 00007880 _____ () C:\Users\Office\Downloads\TransactionInfoRequestServlet
2014-07-28 13:00 - 2014-07-28 11:29 - 00000000 ____D () C:\Users\Office\Downloads\kindle
2014-07-28 12:41 - 2014-07-28 12:41 - 00294565 _____ () C:\Users\Office\Downloads\update_k5_rescue_pack.zip
2014-07-28 12:15 - 2014-07-28 12:10 - 185928464 _____ () C:\Users\Office\Downloads\update_kindle_5.4.5.bin
2014-07-28 12:06 - 2014-07-28 12:06 - 00097035 _____ () C:\Users\Office\Downloads\k5_rescue_pack_20131220.zip
2014-07-28 11:59 - 2014-07-28 11:58 - 08500254 _____ () C:\Users\Office\Downloads\kindle-usbnet-0.16.N.zip
2014-07-28 11:37 - 2014-07-28 11:37 - 00320995 _____ () C:\Users\Office\Downloads\kindletool-v1.6.2.1-mingw.zip
2014-07-28 11:32 - 2014-07-28 11:31 - 00275532 _____ () C:\Users\Office\Downloads\kindle-jailbreak-1.10.N-r10721.tar.xz
2014-07-28 11:28 - 2014-07-28 11:28 - 00024927 _____ () C:\Users\Office\Downloads\kindle-jailbreak-1.10.N.zip
2014-07-25 12:55 - 2013-09-27 13:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2013-09-27 13:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2013-09-27 13:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2013-09-27 13:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 09:50 - 2014-06-04 23:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 09:50 - 2014-06-04 23:00 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 09:50 - 2013-11-05 12:09 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 09:50 - 2013-11-05 12:09 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-24 03:00 - 2013-07-30 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-18 16:58 - 2013-07-30 13:18 - 00002220 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-09 11:58 - 2013-07-30 20:24 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 11:58 - 2013-07-30 20:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:58 - 2013-07-30 20:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 09:54 - 2014-07-09 09:54 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-09 09:54 - 2014-07-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-09 09:54 - 2013-12-12 09:56 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-07-09 03:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 03:21 - 2009-07-14 00:45 - 00435648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:20 - 2014-06-20 10:42 - 00000000 ____D () C:\Users\Office\AppData\Roaming\PC-Gizmos
2014-07-09 03:17 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 03:17 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 03:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 03:00 - 2013-07-30 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
 
Files to move or delete:
====================
C:\Users\Office\gotomypc_635.exe
 
 
Some content of TEMP:
====================
C:\Users\Office\AppData\Local\Temp\7za.exe
C:\Users\Office\AppData\Local\Temp\Abspdf.exe
C:\Users\Office\AppData\Local\Temp\acfpdfu.dll
C:\Users\Office\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Office\AppData\Local\Temp\acfpdfui.dll
C:\Users\Office\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Office\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Office\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Office\AppData\Local\Temp\cdintf.dll
C:\Users\Office\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_tiqnr.dll
C:\Users\Office\AppData\Local\Temp\InstallAX.exe
C:\Users\Office\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Office\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Office\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Office\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Office\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Office\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Office\AppData\Local\Temp\nvStInst.exe
C:\Users\Office\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Office\AppData\Local\Temp\plugin_e14120.dll
C:\Users\Office\AppData\Local\Temp\Quarantine.exe
C:\Users\Office\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Office\AppData\Local\Temp\setupQaz2o.exe
C:\Users\Office\AppData\Local\Temp\sonarinst.exe
C:\Users\Office\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Office\AppData\Local\Temp\WiTopia%20Installer%202.1.3.exe
C:\Users\Office\AppData\Local\Temp\WiTopia%20Installer%202.1.4.exe
C:\Users\Office\AppData\Local\Temp\WiTopia%20Installer%202.1.5.exe
C:\Users\Office\AppData\Local\Temp\WiTopia%20Installer%202.1.7.exe
C:\Users\Office\AppData\Local\Temp\xmllite.dll
C:\Users\Office\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 00:26
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
    
 
    
Before we start please read and note the following:
    
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Attach Files option below which you can use to attach your reports. Always attach reports from all tools.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    
icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
 
P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

 

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/7/2014

Scan Time: 1:32:18 PM

Logfile: 1.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.07.07

Rootkit Database: v2014.08.04.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Office

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 380320

Time Elapsed: 7 min, 42 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Spigot.A, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063" ],), No Action By User,[0a8e9f23681339fd74b15c99887c6997]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK

 

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;
autoclean;
emptyalltemp;
chrdefaults;
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.

Push Run Script and wait patiently. The scan may take a couple of minutes.

When the scan completes, a zoek-results logfile should open in notepad.

If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)


 

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 07-August-2014

Tool run by Office on Thu 08/07/2014 at 13:54:56.04.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Office\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

8/7/2014 1:56:21 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Office\.android deleted

C:\Users\Office\AppData\Roaming\alsoft.ini deleted

C:\Users\Office\AppData\Roaming\uninstall.bat deleted

C:\PROGRA~3\Package Cache deleted

C:\Users\Office\Downloads\physdiskwrite-0.5.2-PhysGUI-bundle.zip deleted

C:\Users\Office\Searches deleted

C:\Users\Office\gotomypc_635.exe deleted

"C:\PROGRA~3\boost_interprocess\20140731203622.125599\plex_frame_mutex" deleted

"C:\PROGRA~3\boost_interprocess" not deleted

"C:\PROGRA~3\boost_interprocess\20140731203622.125599" not deleted

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default

- SQLite Manager - %ProfilePath%\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi

- SoundCloud Downloader - %ProfilePath%\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default

5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Office\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104

 

 

==== Chrome Look ======================

 

myPlex Queue Extension - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil

Gojee Food - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb

Angry Birds - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj

Cloud To Butt Plus - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai

Language Immersion for Chrome - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl

Google Voice Search Hotword (Beta) - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Google Cast - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd

OneTab - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall

User-Agent Switcher for Chrome - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg

Chromebleed - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic

NewsBlur - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchdledhagjbhhodjjhiclbnaioljomj

CanIStream.It Search - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\glefnlommggdhmkanajahcaedkpnhnlo

leNewz - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdphaabjbkfkjahfanijmfhknpdicjkh

Smile Always - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf

Reddit Enhancement Suite - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb

Google Voice (by Google) - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo

Poppit - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi

 

==== Chromium Startpages ======================

 

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": ""http://search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063" ],

 

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"


 

==== Reset Google Chrome ======================

 

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mcx1-OFFICE-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Workman Oil Co\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

C:\Users\Office\AppData\Local\Mozilla\Firefox\Profiles\mfyimmc8.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=26 folders=21 82295308 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Mcx1-OFFICE-PC\AppData\Local\Temp emptied successfully

C:\Users\Office\AppData\Local\Temp will be emptied at reboot

C:\Users\Workman Oil Co\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Office\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\PROGRA~3\boost_interprocess"  not found

 

==== EOF on Thu 08/07/2014 at 14:06:57.19 ======================
Link to post
Share on other sites

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

 

 

Recommended reading:




icon_exclaim.gifMUST READ - general maintenance: What to do if your Computer is running slowly?

 

 

 

Recommended additional software:



icon_arrow.gifTFC - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

 

 

The following will implement some post-cleanup procedures:

 

=> Please download DelFix by Xplode to your Desktop.

 

Run the tool and check the following boxes below;

checkmark.png Remove disinfection tools

checkmark.png Create registry backup

checkmark.png Purge System Restore

Click Run button and wait a few seconds for the programme completes his work.

At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

 

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

 

My help is free for everybody.


If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif

Thank you!


 

 

 

Stay safe,

TwinHeadedEagle :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/10/2014

Scan Time: 12:35:07 PM

Logfile: 1.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.08.10.04

Rootkit Database: v2014.08.04.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Office

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 374880

Time Elapsed: 8 min, 8 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Spigot.A, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ ""http://search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063" ],), No Action By User,[5b3d80429fdca88e6975a94ffb0936ca]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 09-August-2014

Tool run by Office on Sun 08/10/2014 at 12:54:01.08.

Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Office\Downloads\zoek.exe [scan all users] [script inserted] 

 

==== Older Logs ======================

 

C:\zoek-results2014-08-07-180657.log 8793 bytes

 

==== System Restore Info ======================

 

8/10/2014 12:55:01 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Batch Command(s) Run By Tool======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Office\.android deleted

C:\Users\Office\Downloads\adt-bundle-windows-x86_64-20140702.zip deleted

C:\Users\Office\Searches deleted

"C:\PROGRA~3\boost_interprocess\20140807145119.125599\plex_frame_mutex" deleted

"C:\PROGRA~3\boost_interprocess" not deleted

"C:\PROGRA~3\boost_interprocess\20140807145119.125599" not deleted

 

==== Firefox Extensions ======================

 

ProfilePath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default

- SQLite Manager - %ProfilePath%\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi

- SoundCloud Downloader - %ProfilePath%\extensions\{2b55ea1c-5d12-4fb5-bb9b-2067f8eda4ca}.xpi

 

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

==== Firefox Plugins ======================

 

Profilepath: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\mfyimmc8.default

5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer

DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Office\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin

E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Office\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104

 

 

==== Chrome Look ======================

 

Gojee Food - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb

Angry Birds - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj

Cloud To Butt Plus - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\apmlngnhgbnjpajelfkmabhkfapgnoai

Google Voice Search Hotword (Beta) - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Google Cast - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd

NewsBlur - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchdledhagjbhhodjjhiclbnaioljomj

leNewz - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdphaabjbkfkjahfanijmfhknpdicjkh

Smile Always - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgpmhnmjbhgkhpbgelalfpplebgfjmbf

Reddit Enhancement Suite - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb

Google Voice (by Google) - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo

Poppit - Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi

 

==== Chromium Startpages ======================

 

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences

"homepage": ""http://search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063" ],

 

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"


 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Mcx1-OFFICE-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Workman Oil Co\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX8AAGLA will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

C:\Users\Office\AppData\Local\Mozilla\Firefox\Profiles\mfyimmc8.default\Cache emptied successfully

 

==== Empty Chrome Cache ======================

 

C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=28 folders=22 453059250 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Mcx1-OFFICE-PC\AppData\Local\Temp emptied successfully

C:\Users\Office\AppData\Local\Temp will be emptied at reboot

C:\Users\Workman Oil Co\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Office\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\PROGRA~3\boost_interprocess"  not found

"C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WX8AAGLA" not found

 

==== EOF on Sun 08/10/2014 at 13:05:31.13 ======================
Link to post
Share on other sites

51a612a8b27e2-Zoek.png Fix with ZOEK
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;chrdefaults;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.