"Your Browser Has Been Blocked" Ransomware Round 3

[Jhay]

On the night of September 2-3, 2014, I visited a website and was redirected to a ransomware popup window called "Your Browser Has Been Blocked." More information about this ransomware attack can be found here: http://www.bleepingcomputer.com/virus-removal/remove-your-browser-has-been-locked-ransomware. I have since removed the pop-up window by pressing CTRL + ALT + DEL and using the Task Manager to close all browser (Chrome) windows. According to the aforementioned article, having this pop-up window appear does not necessarily mean I am infected. However, I have had this occur many times when visiting sketchy websites and I get different results. For example, I had run a full scan on Malwarebytes Anti-Malware after receiving this pop-up the first time, which detected no malicious objects. The second time I received this pop-up window, Kaspersky Internet Security 2014 (my antivirus) detected a Trojan and immediately flagged me with a page saying "Access Denied", thereby successfully detecting and perceivable removing the threat. However, I had run another full scan on MBAM some time later (I want to say months, but I am not exactly sure) an the Trjoan was detected. I had since removed the threat and reinstalled Windows several times on my machine over the last year when I have experienced these three incidents. Therefore, I am pretty sure all of the formatting I have done has wiped out any previous infections that might have occurred. This time, I have run full scans on both MBAM and Kaspersky, which have come up empty. However, I want to know for sure whether or not my computer has been infected this time around.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 

• 
  

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply....

 

Kevin...

[Jhay]

Thanks for getting back to me. Here are the logs:

 

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014

Ran by Jordan (administrator) on JORDAN-PC on 06-09-2014 21:34:06

Running from C:\Users\Jordan\Downloads

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Dropbox, Inc.) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Freedom Scientific LLC.) C:\Program Files\Freedom Scientific\JAWS\15.0\fsATProxy.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)

HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-29] (Google Inc.)

HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)

HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-01] (Spotify Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD422443424A2CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()

FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()

FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-07-17]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-17]

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-07-17]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-07-17]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-07-17]

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-18]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://ischool.syr.edu/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]

CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]

CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]

CHR Extension: (Google Cast) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-17]

CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]

CHR Extension: (Kaspersky Protection) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-07-17]

CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2014-07-17]

CHR Extension: (Google Calendar) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-17]

CHR Extension: (Zotero Connector) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-07-17]

CHR Extension: (Readium) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-07-17]

CHR Extension: (Google Calendar (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-07-17]

CHR Extension: (Page Ruler) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2014-07-17]

CHR Extension: (Google Maps) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-17]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-17]

CHR Extension: (Google Wallet) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]

CHR Extension: (ColorPick Eyedropper) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-07-17]

CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]

CHR Extension: (Checker Plus for Google Drive™) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppfmbnpgflleackdcojndfgpiboghga [2014-07-17]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)

S3 JTVNCProxy_15.0; C:\Program Files\Freedom Scientific\JAWS\15.0\JTVNCProxy.exe [20808 2014-08-19] (Freedom Scientific BLV Group LLC)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [29712 2014-08-18] (Freedom Scientific, Inc.)

R3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15856 2014-08-18] (Freedom Scientific, Inc.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)

R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-07-17] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-07-17] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [18720 2014-08-19] (Freedom Scientific BLV Group, LLC.)

R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)

R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-06 21:34 - 2014-09-06 21:34 - 00020950 _____ () C:\Users\Jordan\Downloads\FRST.txt

2014-09-06 21:33 - 2014-09-06 21:34 - 00000000 ____D () C:\FRST

2014-09-06 21:33 - 2014-09-06 21:33 - 02104832 _____ (Farbar) C:\Users\Jordan\Downloads\FRST64.exe

2014-09-05 14:23 - 2014-09-05 14:23 - 00023445 _____ () C:\Users\Jordan\Desktop\dds.txt

2014-09-05 14:23 - 2014-09-05 14:23 - 00010188 _____ () C:\Users\Jordan\Desktop\attach.txt

2014-09-05 14:22 - 2014-09-05 14:22 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com

2014-09-03 00:13 - 2014-09-06 21:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-03 00:13 - 2014-09-03 00:13 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-03 00:12 - 2014-09-03 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-03 00:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-03 00:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-03 00:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-03 00:11 - 2014-09-03 00:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-09-02 01:20 - 2014-09-02 01:20 - 00000000 ____D () C:\Windows\SysWOW64\%Data%

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\ginfollow.mid

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\followyoudown.mid

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\Follow You Down.mid

2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down.mid

2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down (1).mid

2014-08-31 02:22 - 2014-08-31 02:22 - 00000014 _____ () C:\Users\Jordan\Downloads\HWF.cfg

2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\Downloads\midijam

2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\NVIDIA

2014-08-31 02:21 - 2014-08-31 02:21 - 04502653 _____ () C:\Users\Jordan\Downloads\midijam.zip

2014-08-31 00:28 - 2014-08-31 00:28 - 00298232 _____ () C:\Windows\Minidump\083114-31044-01.dmp

2014-08-31 00:23 - 2014-08-31 00:24 - 00303336 _____ () C:\Windows\Minidump\083114-30763-01.dmp

2014-08-30 14:42 - 2014-08-30 14:42 - 00001053 _____ () C:\Users\Public\Desktop\JAWS 15.0.lnk

2014-08-30 14:42 - 2014-08-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 15.0

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ___HD () C:\Program Files\Freedom Scientific Installation Information

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\ProgramData\Freedom Scientific

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\ssce

2014-08-30 14:34 - 2014-08-30 14:34 - 00001101 _____ () C:\Users\Public\Desktop\FSReader 3.0.lnk

2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSReader 3.0

2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Freedom Scientific

2014-08-29 21:21 - 2014-09-01 23:01 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Video Recordings

2014-08-29 21:09 - 2014-08-29 21:09 - 00302616 _____ () C:\Windows\Minidump\082914-29530-01.dmp

2014-08-29 21:05 - 2014-08-29 21:05 - 00301368 _____ () C:\Windows\Minidump\082914-27518-01.dmp

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Nuance

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Freedom Scientific

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\ProgramData\Nuance

2014-08-29 20:50 - 2014-08-29 20:50 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Freedom Scientific

2014-08-29 20:39 - 2014-08-29 20:39 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-08-29 20:39 - 2008-07-11 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys

2014-08-29 20:38 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\Freedom Scientific

2014-08-29 20:38 - 2014-08-29 20:50 - 00000000 ____D () C:\Windows\system32\HJSMEM

2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_fsvidmir_01011.Wdf

2014-08-29 20:32 - 2014-08-29 20:35 - 123473224 _____ (Freedom Scientific) C:\Users\Jordan\Downloads\J15.0.11024ENU-64bit.exe

2014-08-29 20:25 - 2014-08-29 20:25 - 00002365 _____ () C:\Users\Guest\Desktop\Safe Money.lnk

2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer

2014-08-29 20:24 - 2014-08-29 20:24 - 00109680 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-29 20:24 - 2014-08-29 20:24 - 00001422 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-29 20:24 - 2014-08-29 20:24 - 00000020 ___SH () C:\Users\Guest\ntuser.ini

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest

2014-08-29 20:24 - 2014-07-18 22:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help

2014-08-29 20:24 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-08-29 20:24 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieUserList

2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieSiteList

2014-08-27 19:38 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 19:38 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 19:38 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-20 19:03 - 2014-08-29 20:24 - 00000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND

2014-08-20 19:01 - 2014-08-20 19:01 - 00495616 _____ (Simon Tatham) C:\Users\Jordan\Downloads\putty.exe

2014-08-20 17:21 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-20 17:21 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-20 17:21 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-20 17:21 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-20 17:21 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-20 17:21 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-20 17:21 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-20 17:21 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-20 17:21 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-20 17:21 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-20 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-20 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-20 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-20 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-19 11:16 - 2014-08-19 11:16 - 00018720 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\powerbrl.sys

2014-08-19 11:15 - 2014-08-19 11:15 - 00212992 _____ (Wintertree Software Inc.) C:\Windows\SSCE5432.DLL

2014-08-19 11:15 - 2014-08-19 11:15 - 00139744 _____ (Freedom Scientific BLV Group, LLC) C:\Windows\system32\fsbrldspapi.dll

2014-08-19 11:15 - 2014-08-19 11:15 - 00094208 _____ (Rainbow Technologies) C:\Windows\system32\USafe32.DLL

2014-08-19 11:15 - 2014-08-19 11:15 - 00046880 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\fsbrldsp.sys

2014-08-19 11:15 - 2014-08-19 11:15 - 00033584 _____ () C:\Windows\system32\FieldExUtil.chm

2014-08-19 11:15 - 2014-08-19 11:15 - 00032768 _____ (Rainbow Technologies) C:\Windows\system32\FieldExUtil.exe

2014-08-19 11:15 - 2014-08-19 11:15 - 00008028 _____ () C:\Windows\system32\Drivers\fsBrlDsp.cat

2014-08-18 15:04 - 2014-08-18 15:04 - 00372136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsvidmir.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00112136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsVidMag.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00029712 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsKMgr.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00026664 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fskutil.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00015856 _____ (Freedom Scientific, Inc.) C:\Windows\system32\Drivers\fsvidmir.sys

2014-08-16 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-16 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-16 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-16 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-16 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-16 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-16 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-16 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-15 22:50 - 2014-08-15 22:50 - 06052529 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.9.0.3_win32-setup.exe

2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-15 04:49 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-15 04:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-15 04:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-15 04:49 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-15 04:49 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-15 04:48 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-15 04:48 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-15 04:47 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-15 04:47 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-15 04:47 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-15 04:47 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-15 04:47 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-15 04:47 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-15 04:47 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-15 04:47 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-15 04:44 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-15 04:44 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-15 04:44 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-15 04:44 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-15 04:44 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-15 04:44 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-15 04:44 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-15 04:44 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-15 04:44 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-15 04:44 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-15 04:44 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-15 04:44 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-15 04:44 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-15 04:44 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-15 04:44 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-15 04:44 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-15 04:44 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-15 04:44 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-15 04:44 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-15 04:44 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-15 04:44 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-15 04:44 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-15 04:44 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-15 04:44 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-15 04:44 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-15 04:44 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-15 04:44 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-15 04:44 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-15 04:44 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-15 04:44 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-15 04:44 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-15 04:44 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-15 04:44 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-15 04:44 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-15 04:44 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-15 04:44 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-15 04:44 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-15 04:44 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-15 04:44 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-15 04:44 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-15 04:44 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-15 04:44 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-15 04:44 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-15 04:44 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-15 04:44 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-15 04:44 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-15 04:44 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-15 04:44 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-15 04:44 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-15 04:44 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-15 04:44 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-15 04:44 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-15 04:44 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-15 04:44 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-15 04:44 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-15 04:44 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-15 04:44 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-15 04:44 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-15 04:43 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-15 04:43 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-15 04:42 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-08-15 04:42 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2014-08-07 23:29 - 2014-09-01 00:37 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify

2014-08-07 23:29 - 2014-08-07 23:29 - 00001773 _____ () C:\Users\Jordan\Desktop\Spotify.lnk

2014-08-07 23:29 - 2014-08-07 23:29 - 00001759 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2014-08-07 23:25 - 2014-09-01 01:17 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify

2014-08-07 23:25 - 2014-08-07 23:25 - 00127136 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe

2014-08-07 23:25 - 2014-08-07 23:25 - 00001435 _____ () C:\Users\Jordan\Downloads\Zedd-Stay-The-Night-Huntroxic-20131218105645-nonstop2k.com.mid

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-06 21:34 - 2014-09-06 21:34 - 00020950 _____ () C:\Users\Jordan\Downloads\FRST.txt

2014-09-06 21:34 - 2014-09-06 21:33 - 00000000 ____D () C:\FRST

2014-09-06 21:34 - 2014-07-13 18:57 - 02095084 _____ () C:\Windows\WindowsUpdate.log

2014-09-06 21:33 - 2014-09-06 21:33 - 02104832 _____ (Farbar) C:\Users\Jordan\Downloads\FRST64.exe

2014-09-06 21:31 - 2014-09-03 00:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-06 21:31 - 2014-07-18 11:40 - 00000000 ___RD () C:\Users\Jordan\Google Drive

2014-09-06 21:30 - 2014-07-18 11:52 - 00000000 ___RD () C:\Users\Jordan\Dropbox

2014-09-06 21:30 - 2014-07-18 11:46 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Dropbox

2014-09-06 21:30 - 2014-07-17 21:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-09-06 21:30 - 2014-07-17 21:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-06 21:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-06 21:30 - 2009-07-14 00:51 - 00047907 _____ () C:\Windows\setupact.log

2014-09-06 21:29 - 2014-07-17 21:50 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-06 21:29 - 2010-11-20 23:47 - 00043942 _____ () C:\Windows\PFRO.log

2014-09-05 15:14 - 2014-07-17 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-05 15:10 - 2014-07-17 21:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-05 14:23 - 2014-09-05 14:23 - 00023445 _____ () C:\Users\Jordan\Desktop\dds.txt

2014-09-05 14:23 - 2014-09-05 14:23 - 00010188 _____ () C:\Users\Jordan\Desktop\attach.txt

2014-09-05 14:22 - 2014-09-05 14:22 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com

2014-09-05 14:14 - 2014-07-17 21:05 - 00002196 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-05 13:50 - 2009-07-14 00:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-05 13:50 - 2009-07-14 00:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-03 02:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-09-03 00:13 - 2014-09-03 00:13 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-03 00:13 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-03 00:12 - 2014-09-03 00:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012 (2).exe

2014-09-02 01:20 - 2014-09-02 01:20 - 00000000 ____D () C:\Windows\SysWOW64\%Data%

2014-09-02 01:18 - 2014-07-29 10:28 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\FileZilla

2014-09-01 23:01 - 2014-08-29 21:21 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Video Recordings

2014-09-01 01:17 - 2014-08-07 23:25 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify

2014-09-01 00:37 - 2014-08-07 23:29 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\ginfollow.mid

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\followyoudown.mid

2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\Follow You Down.mid

2014-08-31 23:48 - 2014-07-13 16:16 - 00000000 ____D () C:\Users\Jordan\AppData\Local\VirtualStore

2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down.mid

2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down (1).mid

2014-08-31 02:22 - 2014-08-31 02:22 - 00000014 _____ () C:\Users\Jordan\Downloads\HWF.cfg

2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\Downloads\midijam

2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\NVIDIA

2014-08-31 02:21 - 2014-08-31 02:21 - 04502653 _____ () C:\Users\Jordan\Downloads\midijam.zip

2014-08-31 00:28 - 2014-08-31 00:28 - 00298232 _____ () C:\Windows\Minidump\083114-31044-01.dmp

2014-08-31 00:28 - 2014-07-19 18:55 - 498856805 _____ () C:\Windows\MEMORY.DMP

2014-08-31 00:28 - 2014-07-19 18:55 - 00000000 ____D () C:\Windows\Minidump

2014-08-31 00:24 - 2014-08-31 00:23 - 00303336 _____ () C:\Windows\Minidump\083114-30763-01.dmp

2014-08-30 14:42 - 2014-08-30 14:42 - 00001053 _____ () C:\Users\Public\Desktop\JAWS 15.0.lnk

2014-08-30 14:42 - 2014-08-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 15.0

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ___HD () C:\Program Files\Freedom Scientific Installation Information

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\ProgramData\Freedom Scientific

2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\ssce

2014-08-30 14:41 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\Freedom Scientific

2014-08-30 14:34 - 2014-08-30 14:34 - 00001101 _____ () C:\Users\Public\Desktop\FSReader 3.0.lnk

2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSReader 3.0

2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Freedom Scientific

2014-08-29 21:24 - 2014-07-29 10:36 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Audio Recordings

2014-08-29 21:09 - 2014-08-29 21:09 - 00302616 _____ () C:\Windows\Minidump\082914-29530-01.dmp

2014-08-29 21:05 - 2014-08-29 21:05 - 00301368 _____ () C:\Windows\Minidump\082914-27518-01.dmp

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Nuance

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Freedom Scientific

2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\ProgramData\Nuance

2014-08-29 20:50 - 2014-08-29 20:50 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Freedom Scientific

2014-08-29 20:50 - 2014-08-29 20:38 - 00000000 ____D () C:\Windows\system32\HJSMEM

2014-08-29 20:39 - 2014-08-29 20:39 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_fsvidmir_01011.Wdf

2014-08-29 20:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-08-29 20:35 - 2014-08-29 20:32 - 123473224 _____ (Freedom Scientific) C:\Users\Jordan\Downloads\J15.0.11024ENU-64bit.exe

2014-08-29 20:25 - 2014-08-29 20:25 - 00002365 _____ () C:\Users\Guest\Desktop\Safe Money.lnk

2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer

2014-08-29 20:24 - 2014-08-29 20:24 - 00109680 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-29 20:24 - 2014-08-29 20:24 - 00001422 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-29 20:24 - 2014-08-29 20:24 - 00000020 ___SH () C:\Users\Guest\ntuser.ini

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest

2014-08-29 20:24 - 2014-08-20 19:03 - 00000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND

2014-08-28 23:06 - 2014-08-06 23:25 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Synthesia

2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieUserList

2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieSiteList

2014-08-28 13:43 - 2009-07-14 00:45 - 00409576 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 20:36 - 2014-07-19 12:58 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Audacity

2014-08-27 15:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-22 22:07 - 2014-08-27 19:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 21:45 - 2014-08-27 19:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 20:59 - 2014-08-27 19:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-20 19:01 - 2014-08-20 19:01 - 00495616 _____ (Simon Tatham) C:\Users\Jordan\Downloads\putty.exe

2014-08-19 11:16 - 2014-08-19 11:16 - 00018720 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\powerbrl.sys

2014-08-19 11:15 - 2014-08-19 11:15 - 00212992 _____ (Wintertree Software Inc.) C:\Windows\SSCE5432.DLL

2014-08-19 11:15 - 2014-08-19 11:15 - 00139744 _____ (Freedom Scientific BLV Group, LLC) C:\Windows\system32\fsbrldspapi.dll

2014-08-19 11:15 - 2014-08-19 11:15 - 00094208 _____ (Rainbow Technologies) C:\Windows\system32\USafe32.DLL

2014-08-19 11:15 - 2014-08-19 11:15 - 00046880 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\fsbrldsp.sys

2014-08-19 11:15 - 2014-08-19 11:15 - 00033584 _____ () C:\Windows\system32\FieldExUtil.chm

2014-08-19 11:15 - 2014-08-19 11:15 - 00032768 _____ (Rainbow Technologies) C:\Windows\system32\FieldExUtil.exe

2014-08-19 11:15 - 2014-08-19 11:15 - 00008028 _____ () C:\Windows\system32\Drivers\fsBrlDsp.cat

2014-08-18 15:04 - 2014-08-18 15:04 - 00372136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsvidmir.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00112136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsVidMag.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00029712 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsKMgr.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00026664 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fskutil.dll

2014-08-18 15:04 - 2014-08-18 15:04 - 00015856 _____ (Freedom Scientific, Inc.) C:\Windows\system32\Drivers\fsvidmir.sys

2014-08-16 03:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-16 03:11 - 2014-07-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-16 03:06 - 2014-07-19 12:09 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-16 03:05 - 2014-07-19 12:09 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-16 03:00 - 2014-07-19 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-08-15 22:51 - 2014-07-29 10:28 - 00002019 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk

2014-08-15 22:51 - 2014-07-29 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

2014-08-15 22:51 - 2014-07-29 10:28 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client

2014-08-15 22:50 - 2014-08-15 22:50 - 06052529 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.9.0.3_win32-setup.exe

2014-08-14 18:15 - 2014-07-18 10:34 - 00002059 _____ () C:\Users\Public\Desktop\Google Slides.lnk

2014-08-14 18:15 - 2014-07-18 10:34 - 00002057 _____ () C:\Users\Public\Desktop\Google Sheets.lnk

2014-08-14 18:15 - 2014-07-18 10:34 - 00002047 _____ () C:\Users\Public\Desktop\Google Docs.lnk

2014-08-14 18:15 - 2014-07-18 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Google

2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

2014-08-14 10:35 - 2014-07-18 11:52 - 00000983 _____ () C:\Users\Jordan\Desktop\Dropbox.lnk

2014-08-14 10:35 - 2014-07-18 11:51 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-08-07 23:29 - 2014-08-07 23:29 - 00001773 _____ () C:\Users\Jordan\Desktop\Spotify.lnk

2014-08-07 23:29 - 2014-08-07 23:29 - 00001759 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2014-08-07 23:25 - 2014-08-07 23:25 - 00127136 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe

2014-08-07 23:25 - 2014-08-07 23:25 - 00001435 _____ () C:\Users\Jordan\Downloads\Zedd-Stay-The-Night-Huntroxic-20131218105645-nonstop2k.com.mid

2014-08-07 23:22 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

 

Some content of TEMP:

====================

C:\Users\Jordan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjvcvch.dll

C:\Users\Jordan\AppData\Local\Temp\vcredist2005_x64.exe

C:\Users\Jordan\AppData\Local\Temp\vcredist2005_x86.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-03 02:34

 

==================== End Of Log ============================

 

Addition log (attached)

 

RogueKiller Log:

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : https://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jordan [Admin rights]

Mode : Scan -- Date : 09/06/2014  21:45:37

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 12 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-133846643-764669373-134344299-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-133846643-764669373-134344299-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST31500341AS ATA Device +++++

--- User ---

[MBR] eb8d5e729c3a87c5b10afe543d56ed25

[bSP] 14da0a21f12f373323b8755b4c01cdec : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Maxtor 3200 USB Device +++++

--- User ---

[MBR] 5aa78cf19e8ab2ae0bab6e8b8c52e596

[bSP] a1a71bc3aee9ff3c99fea0e817092648 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_SCN_09062014_214108.log

 

Addition.txt

[kevinf80]

Do not see any obvious malware/infection in those logs, I would however like to see the contents of one folder. Continue please:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Thanks,

 

Kevin

fixlist.txt

[Jhay]

Thanks again. Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01

Ran by Jordan at 2014-09-08 21:47:16 Run:1

Running from C:\Users\Jordan\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

Folder: C:\Windows\SysWOW64\%Data%

End

*****************

 

 

========================= Folder: C:\Windows\SysWOW64\%Data% ========================

 

2014-09-02 01:20 - 2014-09-02 01:20 - 0262144 _____ () C:\Windows\SysWOW64\%Data%\iswift.dat

 

====== End of Folder: ======

 

 

==== End of Fixlog ====

[kevinf80]

Thanks for the log, apparently the folder contents in question are related to Kaspersky, i`d say your system is clean....

 

Run the following to remove FRST and its folder...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following item only is checked:

 

• 
  

      Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns are we ok to close out...

 

Thank you,

 

Kevin

[Jhay]

Thanks for your help. Ran the Delfix, removed all the disinfection tools. No further assistance is required. You can close the topic.

 

Thanks again,

Jordan

[kevinf80]

Thanks for for the update Jordan, much appreciated. Will close out shortly..

 

Take care and surf safe,

 

Kevin....

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!