Jump to content

windows\system32\drivers\mbamswissarmy.sys


Wavess

Recommended Posts

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Thank you,

 

Kevin..

Link to post
Share on other sites

Alright so, after many hours lost due to the fact that i had to get to my work pc to post this, here's the frst.txt. Oh pls come back with good news *praying hands*

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by SYSTEM on MININT-BU7NFL8 (15-12-2015 16:06:22)
Running from H:\
Platform: Windows 7 Professional (X64) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-10] (Razer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] => "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /bootscan -resetprotection
HKU\Poizoneheart\...\Run: [LightShot] => C:\Users\Poizoneheart\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\Poizoneheart\...\Run: [AdobeBridge] => [X]
HKU\Poizoneheart\...\Run: [Akamai NetSession Interface] => C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Poizoneheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk [2014-08-19]
ShortcutTarget: Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-01-04] (Autodesk)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-08] ()
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Apache2.2; "D:\xampp\apache\bin\httpd.exe" -k runservice [X]
S4 MBAMScheduler; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S2 mi-raysat_3dsMax2009_64; "D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [X]
S2 mysql; D:\xampp\mysql\bin\mysqld.exe --defaults-file=D:\xampp\mysql\bin\my.ini mysql
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-12] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-12] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-12] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-12] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-12] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-12] (ESET)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-04] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2015-12-12] () <==== ATTENTION (zero byte File/Folder)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-04] (Malwarebytes Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-26] (Razer, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-04-13] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-15 16:06 - 2015-12-15 16:06 - 00000000 ____D C:\FRST
2015-12-11 14:07 - 2015-12-11 14:09 - 37508078 _____ C:\Users\Poizoneheart\Downloads\herzx2099 - you.wav
2015-12-11 13:54 - 2015-12-11 14:18 - 1094257274 _____ C:\Users\Poizoneheart\Downloads\Sophie Type Sounds Vol. 1.zip
2015-12-11 07:50 - 2015-12-12 01:58 - 00000000 ____D C:\Users\Poizoneheart\Downloads\l2tower
2015-12-11 05:58 - 2015-12-11 05:59 - 24521612 _____ C:\Users\Poizoneheart\Downloads\cat soup - misqueme.zip
2015-12-10 11:07 - 2015-12-10 11:07 - 35115376 _____ C:\Users\Poizoneheart\Downloads\l2tower.zip
2015-12-10 09:31 - 2015-12-10 09:40 - 43310049 _____ C:\Users\Poizoneheart\Downloads\HudMo 4 FrankOcean.zip
2015-12-10 07:53 - 2015-12-10 07:55 - 42583608 _____ C:\Users\Poizoneheart\Downloads\The Weeknd - The Hills (Acapella) .wav
2015-12-08 08:16 - 2015-12-08 08:31 - 442638341 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home.zip
2015-12-08 08:16 - 2015-12-08 08:18 - 77939139 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home (1).zip
2015-12-02 08:27 - 2015-12-02 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Film Noir cinema BLACK (RNDYSVGE track is missing)
2015-12-02 08:24 - 2015-12-02 08:27 - 77953024 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.zip
2015-12-01 10:00 - 2015-12-01 10:02 - 42110293 _____ C:\Users\Poizoneheart\Downloads\Bones - HermitOfEastGrandRiver.zip
2015-11-30 08:15 - 2015-11-30 08:16 - 24890515 _____ C:\Users\Poizoneheart\Downloads\esta. - Feathers EP.zip
2015-11-28 06:57 - 2006-02-03 17:50 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-11-28 06:57 - 2006-02-03 17:50 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-11-27 23:15 - 2015-11-27 23:21 - 239126022 _____ C:\Users\Poizoneheart\Downloads\Forward Stems (Alexander Lewis).zip
2015-11-27 08:06 - 2015-11-27 08:08 - 93704747 _____ C:\Users\Poizoneheart\Downloads\X Drums.zip
2015-11-25 12:13 - 2015-11-25 12:13 - 29259284 _____ C:\Users\Poizoneheart\Downloads\Magtfuld Future House Sound Pack Volume 1.zip
2015-11-25 11:06 - 2015-11-25 11:09 - 34017049 _____ C:\Users\Poizoneheart\Downloads\NoDJ-Raye-Welcome_To_The_Winter.zip
2015-11-25 08:03 - 2015-11-25 08:21 - 423422050 _____ C:\Users\Poizoneheart\Downloads\STYLSS Sample Pack - Volume Two [Nov 2015].zip
2015-11-25 07:19 - 2015-11-25 07:19 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\RevealSound
2015-11-24 11:44 - 2015-11-24 11:51 - 131515931 _____ C:\Users\Poizoneheart\Downloads\Daruma - Vol. 004.zip
2015-11-24 11:44 - 2015-11-24 11:46 - 26107244 _____ C:\Users\Poizoneheart\Downloads\Culpmixtest2.wav
2015-11-24 08:42 - 2015-11-24 08:45 - 29255922 _____ C:\Users\Poizoneheart\Downloads\Capsun Drumkit.zip
2015-11-24 05:32 - 2015-11-24 05:32 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\ElevatedDiagnostics
2015-11-23 06:13 - 2015-11-23 06:17 - 30660095 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.rar
2015-11-21 15:10 - 2015-11-21 15:10 - 00084679 _____ C:\Users\Poizoneheart\Downloads\DANKOLDSCHOOLREECE.fst
2015-11-21 03:56 - 2015-11-21 04:08 - 67789674 _____ C:\Users\Poizoneheart\Downloads\Ignant_Shit-(DatPiff.com).zip
2015-11-21 03:55 - 2015-11-21 04:11 - 94517704 _____ C:\Users\Poizoneheart\Downloads\Swavey-(DatPiff.com).zip
2015-11-21 03:54 - 2015-11-21 04:04 - 43853657 _____ C:\Users\Poizoneheart\Downloads\Mr_1_Verse_Killah-(DatPiff.com).zip
2015-11-21 03:53 - 2015-11-21 04:12 - 44688088 _____ C:\Users\Poizoneheart\Downloads\Tory_Lanez_One_Verse_One_Hearse.zip
2015-11-21 03:52 - 2015-11-21 04:06 - 85797952 _____ C:\Users\Poizoneheart\Downloads\Just_Landed-(DatPiff.com).zip
2015-11-21 03:49 - 2015-11-21 04:12 - 93855742 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Lost Cause - HotNewHipHop.zip
2015-11-21 03:49 - 2015-11-21 04:10 - 96252871 _____ C:\Users\Poizoneheart\Downloads\Tory Lanez - Conflicts Of My Soul - HotNewHipHop.zip
2015-11-21 03:32 - 2015-11-21 03:36 - 93258683 _____ C:\Users\Poizoneheart\Downloads\Rozz Dyliams & Purpdogg - The Judas Cradle.zip
2015-11-21 00:42 - 2015-11-21 00:55 - 247548153 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive.zip
2015-11-21 00:42 - 2015-11-21 00:44 - 51190516 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive (1).zip
2015-11-21 00:37 - 2015-11-21 00:37 - 70425452 _____ C:\Users\Poizoneheart\Desktop\zodivk x king sol.zip
2015-11-20 12:11 - 2015-11-20 12:15 - 79272732 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.wav
2015-11-20 09:21 - 2015-11-20 09:26 - 2072249756 _____ C:\Users\Poizoneheart\Downloads\1ada01.rar
2015-11-20 09:15 - 2015-11-20 09:26 - 50284557 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.flac
2015-11-19 10:51 - 2015-11-19 11:06 - 58997312 _____ C:\Users\Poizoneheart\Downloads\Sober Rob + lux.impala - Nativity.wav
2015-11-19 10:50 - 2015-11-19 10:53 - 37787552 _____ C:\Users\Poizoneheart\Downloads\goldwater - glaciate.wav
2015-11-19 09:03 - 2015-11-19 09:05 - 2379959847 _____ C:\Users\Poizoneheart\Downloads\teamsesh.zip
2015-11-18 11:27 - 2015-11-18 11:28 - 07613138 _____ C:\Users\Poizoneheart\Downloads\JUST-BLAZE-DRUMS.zip
2015-11-18 06:41 - 2015-11-18 07:05 - 470109269 _____ C:\Users\Poizoneheart\Downloads\Culprate Sample Pack.zip
2015-11-17 08:40 - 2015-11-17 08:41 - 00001331 _____ C:\Users\Poizoneheart\Desktop\soundcloud bio.txt
2015-11-17 08:34 - 2015-11-17 08:36 - 34288706 _____ C:\Users\Poizoneheart\Downloads\Cresce_-_Bad_Habits.wav
2015-11-16 09:16 - 2015-11-19 08:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Sorsari - The Farplane
2015-11-15 06:39 - 2015-11-15 06:40 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Tory Lanez - Cruel Intentions
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 15:18 - 2014-03-29 09:53 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 15:14 - 2015-01-10 06:02 - 00000000 _____ C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-12-12 15:06 - 2015-08-11 10:00 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 14:24 - 2009-07-13 20:45 - 00014848 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 14:18 - 2015-01-03 05:40 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Akamai
2015-12-12 14:16 - 2015-08-11 10:00 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-12 14:16 - 2014-03-29 09:53 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 14:15 - 2014-03-29 09:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-12 14:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-12 09:10 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
2015-12-12 09:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-12 08:47 - 2014-08-19 03:57 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-345066769-3900799609-3403792336-1001.job
2015-12-12 05:59 - 2014-08-19 03:56 - 00000402 _____ C:\Windows\Tasks\update-sys.job
2015-12-10 10:30 - 2014-03-29 09:54 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 08:35 - 2014-05-22 01:43 - 07271424 ___SH C:\Users\Poizoneheart\Downloads\Thumbs.db
2015-12-02 06:13 - 2014-03-29 09:53 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 06:13 - 2014-03-29 09:53 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 08:40 - 2014-04-21 23:08 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\spek
2015-11-29 08:30 - 2014-05-17 07:39 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\Curse Client
2015-11-28 23:26 - 2015-11-09 00:04 - 05052672 _____ C:\Windows\System32\FNTCACHE.DAT
2015-11-28 08:59 - 2015-11-09 00:06 - 00124432 _____ C:\Users\Poizoneheart\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-28 06:50 - 2014-03-29 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-27 23:59 - 2014-04-10 10:43 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Battle.net
2015-11-26 06:37 - 2014-09-12 04:31 - 00001456 _____ C:\Users\Poizoneheart\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-11-24 07:41 - 2015-01-30 14:26 - 00000000 ____D C:\Windows\pss
2015-11-24 07:40 - 2014-03-29 09:52 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Deployment
2015-11-24 07:39 - 2015-08-11 10:06 - 00000000 ___RD C:\Users\Poizoneheart\Dropbox
2015-11-24 07:39 - 2015-08-11 09:59 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Dropbox
2015-11-23 11:38 - 2014-04-23 06:45 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-11-23 11:38 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-22 09:46 - 2014-04-23 02:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-11-20 12:12 - 2014-03-29 12:00 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\vlc
 
Some files in TEMP:
====================
C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll
C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 4095.12 MB
Available physical RAM: 3443.41 MB
Total Virtual: 4093.27 MB
Available Virtual: 3438.05 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:0.41 GB) NTFS
Drive e: () (Fixed) (Total:600.98 GB) (Free:309 GB) NTFS
Drive h: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E267E267)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-12-12 09:41
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.
 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Those instructions will reset your system registry settings to the way they were for the last time it booted successfully, post log also let me know outcome..

 

Thank you,

 

Kevin

Fixlist.txt

Link to post
Share on other sites

BRUUUUUUUH U SAVED THIS SHHHH*** :DDDDDDD

 

I'm broke AF and they don't pay us trainees for our practice work, but if you're seeing this thread (idk, for any reasons, some may just be creepers lmao) consider donating to Kevin, he's dope!

 

Here's the log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by SYSTEM (2015-12-16 15:57:02) Run:1
Running from H:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Start
LastRegBack: 2015-12-12 09:41
end
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 15:57:08 ====
Link to post
Share on other sites

Thanks for the log, not sure what you mean calling me a dope, in my country that is an insult.... If your system is now back to normal I want you to make a clean install for Malwarebytes, see how it responds...

 

Please download MBAM-clean and save it to your desktop.

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step



Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked[/b and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.
 
Next,
 
Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.



Let me see those logs....

 

Thank you,

 

Kevin.
 

Link to post
Share on other sites

Ehh, sorry if i got missunderstood, there, i was trying to insult you at all...Can you please explain this part again?

 

"Please download MBAM-clean and save it to your desktop.

 

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step"

 

 MBAM-clean isn't linked anywhere? or is it an .exe inside my malwarebytes folder?

Link to post
Share on other sites

In my country a dope is someone of very low intellectual skills, in other words a simpleton, or  an outright idiot. In your latest reply I`m still unsure, I quote your latest reply:

 

i was trying to insult you at all.

 

Try again with clean install....

 

Please download MBAM-clean and save it to your desktop.
 

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step


Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
 

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked[/b and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.
 

Link to post
Share on other sites

In my country a dope is someone of very low intellectual skills, in other words a simpleton, or  an outright idiot. In your latest reply I`m still unsure, I quote your latest reply:

 

Quote

i was trying to insult you at all.

 

Yeah i wanted to say "i wasn't trying to insult u at all" When i noticed i made a mistake and wrote "was" i tried to edit the post but i had no luck...From what i know, dope means that something is awesome or...very cool, i don't know, something along the lines of that. I understand that it bothered u though, but i can surely tell i had no bad intentions hehe.

 

 

 

 

Back on topic (basically i wanted to clear things up with this :P), i am now running the Threat Scan, as soon as it will finish i will also get the Farbar logs and post them altogether. Thanks for being around :D

Link to post
Share on other sites

Ok so:

 

The MBAM scanlog:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/12/2015
Scan Time: 10:19 πμ
Logfile: mbam_scanlog.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.18.02
Rootkit Database: v2015.12.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Poizoneheart
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348815
Time Elapsed: 29 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
The Farbar scanlog:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Poizoneheart (administrator) on POIZONEHEART-PC (18-12-2015 11:02:08)
Running from C:\Users\Poizoneheart\Downloads
Loaded Profiles: Poizoneheart (Available Profiles: Poizoneheart)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apache Software Foundation) D:\xampp\apache\bin\httpd.exe
(Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
() D:\xampp\mysql\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apache Software Foundation) D:\xampp\apache\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Akamai Technologies, Inc.) C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Skillbrains) C:\Users\Poizoneheart\AppData\Local\Skillbrains\lightshot\5.1.4.6\Lightshot.exe
(Akamai Technologies, Inc.) C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [593216 2015-08-11] (Razer Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\Run: [LightShot] => C:\Users\Poizoneheart\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Poizoneheart\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\MountPoints2: G - G:\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Poizoneheart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk [2014-08-19]
ShortcutTarget: Απόσπασμα οθόνης και Εκκίνηση για το OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5C6698D4-3487-4410-88E8-5427D8A9159F}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
CHR DefaultSearchKeyword: Default -> google.com_
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-08]
CHR Extension: (Έγγραφα Google) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive ) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Twitter Symbols) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjbolaacbpibnnbfnebejhonbdbmpifa [2014-03-29]
CHR Extension: (YouTube) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-10-15]
CHR Extension: (Αναζήτηση Google) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Έγγραφα Google εκτός σύνδεσης) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (AdBlock) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-05]
CHR Extension: (Πληρωμές στο Chrome Web Store) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.2; D:\xampp\apache\bin\httpd.exe [20549 2010-10-18] (Apache Software Foundation) [File not signed]
R2 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [79360 2015-01-04] (Autodesk) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-11] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsMax2009_64; D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [65536 2008-03-10] () [File not signed]
R2 mysql; D:\xampp\mysql\bin\mysqld.exe [8133120 2010-12-03] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-08] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-04-13] () [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-18 11:02 - 2015-12-18 11:02 - 00020065 _____ C:\Users\Poizoneheart\Downloads\FRST.txt
2015-12-18 11:01 - 2015-12-18 11:01 - 02370048 _____ (Farbar) C:\Users\Poizoneheart\Downloads\FRST64.exe
2015-12-18 10:59 - 2015-12-18 10:59 - 00001097 _____ C:\Users\Poizoneheart\Desktop\mbam_scanlog.txt
2015-12-18 10:17 - 2015-12-18 10:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-18 10:17 - 2015-12-18 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-18 10:16 - 2015-12-18 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-18 10:16 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-18 10:16 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-18 10:16 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-18 10:15 - 2015-12-18 10:16 - 22908888 _____ (Malwarebytes ) C:\Users\Poizoneheart\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-18 00:54 - 2015-12-18 00:54 - 07840718 _____ C:\Users\Poizoneheart\Downloads\Rare's Vocal Pack 2.zip
2015-12-18 00:47 - 2015-12-18 00:47 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Poizoneheart\Downloads\mbam-clean-2.1.1.1001.exe
2015-12-18 00:11 - 2015-12-18 00:11 - 20638380 _____ C:\Users\Poizoneheart\Downloads\Yugi_Boi_Drumkit.zip
2015-12-17 22:36 - 2015-12-17 22:38 - 41637309 _____ C:\Users\Poizoneheart\Downloads\Gemini EP.zip
2015-12-17 01:57 - 2015-12-17 01:57 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2015-12-17 00:07 - 2015-12-17 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-16 02:06 - 2015-12-18 11:02 - 00000000 ____D C:\FRST
2015-12-12 00:07 - 2015-12-12 00:09 - 37508078 _____ C:\Users\Poizoneheart\Downloads\herzx2099 - you.wav
2015-12-11 23:54 - 2015-12-12 00:18 - 1094257274 _____ C:\Users\Poizoneheart\Downloads\Sophie Type Sounds Vol. 1.zip
2015-12-11 17:50 - 2015-12-12 11:58 - 00000000 ____D C:\Users\Poizoneheart\Downloads\l2tower
2015-12-11 15:58 - 2015-12-11 15:59 - 24521612 _____ C:\Users\Poizoneheart\Downloads\cat soup - misqueme.zip
2015-12-10 21:07 - 2015-12-10 21:07 - 35115376 _____ C:\Users\Poizoneheart\Downloads\l2tower.zip
2015-12-10 19:31 - 2015-12-10 19:40 - 43310049 _____ C:\Users\Poizoneheart\Downloads\HudMo 4 FrankOcean.zip
2015-12-10 17:53 - 2015-12-10 17:55 - 42583608 _____ C:\Users\Poizoneheart\Downloads\The Weeknd - The Hills (Acapella) .wav
2015-12-08 18:16 - 2015-12-08 18:31 - 442638341 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home.zip
2015-12-08 18:16 - 2015-12-08 18:18 - 77939139 _____ C:\Users\Poizoneheart\Downloads\Kodyak - the place i call home (1).zip
2015-12-02 18:27 - 2015-12-02 18:33 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Film Noir cinema BLACK (RNDYSVGE track is missing)
2015-12-02 18:24 - 2015-12-02 18:27 - 77953024 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.zip
2015-12-01 20:00 - 2015-12-01 20:02 - 42110293 _____ C:\Users\Poizoneheart\Downloads\Bones - HermitOfEastGrandRiver.zip
2015-11-30 18:15 - 2015-11-30 18:16 - 24890515 _____ C:\Users\Poizoneheart\Downloads\esta. - Feathers EP.zip
2015-11-28 16:57 - 2006-02-04 03:50 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2015-11-28 16:57 - 2006-02-04 03:50 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2015-11-28 16:50 - 2015-11-28 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lineage II
2015-11-28 09:15 - 2015-11-28 09:21 - 239126022 _____ C:\Users\Poizoneheart\Downloads\Forward Stems (Alexander Lewis).zip
2015-11-27 18:06 - 2015-11-27 18:08 - 93704747 _____ C:\Users\Poizoneheart\Downloads\X Drums.zip
2015-11-25 22:13 - 2015-11-25 22:13 - 29259284 _____ C:\Users\Poizoneheart\Downloads\Magtfuld Future House Sound Pack Volume 1.zip
2015-11-25 21:06 - 2015-11-25 21:09 - 34017049 _____ C:\Users\Poizoneheart\Downloads\NoDJ-Raye-Welcome_To_The_Winter.zip
2015-11-25 18:03 - 2015-11-25 18:21 - 423422050 _____ C:\Users\Poizoneheart\Downloads\STYLSS Sample Pack - Volume Two [Nov 2015].zip
2015-11-25 17:19 - 2015-11-25 17:19 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\RevealSound
2015-11-24 21:44 - 2015-11-24 21:51 - 131515931 _____ C:\Users\Poizoneheart\Downloads\Daruma - Vol. 004.zip
2015-11-24 21:44 - 2015-11-24 21:46 - 26107244 _____ C:\Users\Poizoneheart\Downloads\Culpmixtest2.wav
2015-11-24 18:42 - 2015-11-24 18:45 - 29255922 _____ C:\Users\Poizoneheart\Downloads\Capsun Drumkit.zip
2015-11-24 15:32 - 2015-11-24 15:32 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\ElevatedDiagnostics
2015-11-23 16:13 - 2015-11-23 16:17 - 30660095 _____ C:\Users\Poizoneheart\Downloads\QUIX SAMPLE PACK.rar
2015-11-22 01:10 - 2015-11-22 01:10 - 00084679 _____ C:\Users\Poizoneheart\Downloads\DANKOLDSCHOOLREECE.fst
2015-11-21 13:56 - 2015-11-21 14:08 - 67789674 _____ C:\Users\Poizoneheart\Downloads\Ignant_Shit-(DatPiff.com).zip
2015-11-21 13:55 - 2015-11-21 14:11 - 94517704 _____ C:\Users\Poizoneheart\Downloads\Swavey-(DatPiff.com).zip
2015-11-21 13:54 - 2015-11-21 14:04 - 43853657 _____ C:\Users\Poizoneheart\Downloads\Mr_1_Verse_Killah-(DatPiff.com).zip
2015-11-21 13:52 - 2015-11-21 14:06 - 85797952 _____ C:\Users\Poizoneheart\Downloads\Just_Landed-(DatPiff.com).zip
2015-11-21 13:32 - 2015-11-21 13:36 - 93258683 _____ C:\Users\Poizoneheart\Downloads\Rozz Dyliams & Purpdogg - The Judas Cradle.zip
2015-11-21 10:42 - 2015-11-21 10:55 - 247548153 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive.zip
2015-11-21 10:42 - 2015-11-21 10:44 - 51190516 _____ C:\Users\Poizoneheart\Downloads\drew the architect - vacive (1).zip
2015-11-21 10:37 - 2015-11-21 10:37 - 70425452 _____ C:\Users\Poizoneheart\Desktop\zodivk x king sol.zip
2015-11-20 22:11 - 2015-11-20 22:15 - 79272732 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.wav
2015-11-20 19:21 - 2015-11-20 19:26 - 2072249756 _____ C:\Users\Poizoneheart\Downloads\1ada01.rar
2015-11-20 19:15 - 2015-11-20 19:26 - 50284557 _____ C:\Users\Poizoneheart\Downloads\KOAN_Sound_x_Culprate_x_Asa_x_Opiuo_-_If_You_Hadn_39_t.flac
2015-11-19 20:51 - 2015-11-19 21:06 - 58997312 _____ C:\Users\Poizoneheart\Downloads\Sober Rob + lux.impala - Nativity.wav
2015-11-19 20:50 - 2015-11-19 20:53 - 37787552 _____ C:\Users\Poizoneheart\Downloads\goldwater - glaciate.wav
2015-11-19 19:03 - 2015-11-19 19:05 - 2379959847 _____ C:\Users\Poizoneheart\Downloads\teamsesh.zip
2015-11-18 21:27 - 2015-11-18 21:28 - 07613138 _____ C:\Users\Poizoneheart\Downloads\JUST-BLAZE-DRUMS.zip
2015-11-18 16:41 - 2015-11-18 17:05 - 470109269 _____ C:\Users\Poizoneheart\Downloads\Culprate Sample Pack.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-18 10:47 - 2014-08-19 13:57 - 00000402 _____ C:\Windows\Tasks\update-S-1-5-21-345066769-3900799609-3403792336-1001.job
2015-12-18 10:19 - 2009-07-14 06:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-18 10:19 - 2009-07-14 06:45 - 00014848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-18 10:18 - 2014-03-29 19:53 - 00001184 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-18 10:13 - 2015-08-11 20:06 - 00000000 ___RD C:\Users\Poizoneheart\Dropbox
2015-12-18 10:13 - 2015-08-11 19:59 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Dropbox
2015-12-18 10:12 - 2015-08-11 20:00 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-18 10:12 - 2014-03-29 19:53 - 00001180 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-18 10:11 - 2014-03-29 19:37 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-18 10:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-18 10:05 - 2015-08-11 20:00 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-18 09:31 - 2015-01-03 15:40 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Akamai
2015-12-17 23:59 - 2014-08-19 13:56 - 00000402 _____ C:\Windows\Tasks\update-sys.job
2015-12-17 00:07 - 2015-08-11 20:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-16 23:23 - 2014-03-29 19:54 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-16 23:10 - 2009-07-14 07:08 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-16 18:22 - 2009-07-14 07:13 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-16 18:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2015-12-16 16:31 - 2014-05-22 11:43 - 07314432 ___SH C:\Users\Poizoneheart\Downloads\Thumbs.db
2015-12-02 16:13 - 2014-03-29 19:53 - 00004180 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 16:13 - 2014-03-29 19:53 - 00003928 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-29 18:40 - 2014-04-22 09:08 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\spek
2015-11-29 18:30 - 2014-05-17 17:39 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\Curse Client
2015-11-29 09:26 - 2015-11-09 10:04 - 05052672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-28 18:59 - 2015-11-09 10:06 - 00124432 _____ C:\Users\Poizoneheart\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-28 16:50 - 2014-03-29 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-28 09:59 - 2014-04-10 20:43 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Battle.net
2015-11-26 16:37 - 2014-09-12 14:31 - 00001456 _____ C:\Users\Poizoneheart\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-11-24 17:41 - 2015-01-31 00:26 - 00000000 ____D C:\Windows\pss
2015-11-24 17:40 - 2014-03-29 19:52 - 00000000 ____D C:\Users\Poizoneheart\AppData\Local\Deployment
2015-11-23 21:38 - 2014-04-23 16:45 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-11-23 21:38 - 2014-04-23 12:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-22 19:46 - 2014-04-23 12:05 - 00281768 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-11-20 22:12 - 2014-03-29 22:00 - 00000000 ____D C:\Users\Poizoneheart\AppData\Roaming\vlc
2015-11-19 18:33 - 2015-11-16 19:16 - 00000000 ____D C:\Users\Poizoneheart\Downloads\Sorsari - The Farplane
 
==================== Files in the root of some directories =======
 
2014-05-26 14:37 - 2015-01-10 18:54 - 0000132 _____ () C:\Users\Poizoneheart\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-05-20 14:58 - 2015-09-07 16:35 - 0000132 _____ () C:\Users\Poizoneheart\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-07 16:17 - 2015-05-07 22:08 - 1714772 _____ () C:\Users\Poizoneheart\AppData\Roaming\ICARE.LOG
2015-05-07 16:17 - 2015-05-07 16:17 - 0000162 _____ () C:\Users\Poizoneheart\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-09-12 14:31 - 2015-11-26 16:37 - 0001456 _____ () C:\Users\Poizoneheart\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-04-19 13:03 - 2015-03-18 18:44 - 0008704 _____ () C:\Users\Poizoneheart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-29 19:43 - 2015-09-22 10:15 - 0007628 _____ () C:\Users\Poizoneheart\AppData\Local\Resmon.ResmonCfg
2014-08-19 13:56 - 2014-08-19 13:56 - 0000003 _____ () C:\Users\Poizoneheart\AppData\Local\updater.log
2014-08-19 13:57 - 2014-09-16 13:07 - 0000450 _____ () C:\Users\Poizoneheart\AppData\Local\UserProducts.xml
2014-12-05 18:42 - 2014-12-05 18:42 - 0268706 _____ () C:\ProgramData\1417797648.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll
C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-12 19:41
 
==================== End of FRST.txt ============================
 
 
And the attachments, Addition.txt and Shortcut.txt :)
 
 
EDIT: Hmm...seems like i cannot find how to attach the Addition and Shortcut files, should i just paste them in my next reply?
Link to post
Share on other sites

To attach files select "More Reply Options" tab under reply box, in the new reply window select "Browse" to find the log file, double click direct onto the log file to upload, then select "Attach This File" to do just that. Repeat as required... Or if you prefer just copy and paste the logs to your reply window....

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Thanks for the logs, continue please..

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

 

Post those logs, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin.
 

Fixlist.txt

Link to post
Share on other sites

Hello, sorry for being away.

 

I ran the frst fix and i think some of my recent files (because i was operating the pc the last few days and i thought that if i ran the fix later it would be ok) are missing. Am i right or i'm just blind? Also, chrome cache is deleted entirely and i can't see which files i had downloaded lately so i can re-download them :(

 

Here's the fixlog, i will proceed with the MSRT log when you explain to me what exactly happened

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Poizoneheart (2015-12-22 19:27:16) Run:2
Running from C:\Users\Poizoneheart\Downloads
Loaded Profiles: Poizoneheart (Available Profiles: Poizoneheart)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\...\MountPoints2: G - G:\Autorun.exe
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll
C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe
EmptyTemp:
end
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-345066769-3900799609-3403792336-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKU\S-1-5-21-345066769-3900799609-3403792336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
"HKU\S-1-5-21-345066769-3900799609-3403792336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key removed successfully
C:\Users\Poizoneheart\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
VBoxNetFlt => service removed successfully
C:\Users\Poizoneheart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpznejnx.dll => moved successfully
C:\Users\Poizoneheart\AppData\Local\Temp\_is15C9.exe => moved successfully
EmptyTemp: => 679 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:28:56 ====
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.