Jump to content

C:\end file Quarantined, want to make sure I'm safe


Recommended Posts

I just got a notification from my Malwarebytes program that a file in my C drive "end" has been quarantined.

 

I just want to make sure that my computer is safe and I don't need to do anything further.

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/7/2015
Scan Time: 10:33 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.08.01
Rootkit Database: v2015.11.04.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ashley
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333261
Time Elapsed: 14 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Adware.Trace, C:\end, Quarantined, [731e75067c0f8caa76218b47aa5949b7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please open Malwarebytes Anti-Malware.
 

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Next,

 

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

 

 

Let me see those logs in your reply...

 

Thank you,

 

Kevin...
 

Link to post
Share on other sites

MBAM LOG

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/8/2015
Scan Time: 1:12 AM
Logfile: mbam-11-8-2015.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.08.01
Rootkit Database: v2015.11.04.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ashley
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333098
Time Elapsed: 11 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

 

FRST LOG

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by Ashley (administrator) on ASHLEY-PC (08-11-2015 01:25:36)
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley (Available Profiles: Ashley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCAvSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe
(Spotify Ltd) C:\Users\Ashley\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Hammer & Chisel, Inc.) C:\Users\Ashley\AppData\Local\Discord\app-0.0.280\Discord.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Desmond Brand) C:\Users\Ashley\Documents\Caffeinated.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Spotify Ltd) C:\Users\Ashley\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hammer & Chisel, Inc.) C:\Users\Ashley\AppData\Local\Discord\app-0.0.280\Discord.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\Ashley\AppData\Local\Discord\app-0.0.280\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [spotify Web Helper] => C:\Users\Ashley\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-20] (Spotify Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [iObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-07-28] (IObit)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8538648 2015-09-22] (Binary Fortress Software)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCTray.exe [2596128 2015-03-12] (IObit)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [spotify Web Helper] => C:\Users\Ashley\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030912 2015-10-20] (Spotify Ltd)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\...\Run: [Discord] => C:\Users\Ashley\AppData\Local\Discord\app-0.0.280\Discord.exe [51668656 2015-10-21] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Program Files (x86)\DisplayFusion\DFSSaver.scr [4764672 2015-09-22] (Binary Fortress Software)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{70EB82A4-AEAE-444A-B3AF-B84B76A23018}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{789EE18D-C936-4749-8E03-FC9C141EF961}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-04-23] (IObit)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
 
FireFox:
========
FF ProfilePath: C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-21] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ashley\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1571921899-2121419816-4107528827-1000: @my.com/Games -> C:\Users\Ashley\AppData\Local\MyComGames\NPMyComDetector.dll [2015-07-15] (My.com, Inc)
FF user.js: detected! => C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\user.js [2015-09-16]
FF Extension: Easy Screenshot - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\easyscreenshot@mozillaonline.com [2015-09-05]
FF Extension: FT DeepDark - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-09-01]
FF Extension: Firebug - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\firebug@software.joehewitt.com.xpi [2015-09-01]
FF Extension: BetterTTV - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\firefox@betterttv.net.xpi [2015-10-16]
FF Extension: Ghostery - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\firefox@ghostery.com.xpi [2015-10-16]
FF Extension: YouTube Enhancer Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2015-09-01]
FF Extension: Weather Forecast - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\jid1-aqwHRwQpv3JUMs@jetpack.xpi [2015-09-01]
FF Extension: HTML5 YouTube Everywhere - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\jid1-b2ybw6mPlFZm6Q@jetpack.xpi [2015-09-01]
FF Extension: Pushbullet - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2015-09-01]
FF Extension: Dark YouTube Theme - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2015-10-16]
FF Extension: Reddit Enhancement Suite - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-09-01]
FF Extension: Test Pilot - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\testpilot@labs.mozilla.com.xpi [2015-09-05]
FF Extension: YouTube High Definition - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-10-16]
FF Extension: FXChrome - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2015-09-01]
FF Extension: Adblock Plus - C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://myfav.es/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://isearch.avg.com/?cid={AAFAABA0-BD86-42DB-A8D3-0F3CA24A743F}&mid=50a934c49d284458bc29aae36a58e94b-350008f61377841d110a0e21809282e2fe53022c〈=en&ds=hk014&pr=sa&d=2012-10-02 20:51:35&v=12.2.5.34&sap=hp","hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch","hxxp://search.iminent.com/?appId=E3AF24A0-8722-4C73-954B-3E1E5D14D51E","hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=040313","hxxp://search.yahoo.com?fr=spigot-yhp-gcmac&ilc=12&type=435714"
CHR NewTab: Default -> "chrome-extension://ojhmphdkpgbibohbnpbfiefkgieacjmh/index.html" 
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-12]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-23]
CHR Extension: (Angry Birds) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-01-16]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-09-26]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-26]
CHR Extension: (YouTube) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-05-21]
CHR Extension: (Honey) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-10-28]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-04-06]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-26]
CHR Extension: (Pushbullet) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-11-07]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-11-28]
CHR Extension: (Netflix) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-03-27]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2015-01-29]
CHR Extension: (Twitter Counter (BETA)) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejfkpaajbolhfcjmndjdadmmdoabjoeh [2015-02-16]
CHR Extension: (Google Calendar) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-16]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\emakkfldeggiinnfcdjkakdfcppbfhdg [2015-10-11]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2014-10-10]
CHR Extension: (Google Play Movies) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppdphmgcddhjeddoeghpjefkdlccljb [2014-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-09-26]
CHR Extension: (CloudConvert) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk [2015-02-16]
CHR Extension: (Flixster) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2015-05-21]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal [2014-09-26]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2014-09-26]
CHR Extension: (SoundCloud) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-07-03]
CHR Extension: (ReChat for Twitch™) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-10-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-06]
CHR Extension: (Simplenote) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjoocpipbbafoimjgbkmfnjcjejdbjo [2014-09-26]
CHR Extension: (The Great Suspender) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-05-21]
CHR Extension: (Google Play) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-02-11]
CHR Extension: (Evernote Web) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-05-21]
CHR Extension: (Twitch Chat Username Autocompleter) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfamipnbnoolnpfcofaildiahnkfkcfp [2014-11-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Maps) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-26]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-10-21]
CHR Extension: (Capture Webpage Screenshot Entirely. FireShot) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-09-12]
CHR Extension: (Mint) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2015-05-21]
CHR Extension: (Ghostery) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-09-26]
CHR Extension: (SmoothScroll) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-10-28]
CHR Extension: (Twitch Now) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2015-10-16]
CHR Extension: (Google Wallet) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2015-10-28]
CHR Extension: (Modern Flat) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcjjgefkpoemmlcjfcfkeminneboaob [2015-11-05]
CHR Extension: (Gmail) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Easy Auto Refresh) - C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2015-07-03]
CHR HKU\S-1-5-21-1571921899-2121419816-4107528827-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2015-04-10]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCService.exe [911648 2014-11-22] (IObit)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ascavsvc.exe [659232 2015-03-16] (IOBit)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-15] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-10-07] (BitRaider, LLC)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4608040 2015-09-22] (Binary Fortress Software)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-08-03] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-08-03] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-07-17] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3685968 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-16] (Electronic Arts)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-10] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-12-23] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [18944 2014-03-14] () [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
S3 BRDriver64; no ImagePath
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-10-20] (BitRaider)
S3 EagleX64; no ImagePath
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ESProtectionDriver; no ImagePath
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-13] (REALiX)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2010-08-11] (Creative Technology Ltd.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider) [File not signed]
S3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [34984 2014-05-19] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
S3 WinRing0_1_2_0; no ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
R3 cpuz137; \??\C:\Users\Ashley\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 01:25 - 2015-11-08 01:25 - 02198528 _____ (Farbar) C:\Users\Ashley\Desktop\FRST64.exe
2015-11-08 01:25 - 2015-11-08 01:25 - 00032819 _____ C:\Users\Ashley\Desktop\FRST.txt
2015-11-08 01:25 - 2015-11-08 01:25 - 00000000 ____D C:\FRST
2015-11-08 01:24 - 2015-11-08 01:24 - 00001063 _____ C:\Users\Ashley\Desktop\mbam-11-8-2015.txt
2015-10-28 20:42 - 2015-10-28 20:42 - 00000000 ____D C:\Users\Ashley\AppData\Local\UnrealEngine
2015-10-28 20:42 - 2015-10-28 20:42 - 00000000 ____D C:\Users\Ashley\AppData\Local\AtlanticIslandPark
2015-10-20 17:14 - 2015-10-20 17:14 - 00000533 _____ C:\Users\Ashley\Documents\Uninstall STAR WARS The Old Republic.log
2015-10-20 17:13 - 2015-10-25 13:39 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\discord
2015-10-20 17:13 - 2015-10-21 20:26 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2015-10-20 17:13 - 2015-10-21 20:26 - 00000000 ____D C:\Users\Ashley\AppData\Local\SquirrelTemp
2015-10-20 17:13 - 2015-10-21 20:26 - 00000000 ____D C:\Users\Ashley\AppData\Local\Discord
2015-10-16 18:55 - 2015-10-16 18:55 - 00000000 ____D C:\Users\Ashley\Documents\BnS
2015-10-16 18:55 - 2015-07-22 08:01 - 03685968 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2015-10-16 18:55 - 2005-01-03 01:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-10-16 18:55 - 2003-07-18 16:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-10-16 18:54 - 2015-10-16 18:54 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2015-10-16 18:31 - 2015-11-06 20:15 - 00001176 _____ C:\Windows\setupact.log
2015-10-16 18:31 - 2015-11-05 22:36 - 00001244 _____ C:\Windows\PFRO.log
2015-10-16 18:31 - 2015-10-16 18:31 - 00000000 _____ C:\Windows\setuperr.log
2015-10-16 16:38 - 2015-10-16 16:38 - 00002242 _____ C:\Users\Public\Desktop\Blade & Soul CBT.lnk
2015-10-16 16:36 - 2015-10-16 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-10-16 16:36 - 2015-10-16 16:36 - 00000000 ____D C:\Program Files (x86)\NCWest
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 01:03 - 2015-08-28 18:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e1e9a684fb13.job
2015-11-07 23:33 - 2014-05-11 00:31 - 00000000 ____D C:\Users\Ashley\AppData\Local\Adobe
2015-11-07 23:03 - 2015-09-01 18:39 - 01529365 _____ C:\Windows\WindowsUpdate.log
2015-11-07 22:48 - 2015-08-28 18:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e1e9a5eb02c2.job
2015-11-07 22:39 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 22:39 - 2009-07-13 23:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-06 23:14 - 2014-09-15 23:22 - 00000000 ____D C:\Users\Ashley\AppData\Local\DisplayFusion
2015-11-06 19:50 - 2014-05-10 22:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-05 23:11 - 2009-07-14 00:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-05 23:09 - 2014-05-11 03:03 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\OBS
2015-11-05 22:41 - 2015-06-17 20:22 - 00000000 ___RD C:\Users\Ashley\Creative Cloud Files
2015-11-05 22:41 - 2014-12-12 18:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-05 22:40 - 2014-06-29 12:38 - 00000000 ____D C:\Users\Ashley\AppData\Local\CrashDumps
2015-11-05 22:37 - 2015-04-10 21:59 - 00000000 ____D C:\ProgramData\ProductData
2015-11-05 22:37 - 2014-05-11 00:11 - 00000000 ___RD C:\Users\Ashley\Google Drive
2015-11-05 22:36 - 2009-07-14 00:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-05 22:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-05 20:05 - 2014-06-07 18:38 - 00000000 ____D C:\Users\Ashley\AppData\Local\ftblauncher
2015-11-05 20:05 - 2014-05-11 15:14 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\ftblauncher
2015-11-03 21:25 - 2014-05-10 22:23 - 00000000 ____D C:\Users\Ashley\AppData\Local\Battle.net
2015-11-03 21:03 - 2014-05-11 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-11-03 21:03 - 2014-05-10 21:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-03 21:02 - 2014-05-11 01:44 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2015-11-03 21:01 - 2015-04-13 20:14 - 00002908 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Ashley
2015-10-31 18:11 - 2014-05-11 01:09 - 00000000 ____D C:\Users\Ashley\AppData\Local\Spotify
2015-10-31 18:07 - 2014-05-11 01:09 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Spotify
2015-10-27 17:17 - 2014-07-15 18:27 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-10-27 17:14 - 2015-01-26 22:32 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-10-25 14:28 - 2015-08-27 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-25 14:08 - 2014-06-12 19:54 - 00001456 _____ C:\Users\Ashley\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-21 18:27 - 2014-08-18 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-20 18:36 - 2014-05-11 03:27 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\.minecraft
2015-10-20 17:19 - 2014-10-07 20:47 - 00014037 _____ C:\Users\Ashley\Documents\Install STAR WARS The Old Republic.log
2015-10-20 17:10 - 2015-08-28 18:08 - 00000000 ____D C:\Users\Ashley\.oracle_jre_usage
2015-10-20 17:10 - 2014-05-10 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 17:10 - 2014-05-10 22:16 - 00000000 ____D C:\ProgramData\Oracle
2015-10-20 17:09 - 2015-04-18 13:02 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-20 17:09 - 2015-04-18 13:01 - 00000000 ____D C:\Program Files\Java
2015-10-19 22:05 - 2015-07-11 22:58 - 00003206 _____ C:\Windows\System32\Tasks\ASCU8_PerformanceMonitor
2015-10-15 20:24 - 2014-05-23 23:04 - 00000000 ____D C:\Program Files (x86)\TERA
2015-10-13 20:39 - 2015-07-12 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-13 20:39 - 2015-07-12 13:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-11 21:57 - 2014-05-10 21:35 - 00000000 ____D C:\Users\Ashley\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2015-06-17 21:38 - 2015-08-10 19:13 - 0000033 _____ () C:\Users\Ashley\AppData\Roaming\AdobeWLCMCache.dat
2014-06-12 19:54 - 2015-10-25 14:08 - 0001456 _____ () C:\Users\Ashley\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-03-21 20:06 - 2015-04-13 20:08 - 0007635 _____ () C:\Users\Ashley\AppData\Local\resmon.resmoncfg
2014-05-13 17:06 - 2014-05-13 17:06 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-10 23:22 - 2010-06-23 01:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2014-05-11 02:59 - 2014-05-11 02:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Ashley\AppData\Local\Temp\jre-8u65-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-14 20:33
 
==================== End of FRST.txt ============================

 

 

ROGURKILLER LOG

 

 

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ashley [Administrator]
Started from : C:\Users\Ashley\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/08/2015 01:42:35
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll) -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} -> Found
[PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found
[PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] c458682a1c7473b05ed387092cec6e84
[bSP] 252071051f5fef478e4945fee40ccb9a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 953640 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2:  +++++
--- User ---
[MBR] e80823746b38c657bba921874bcfe192
[bSP] 2222bd78f789b0a6d7c47dc097a4966c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - EFI System Partition | Offset (sectors): 40 | Size: 200 MB
1 - BOOTCAMP | Offset (sectors): 411648 | Size: 953668 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

Let me know if you need anything else. :)

Addition.txt

Link to post
Share on other sites

Thanks for those logs, no obvious malware or infection but some maitenance required. One point I do note is your Security Set up. "Advanced System Care" by IOBit, theat firm do have a checkered history that you should be aware of.....

 

The company behind IOBit products was found to be stealing malwarebytes database, although that was back to 2009. They have also been suspected of repeating that action with other security software.

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

If helping anyone I always recommend all software related to IOBit or Advanced System care is removed.

Please see the following links and make up your own mind if you want to keep this on your system.

 

IOBit Steals Malwarebytes' Intellectual Property

IOBit's Denial of Theft Unconvincing

IOBit Theft Conclusion

IObit: Trusting Your Antivirus Vendor

Malwarebytes: IObit Stole Our Signatures Database

IObit accused of stealing from Malwarebytes

]


Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.
 

Next,

 

Download by Xplode onto your Desktop.


 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin..

Link to post
Share on other sites

FRST Fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by Ashley (2015-11-09 18:48:03) Run:1
Running from C:\Users\Ashley\Desktop
Loaded Profiles: Ashley &  (Available Profiles: Ashley)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
[sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
FF user.js: detected! => C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\user.js [2015-09-16]
S3 BRDriver64; no ImagePath
S3 EagleX64; no ImagePath
S1 ESProtectionDriver; no ImagePath
S3 WinRing0_1_2_0; no ImagePath
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
R3 cpuz137; \??\C:\Users\Ashley\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [X]
C:\Users\Ashley\AppData\Local\Temp\jre-8u65-windows-au.exe
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {61E54925-FC61-4BD3-A836-8F947EC77B02} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {7F4E1FEB-5C24-4FD5-83A3-0E3B3FB98EF9} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
EmptyTemp:
End
*****************
 
[sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\user.js => moved successfully
BRDriver64 => service removed successfully
EagleX64 => service removed successfully
ESProtectionDriver => service removed successfully
WinRing0_1_2_0 => service removed successfully
BCM42RLY => service removed successfully
cpuz137 => Service stopped successfully.
cpuz137 => service removed successfully
SmartDefragDriver => service removed successfully
C:\Users\Ashley\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61E54925-FC61-4BD3-A836-8F947EC77B02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61E54925-FC61-4BD3-A836-8F947EC77B02}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F4E1FEB-5C24-4FD5-83A3-0E3B3FB98EF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F4E1FEB-5C24-4FD5-83A3-0E3B3FB98EF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => key removed successfully
EmptyTemp: => 1 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:48:42 ====

 

 

ADWCleaner log

 

 

# AdwCleaner v5.019 - Logfile created 09/11/2015 at 19:03:14

# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ashley - ASHLEY-PC
# Running from : C:\Users\Ashley\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\World of Warcraft Beta
[-] Folder Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd
[-] Folder Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe
[-] Folder Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
[-] Folder Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] Folder Deleted : C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\Extensions\easyscreenshot@mozillaonline.com
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_algjnflpgoopkdijmkalfcifomdhmcbe_0.localstorage
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_algjnflpgoopkdijmkalfcifomdhmcbe_0.localstorage-journal
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage-journal
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
[-] File Deleted : C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ashley\AppData\Roaming\Mozilla\Firefox\Profiles\l95vimb1.default-1441151091474\prefs.js] [Preference] Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.twitch.tv/directory/following/live\",\"title\":\"Channels You Follow - Twitch\",\"frecency\":8880,\"lastVisitDate\":1441147032035000,\"ty[...]
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxps://isearch.avg.com/?cid={AAFAABA0-BD86-42DB-A8D3-0F3CA24A743F}&mid=50a934c49d284458bc29aae36a58e94b-350008f61377841d110a0e21809282e2fe53022c〈=en&ds=hk014&pr=sa&d=2012-10-02 20:51:35&v=12.2.5.34&sap=hp
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://search.iminent.com/?appId=E3AF24A0-8722-4C73-954B-3E1E5D14D51E
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://search.yahoo.com?fr=spigot-yhp-gcmac&ilc=12&type=435714
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : algjnflpgoopkdijmkalfcifomdhmcbe
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bcjbagclppcgdbpobcpoojdjdmcjhpid
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ehoopddfhgaehhmphfcooacjdpmbjlao
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nfengeggddojhakldhlpjdlddgkkjkdd
[-] [C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : poohjpljfecljomfhhimjhddddlidhdd
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5578 bytes] ##########
 

 

 

JRT LOG

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Ashley on Mon 11/09/2015 at 19:11:32.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (Ashley)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Ashley
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Ashley\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
Successfully deleted: [File] C:\Users\Ashley\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_klbibkeccnjlkjkiokjodocebajanakg_0.localstorage
Successfully deleted: [File] C:\Windows\SysWOW64\RENCA60.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Ashley\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\Ashley\AppData\Roaming\pcfixkit
Successfully deleted: [Folder] C:\Users\Ashley\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\Users\Ashley\AppData\Roaming\3909
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
Successfully deleted: [Folder] C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg
Successfully deleted: [Folder] C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
[C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Ashley\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  bmnlcjabgnpnenekpadlanbbkooimhnj,
  klbibkeccnjlkjkiokjodocebajanakg,
  lbfehkoinhhcknnbdgnnmjhiladcgbol
]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/09/2015 at 19:14:45.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

MSRT log

 

 

 

 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.29, October 2015 (build 5.29.11901.0)
Started On Mon Nov 09 19:17:53 2015
 
Engine: 1.1.12101.0
Signatures: 1.207.1429.0
 
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 09 19:24:05 2015
 
 
Return code: 0 (0x0)
 
Link to post
Share on other sites

What is the current status of your system, are there any remaining issues or concerns... If none run the following:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.