Jump to content

"Your Browser Has Been Blocked" Ransomware Round 3


Jhay
 Share

Recommended Posts

On the night of September 2-3, 2014, I visited a website and was redirected to a ransomware popup window called "Your Browser Has Been Blocked." More information about this ransomware attack can be found here: http://www.bleepingcomputer.com/virus-removal/remove-your-browser-has-been-locked-ransomware. I have since removed the pop-up window by pressing CTRL + ALT + DEL and using the Task Manager to close all browser (Chrome) windows. According to the aforementioned article, having this pop-up window appear does not necessarily mean I am infected. However, I have had this occur many times when visiting sketchy websites and I get different results. For example, I had run a full scan on Malwarebytes Anti-Malware after receiving this pop-up the first time, which detected no malicious objects. The second time I received this pop-up window, Kaspersky Internet Security 2014 (my antivirus) detected a Trojan and immediately flagged me with a page saying "Access Denied", thereby successfully detecting and perceivable removing the threat. However, I had run another full scan on MBAM some time later (I want to say months, but I am not exactly sure) an the Trjoan was detected. I had since removed the threat and reinstalled Windows several times on my machine over the last year when I have experienced these three incidents. Therefore, I am pretty sure all of the formatting I have done has wiped out any previous infections that might have occurred. This time, I have run full scans on both MBAM and Kaspersky, which have come up empty. However, I want to know for sure whether or not my computer has been infected this time around.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply....

 

Kevin...

Link to post
Share on other sites

Thanks for getting back to me. Here are the logs:

 

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Jordan (administrator) on JORDAN-PC on 06-09-2014 21:34:06
Running from C:\Users\Jordan\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Freedom Scientific LLC.) C:\Program Files\Freedom Scientific\JAWS\15.0\fsATProxy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [GoogleChromeAutoLaunch_D35563CBE1D1A1436A67A5E5C259B9F5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-08-29] (Google Inc.)
HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-133846643-764669373-134344299-1000\...\Run: [spotify Web Helper] => C:\Users\Jordan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-01] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jordan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD422443424A2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-07-17]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-17]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-07-17]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-07-17]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-07-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-07-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://ischool.syr.edu/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-17]
CHR Extension: (Google Drive) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-17]
CHR Extension: (Google Cast) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-17]
CHR Extension: (Google Search) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-07-17]
CHR Extension: (PocketSmith - Cashflow Forecasting) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpacaoamfanlmkfcalnbbcdbmfcmclf [2014-07-17]
CHR Extension: (Google Calendar) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-17]
CHR Extension: (Zotero Connector) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2014-07-17]
CHR Extension: (Readium) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-07-17]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2014-07-17]
CHR Extension: (Page Ruler) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2014-07-17]
CHR Extension: (Google Maps) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-07-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-07-17]
CHR Extension: (Gmail) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-17]
CHR Extension: (Checker Plus for Google Drive™) - C:\Users\Jordan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppfmbnpgflleackdcojndfgpiboghga [2014-07-17]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 JTVNCProxy_15.0; C:\Program Files\Freedom Scientific\JAWS\15.0\JTVNCProxy.exe [20808 2014-08-19] (Freedom Scientific BLV Group LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [29712 2014-08-18] (Freedom Scientific, Inc.)
R3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15856 2014-08-18] (Freedom Scientific, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-07-17] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-07-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [18720 2014-08-19] (Freedom Scientific BLV Group, LLC.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R3 xcbdaNtscV; C:\Windows\System32\DRIVERS\xcbdaVx64.sys [214784 2009-06-10] (ViXS Systems Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 21:34 - 2014-09-06 21:34 - 00020950 _____ () C:\Users\Jordan\Downloads\FRST.txt
2014-09-06 21:33 - 2014-09-06 21:34 - 00000000 ____D () C:\FRST
2014-09-06 21:33 - 2014-09-06 21:33 - 02104832 _____ (Farbar) C:\Users\Jordan\Downloads\FRST64.exe
2014-09-05 14:23 - 2014-09-05 14:23 - 00023445 _____ () C:\Users\Jordan\Desktop\dds.txt
2014-09-05 14:23 - 2014-09-05 14:23 - 00010188 _____ () C:\Users\Jordan\Desktop\attach.txt
2014-09-05 14:22 - 2014-09-05 14:22 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-09-03 00:13 - 2014-09-06 21:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 00:13 - 2014-09-03 00:13 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 00:12 - 2014-09-03 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 00:12 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-03 00:12 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 00:12 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 00:11 - 2014-09-03 00:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-02 01:20 - 2014-09-02 01:20 - 00000000 ____D () C:\Windows\SysWOW64\%Data%
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\ginfollow.mid
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\followyoudown.mid
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\Follow You Down.mid
2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down.mid
2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down (1).mid
2014-08-31 02:22 - 2014-08-31 02:22 - 00000014 _____ () C:\Users\Jordan\Downloads\HWF.cfg
2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\Downloads\midijam
2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\NVIDIA
2014-08-31 02:21 - 2014-08-31 02:21 - 04502653 _____ () C:\Users\Jordan\Downloads\midijam.zip
2014-08-31 00:28 - 2014-08-31 00:28 - 00298232 _____ () C:\Windows\Minidump\083114-31044-01.dmp
2014-08-31 00:23 - 2014-08-31 00:24 - 00303336 _____ () C:\Windows\Minidump\083114-30763-01.dmp
2014-08-30 14:42 - 2014-08-30 14:42 - 00001053 _____ () C:\Users\Public\Desktop\JAWS 15.0.lnk
2014-08-30 14:42 - 2014-08-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 15.0
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ___HD () C:\Program Files\Freedom Scientific Installation Information
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\ProgramData\Freedom Scientific
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\ssce
2014-08-30 14:34 - 2014-08-30 14:34 - 00001101 _____ () C:\Users\Public\Desktop\FSReader 3.0.lnk
2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSReader 3.0
2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Freedom Scientific
2014-08-29 21:21 - 2014-09-01 23:01 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Video Recordings
2014-08-29 21:09 - 2014-08-29 21:09 - 00302616 _____ () C:\Windows\Minidump\082914-29530-01.dmp
2014-08-29 21:05 - 2014-08-29 21:05 - 00301368 _____ () C:\Windows\Minidump\082914-27518-01.dmp
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Nuance
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Freedom Scientific
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\ProgramData\Nuance
2014-08-29 20:50 - 2014-08-29 20:50 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Freedom Scientific
2014-08-29 20:39 - 2014-08-29 20:39 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-29 20:39 - 2008-07-11 07:05 - 00145448 _____ (SafeNet, Inc.) C:\Windows\system32\Drivers\sentinel64.sys
2014-08-29 20:38 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\Freedom Scientific
2014-08-29 20:38 - 2014-08-29 20:50 - 00000000 ____D () C:\Windows\system32\HJSMEM
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_fsvidmir_01011.Wdf
2014-08-29 20:32 - 2014-08-29 20:35 - 123473224 _____ (Freedom Scientific) C:\Users\Jordan\Downloads\J15.0.11024ENU-64bit.exe
2014-08-29 20:25 - 2014-08-29 20:25 - 00002365 _____ () C:\Users\Guest\Desktop\Safe Money.lnk
2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-29 20:24 - 2014-08-29 20:24 - 00109680 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 20:24 - 2014-08-29 20:24 - 00001422 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-29 20:24 - 2014-08-29 20:24 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest
2014-08-29 20:24 - 2014-07-18 22:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help
2014-08-29 20:24 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-29 20:24 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieUserList
2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieSiteList
2014-08-27 19:38 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:38 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 19:38 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:03 - 2014-08-29 20:24 - 00000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND
2014-08-20 19:01 - 2014-08-20 19:01 - 00495616 _____ (Simon Tatham) C:\Users\Jordan\Downloads\putty.exe
2014-08-20 17:21 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-20 17:21 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-20 17:21 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-20 17:21 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-20 17:21 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-20 17:21 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-20 17:21 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-20 17:21 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-20 17:21 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-20 17:21 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-20 17:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-20 17:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-20 17:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 17:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 11:16 - 2014-08-19 11:16 - 00018720 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\powerbrl.sys
2014-08-19 11:15 - 2014-08-19 11:15 - 00212992 _____ (Wintertree Software Inc.) C:\Windows\SSCE5432.DLL
2014-08-19 11:15 - 2014-08-19 11:15 - 00139744 _____ (Freedom Scientific BLV Group, LLC) C:\Windows\system32\fsbrldspapi.dll
2014-08-19 11:15 - 2014-08-19 11:15 - 00094208 _____ (Rainbow Technologies) C:\Windows\system32\USafe32.DLL
2014-08-19 11:15 - 2014-08-19 11:15 - 00046880 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\fsbrldsp.sys
2014-08-19 11:15 - 2014-08-19 11:15 - 00033584 _____ () C:\Windows\system32\FieldExUtil.chm
2014-08-19 11:15 - 2014-08-19 11:15 - 00032768 _____ (Rainbow Technologies) C:\Windows\system32\FieldExUtil.exe
2014-08-19 11:15 - 2014-08-19 11:15 - 00008028 _____ () C:\Windows\system32\Drivers\fsBrlDsp.cat
2014-08-18 15:04 - 2014-08-18 15:04 - 00372136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsvidmir.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00112136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsVidMag.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00029712 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsKMgr.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00026664 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fskutil.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00015856 _____ (Freedom Scientific, Inc.) C:\Windows\system32\Drivers\fsvidmir.sys
2014-08-16 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 22:50 - 2014-08-15 22:50 - 06052529 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 04:49 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 04:49 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 04:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 04:49 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 04:49 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 04:49 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 04:49 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 04:48 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 04:48 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 04:47 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 04:47 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 04:47 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 04:47 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 04:47 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 04:47 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 04:47 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 04:47 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 04:44 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 04:44 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 04:44 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 04:44 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 04:44 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 04:44 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 04:44 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 04:44 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 04:44 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 04:44 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 04:44 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 04:44 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 04:44 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 04:44 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 04:44 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 04:44 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 04:44 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 04:44 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 04:44 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 04:44 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 04:44 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 04:44 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 04:44 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 04:44 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 04:44 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 04:44 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 04:44 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 04:44 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 04:44 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 04:44 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 04:44 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 04:44 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 04:44 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 04:44 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 04:44 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 04:44 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 04:44 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 04:44 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 04:44 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 04:44 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 04:44 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 04:44 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 04:44 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 04:44 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 04:44 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 04:44 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 04:44 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 04:44 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 04:44 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 04:44 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 04:44 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 04:44 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 04:44 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 04:44 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 04:44 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 04:44 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 04:44 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 04:44 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 04:43 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 04:43 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 04:42 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 04:42 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-08-07 23:29 - 2014-09-01 00:37 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify
2014-08-07 23:29 - 2014-08-07 23:29 - 00001773 _____ () C:\Users\Jordan\Desktop\Spotify.lnk
2014-08-07 23:29 - 2014-08-07 23:29 - 00001759 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-08-07 23:25 - 2014-09-01 01:17 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify
2014-08-07 23:25 - 2014-08-07 23:25 - 00127136 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe
2014-08-07 23:25 - 2014-08-07 23:25 - 00001435 _____ () C:\Users\Jordan\Downloads\Zedd-Stay-The-Night-Huntroxic-20131218105645-nonstop2k.com.mid
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 21:34 - 2014-09-06 21:34 - 00020950 _____ () C:\Users\Jordan\Downloads\FRST.txt
2014-09-06 21:34 - 2014-09-06 21:33 - 00000000 ____D () C:\FRST
2014-09-06 21:34 - 2014-07-13 18:57 - 02095084 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 21:33 - 2014-09-06 21:33 - 02104832 _____ (Farbar) C:\Users\Jordan\Downloads\FRST64.exe
2014-09-06 21:31 - 2014-09-03 00:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-06 21:31 - 2014-07-18 11:40 - 00000000 ___RD () C:\Users\Jordan\Google Drive
2014-09-06 21:30 - 2014-07-18 11:52 - 00000000 ___RD () C:\Users\Jordan\Dropbox
2014-09-06 21:30 - 2014-07-18 11:46 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Dropbox
2014-09-06 21:30 - 2014-07-17 21:29 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-06 21:30 - 2014-07-17 21:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 21:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 21:30 - 2009-07-14 00:51 - 00047907 _____ () C:\Windows\setupact.log
2014-09-06 21:29 - 2014-07-17 21:50 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-06 21:29 - 2010-11-20 23:47 - 00043942 _____ () C:\Windows\PFRO.log
2014-09-05 15:14 - 2014-07-17 21:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 15:10 - 2014-07-17 21:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 14:23 - 2014-09-05 14:23 - 00023445 _____ () C:\Users\Jordan\Desktop\dds.txt
2014-09-05 14:23 - 2014-09-05 14:23 - 00010188 _____ () C:\Users\Jordan\Desktop\attach.txt
2014-09-05 14:22 - 2014-09-05 14:22 - 00688992 ____R (Swearware) C:\Users\Jordan\Downloads\dds.com
2014-09-05 14:14 - 2014-07-17 21:05 - 00002196 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-05 13:50 - 2009-07-14 00:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 13:50 - 2009-07-14 00:45 - 00032208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 02:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-03 00:13 - 2014-09-03 00:13 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-03 00:13 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 00:12 - 2014-09-03 00:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 00:12 - 2014-09-03 00:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Jordan\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-09-02 01:20 - 2014-09-02 01:20 - 00000000 ____D () C:\Windows\SysWOW64\%Data%
2014-09-02 01:18 - 2014-07-29 10:28 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\FileZilla
2014-09-01 23:01 - 2014-08-29 21:21 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Video Recordings
2014-09-01 01:17 - 2014-08-07 23:25 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Spotify
2014-09-01 00:37 - 2014-08-07 23:29 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Spotify
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\ginfollow.mid
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\followyoudown.mid
2014-08-31 23:49 - 2014-08-31 23:49 - 00018947 _____ () C:\Users\Jordan\Downloads\Follow You Down.mid
2014-08-31 23:48 - 2014-07-13 16:16 - 00000000 ____D () C:\Users\Jordan\AppData\Local\VirtualStore
2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down.mid
2014-08-31 23:47 - 2014-08-31 23:47 - 00018947 _____ () C:\Users\Jordan\Downloads\follow_you_down (1).mid
2014-08-31 02:22 - 2014-08-31 02:22 - 00000014 _____ () C:\Users\Jordan\Downloads\HWF.cfg
2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\Downloads\midijam
2014-08-31 02:22 - 2014-08-31 02:22 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\NVIDIA
2014-08-31 02:21 - 2014-08-31 02:21 - 04502653 _____ () C:\Users\Jordan\Downloads\midijam.zip
2014-08-31 00:28 - 2014-08-31 00:28 - 00298232 _____ () C:\Windows\Minidump\083114-31044-01.dmp
2014-08-31 00:28 - 2014-07-19 18:55 - 498856805 _____ () C:\Windows\MEMORY.DMP
2014-08-31 00:28 - 2014-07-19 18:55 - 00000000 ____D () C:\Windows\Minidump
2014-08-31 00:24 - 2014-08-31 00:23 - 00303336 _____ () C:\Windows\Minidump\083114-30763-01.dmp
2014-08-30 14:42 - 2014-08-30 14:42 - 00001053 _____ () C:\Users\Public\Desktop\JAWS 15.0.lnk
2014-08-30 14:42 - 2014-08-30 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JAWS 15.0
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ___HD () C:\Program Files\Freedom Scientific Installation Information
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\ProgramData\Freedom Scientific
2014-08-30 14:41 - 2014-08-30 14:41 - 00000000 ____D () C:\Program Files\ssce
2014-08-30 14:41 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\Freedom Scientific
2014-08-30 14:34 - 2014-08-30 14:34 - 00001101 _____ () C:\Users\Public\Desktop\FSReader 3.0.lnk
2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSReader 3.0
2014-08-30 14:34 - 2014-08-30 14:34 - 00000000 ____D () C:\Program Files (x86)\Freedom Scientific
2014-08-29 21:24 - 2014-07-29 10:36 - 00000000 ____D () C:\Users\Public\Documents\SU NIDRR User Test Audio Recordings
2014-08-29 21:09 - 2014-08-29 21:09 - 00302616 _____ () C:\Windows\Minidump\082914-29530-01.dmp
2014-08-29 21:05 - 2014-08-29 21:05 - 00301368 _____ () C:\Windows\Minidump\082914-27518-01.dmp
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Nuance
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Freedom Scientific
2014-08-29 20:52 - 2014-08-29 20:52 - 00000000 ____D () C:\ProgramData\Nuance
2014-08-29 20:50 - 2014-08-29 20:50 - 00000000 ____D () C:\Users\Jordan\AppData\Local\Freedom Scientific
2014-08-29 20:50 - 2014-08-29 20:38 - 00000000 ____D () C:\Windows\system32\HJSMEM
2014-08-29 20:39 - 2014-08-29 20:39 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_fsvidmir_01011.Wdf
2014-08-29 20:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-29 20:35 - 2014-08-29 20:32 - 123473224 _____ (Freedom Scientific) C:\Users\Jordan\Downloads\J15.0.11024ENU-64bit.exe
2014-08-29 20:25 - 2014-08-29 20:25 - 00002365 _____ () C:\Users\Guest\Desktop\Safe Money.lnk
2014-08-29 20:25 - 2014-08-29 20:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-29 20:24 - 2014-08-29 20:24 - 00109680 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 20:24 - 2014-08-29 20:24 - 00001422 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-29 20:24 - 2014-08-29 20:24 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-29 20:24 - 2014-08-29 20:24 - 00000000 ____D () C:\Users\Guest
2014-08-29 20:24 - 2014-08-20 19:03 - 00000600 _____ () C:\Users\Jordan\AppData\Local\PUTTY.RND
2014-08-28 23:06 - 2014-08-06 23:25 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Synthesia
2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieUserList
2014-08-28 22:16 - 2014-08-28 22:16 - 00000000 __SHD () C:\Users\Jordan\AppData\Local\EmieSiteList
2014-08-28 13:43 - 2009-07-14 00:45 - 00409576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:36 - 2014-07-19 12:58 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Audacity
2014-08-27 15:14 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 22:07 - 2014-08-27 19:38 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 19:38 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 19:38 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 19:01 - 2014-08-20 19:01 - 00495616 _____ (Simon Tatham) C:\Users\Jordan\Downloads\putty.exe
2014-08-19 11:16 - 2014-08-19 11:16 - 00018720 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\powerbrl.sys
2014-08-19 11:15 - 2014-08-19 11:15 - 00212992 _____ (Wintertree Software Inc.) C:\Windows\SSCE5432.DLL
2014-08-19 11:15 - 2014-08-19 11:15 - 00139744 _____ (Freedom Scientific BLV Group, LLC) C:\Windows\system32\fsbrldspapi.dll
2014-08-19 11:15 - 2014-08-19 11:15 - 00094208 _____ (Rainbow Technologies) C:\Windows\system32\USafe32.DLL
2014-08-19 11:15 - 2014-08-19 11:15 - 00046880 _____ (Freedom Scientific BLV Group, LLC.) C:\Windows\system32\Drivers\fsbrldsp.sys
2014-08-19 11:15 - 2014-08-19 11:15 - 00033584 _____ () C:\Windows\system32\FieldExUtil.chm
2014-08-19 11:15 - 2014-08-19 11:15 - 00032768 _____ (Rainbow Technologies) C:\Windows\system32\FieldExUtil.exe
2014-08-19 11:15 - 2014-08-19 11:15 - 00008028 _____ () C:\Windows\system32\Drivers\fsBrlDsp.cat
2014-08-18 15:04 - 2014-08-18 15:04 - 00372136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsvidmir.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00112136 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsVidMag.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00029712 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fsKMgr.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00026664 _____ (Freedom Scientific, Inc.) C:\Windows\system32\fskutil.dll
2014-08-18 15:04 - 2014-08-18 15:04 - 00015856 _____ (Freedom Scientific, Inc.) C:\Windows\system32\Drivers\fsvidmir.sys
2014-08-16 03:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:11 - 2014-07-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:06 - 2014-07-19 12:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:05 - 2014-07-19 12:09 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-07-19 17:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 22:51 - 2014-07-29 10:28 - 00002019 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-15 22:51 - 2014-07-29 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-15 22:51 - 2014-07-29 10:28 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-15 22:50 - 2014-08-15 22:50 - 06052529 _____ (Tim Kosse) C:\Users\Jordan\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-14 18:15 - 2014-07-18 10:34 - 00002059 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-14 18:15 - 2014-07-18 10:34 - 00002057 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-14 18:15 - 2014-07-18 10:34 - 00002047 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-14 18:15 - 2014-07-18 10:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-08-14 18:14 - 2014-08-14 18:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-08-14 10:35 - 2014-07-18 11:52 - 00000983 _____ () C:\Users\Jordan\Desktop\Dropbox.lnk
2014-08-14 10:35 - 2014-07-18 11:51 - 00000000 ____D () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-07 23:29 - 2014-08-07 23:29 - 00001773 _____ () C:\Users\Jordan\Desktop\Spotify.lnk
2014-08-07 23:29 - 2014-08-07 23:29 - 00001759 _____ () C:\Users\Jordan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-08-07 23:25 - 2014-08-07 23:25 - 00127136 _____ (Spotify Ltd) C:\Users\Jordan\Downloads\SpotifySetup.exe
2014-08-07 23:25 - 2014-08-07 23:25 - 00001435 _____ () C:\Users\Jordan\Downloads\Zedd-Stay-The-Night-Huntroxic-20131218105645-nonstop2k.com.mid
2014-08-07 23:22 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
Some content of TEMP:
====================
C:\Users\Jordan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjvcvch.dll
C:\Users\Jordan\AppData\Local\Temp\vcredist2005_x64.exe
C:\Users\Jordan\AppData\Local\Temp\vcredist2005_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-03 02:34
 
==================== End Of Log ============================
 
Addition log (attached)
 
RogueKiller Log:
RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jordan [Admin rights]
Mode : Scan -- Date : 09/06/2014  21:45:37
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EBF8CC5B-BA48-40CD-ACE5-B0F0E2464798} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-133846643-764669373-134344299-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-133846643-764669373-134344299-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31500341AS ATA Device +++++
--- User ---
[MBR] eb8d5e729c3a87c5b10afe543d56ed25
[bSP] 14da0a21f12f373323b8755b4c01cdec : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Maxtor 3200 USB Device +++++
--- User ---
[MBR] 5aa78cf19e8ab2ae0bab6e8b8c52e596
[bSP] a1a71bc3aee9ff3c99fea0e817092648 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_09062014_214108.log

 

Addition.txt

Link to post
Share on other sites

Do not see any obvious malware/infection in those logs, I would however like to see the contents of one folder. Continue please:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Thanks,

 

Kevin

fixlist.txt

Link to post
Share on other sites

Thanks again. Here is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2014 01
Ran by Jordan at 2014-09-08 21:47:16 Run:1
Running from C:\Users\Jordan\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Folder: C:\Windows\SysWOW64\%Data%
End
*****************
 
 
========================= Folder: C:\Windows\SysWOW64\%Data% ========================
 
2014-09-02 01:20 - 2014-09-02 01:20 - 0262144 _____ () C:\Windows\SysWOW64\%Data%\iswift.dat
 
====== End of Folder: ======
 
 
==== End of Fixlog ====
Link to post
Share on other sites

Thanks for the log, apparently the folder contents in question are related to Kaspersky, i`d say your system is clean....

 

Run the following to remove FRST and its folder...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following item only is checked:

 


      Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

If no remaining issues or concerns are we ok to close out...

 

Thank you,

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.