Solved GoSave and 1 other keep coming back

[jtutmark]

Looking for assistance in getting rid of gosave and similiar adware that keep coming back after uninstalling in chrome and restarting. Not sure what to do next,

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[jtutmark]

Zoek.exe v5.0.0.0 Updated 28-12-2014
Tool run by Jeff on Mon 12/29/2014 at 10:08:44.68.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: F:\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/29/2014 10:09:42 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AppName deleted successfully
C:\PROGRA~2\PC Connectivity Solution deleted successfully
C:\PROGRA~3\Trusted Publisher deleted successfully
C:\Users\Jeff\AppData\Roaming\Samsung deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\Users\Jeff\.android deleted
C:\PROGRA~2\BitLord deleted
C:\Users\Jeff\AppData\Roaming\BitLord deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jeff\AppData\Local\BitLord deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Jeff\Documents\BitLord deleted
"C:\PROGRA~3\fcf714377458234f\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141031101937" deleted
"C:\PROGRA~3\fcf714377458234f\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141118102206" deleted
"C:\PROGRA~3\fcf714377458234f\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141118102207" deleted
"C:\PROGRA~3\fcf714377458234f\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20141031101524" deleted
"C:\PROGRA~3\fcf714377458234f\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141031101445" deleted
"C:\PROGRA~3\fcf714377458234f\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141031101504" deleted
"C:\PROGRA~3\fcf714377458234f\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141031101908" deleted
"C:\PROGRA~3\fcf714377458234f\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141031101938" deleted
"C:\PROGRA~3\fcf714377458234f" deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Administrator\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted
Fake profile C:\Users\Jeff\AppData\Local\Torch deleted
Fake profile C:\Users\Jeff\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Jeff\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Jeff\AppData\Local\Chromatic Browser deleted

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Jeff\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[12/10/2014 10:39 AM]

==== Chromium Startpages ======================

C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://google.com/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Jeff\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=319 folders=80 6009790185 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jeff\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jeff\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Mon 12/29/2014 at 10:28:25.88 ======================

 

[jtutmark]

Also just realized I didnt check all user profiles..so I may scan again...but so far so good.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

 

[jtutmark]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Jeff (administrator) on JEFFSRIG on 29-12-2014 11:32:52
Running from C:\Users\Jeff\Downloads
Loaded Profile: Jeff (Available profiles: Jeff)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
() C:\Program Files (x86) (x86)\Dell Photo AIO Printer 966\memcard.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [776480 2013-05-09] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [dlcqmon.exe] => C:\Program Files (x86) (x86)\Dell Photo AIO Printer 966\dlcqmon.exe [292080 2007-06-29] ()
HKLM-x32\...\Run: [MemoryCardManager] => C:\Program Files (x86) (x86)\Dell Photo AIO Printer 966\memcard.exe [304368 2007-06-29] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-27] (Electronic Arts)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\MountPoints2: {269b2a65-6122-11e4-8271-001fbc087dcd} - "H:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\MountPoints2: {d67c0475-bee6-11e3-825b-001fbc087dcd} - "H:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\MountPoints2: {dc6c749e-f958-11e3-8264-001fbc087dcd} - "H:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\MountPoints2: {e09ab3a8-471a-11e4-826f-001fbc087dcd} - "H:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\MountPoints2: {fd749ce4-11b8-11e4-8266-001fbc087dcd} - "H:\VZW_Software_upgrade_assistant.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1516866678-2134814311-3096657-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1516866678-2134814311-3096657-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR HKU\S-1-5-21-1516866678-2134814311-3096657-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jeff\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-12-10]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-08-16] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-22] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-11] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2011-01-19] (Devguru Co., Ltd)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 PlantronicsGC; C:\Windows\system32\drivers\PLTGC.sys [1327104 2013-04-12] (C-Media Electronics Inc)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-04] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 11:32 - 2014-12-29 11:32 - 00000000 ____D () C:\Users\Jeff\Downloads\FRST-OlderVersion
2014-12-29 10:28 - 2014-12-29 10:28 - 00007334 _____ () C:\Users\Jeff\Desktop\zoek-results.txt
2014-12-29 10:27 - 2014-12-29 10:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-29 10:09 - 2014-12-29 10:28 - 00007334 _____ () C:\zoek-results.log
2014-12-29 10:08 - 2014-12-29 10:25 - 00000000 ____D () C:\zoek_backup
2014-12-29 09:50 - 2014-12-29 11:32 - 00000000 ____D () C:\FRST
2014-12-28 10:36 - 2014-12-28 10:36 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-28 10:36 - 2014-12-28 10:36 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-28 09:45 - 2014-12-28 09:45 - 00000000 ____D () C:\Windows\PCHEALTH
2014-12-28 09:45 - 2014-12-28 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-28 09:45 - 2014-12-28 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-12-28 09:44 - 2014-12-28 09:44 - 00000000 __RHD () C:\MSOCache
2014-12-28 09:44 - 2014-12-28 09:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-28 09:44 - 2014-12-28 09:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-28 05:55 - 2014-12-28 05:55 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 05:54 - 2014-12-29 10:28 - 00001852 _____ () C:\Windows\PFRO.log
2014-12-27 18:26 - 2014-12-27 18:26 - 00002145 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-12-27 18:25 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-27 18:24 - 2014-12-27 18:25 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-12-27 18:24 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-27 18:24 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-27 18:24 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-27 18:24 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-27 18:24 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-27 18:24 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-25 12:38 - 2014-12-25 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppName
2014-12-25 12:37 - 2014-12-25 12:37 - 00000218 _____ () C:\Users\Jeff\AppData\Local\recently-used.xbel
2014-12-24 08:06 - 2014-12-24 08:06 - 00004312 _____ () C:\Windows\DPINST.LOG
2014-12-24 08:05 - 2014-12-27 18:25 - 00003936 _____ () C:\Windows\setupact.log
2014-12-24 08:05 - 2014-12-24 08:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 20:58 - 2014-12-29 11:31 - 01783487 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 19:22 - 2014-12-18 19:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 11:24 - 2014-12-17 11:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-16 11:28 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-16 11:28 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-14 10:16 - 2014-12-14 10:16 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-12-14 10:15 - 2014-12-14 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
2014-12-14 10:15 - 2014-12-14 10:15 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-12-14 10:15 - 2014-12-14 10:15 - 00000000 ____D () C:\Program Files (x86)\LeapFrog
2014-12-14 10:13 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-14 10:13 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-14 10:09 - 2014-12-14 10:09 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 22:41 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 22:41 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 22:41 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 22:41 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 22:41 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 22:41 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 22:41 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 22:41 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-09 22:41 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-09 22:41 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 22:41 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 22:41 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-09 22:41 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-09 22:41 - 2014-10-12 18:43 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-09 22:41 - 2014-10-12 18:43 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-09 22:41 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-09 22:41 - 2014-10-12 18:43 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-09 22:40 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 22:40 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 22:40 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 22:40 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 22:40 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 22:40 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-09 22:40 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 22:40 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 22:40 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 22:40 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 22:40 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 22:40 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-09 22:40 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 22:40 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 22:40 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 22:40 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-09 22:40 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-09 22:40 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-09 22:40 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 22:40 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 22:40 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 22:40 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 22:40 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 22:40 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 22:40 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-09 22:40 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 22:40 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 22:40 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-09 22:40 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 22:40 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-09 22:40 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 22:40 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 22:40 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 22:40 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 22:40 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 22:40 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 22:40 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 22:40 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 22:40 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 22:40 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 22:40 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-02 07:55 - 2014-12-02 07:55 - 00000000 ____D () C:\Users\Jeff\Documents\Rockstar Games
2014-12-02 07:46 - 2014-12-02 07:46 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-12-02 07:46 - 2014-12-02 07:46 - 00000000 ____D () C:\Users\Jeff\Documents\Games for Windows - LIVE Demos
2014-12-02 07:45 - 2014-12-02 07:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-02 07:31 - 2014-12-02 07:47 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Rockstar Games
2014-12-02 07:31 - 2014-12-02 07:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-12-02 07:31 - 2014-12-02 07:31 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-12-02 07:31 - 2014-12-02 07:31 - 00000000 __RHD () C:\Users\Jeff\AppData\Roaming\SecuROM
2014-12-02 07:31 - 2014-12-02 07:31 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-12-01 08:15 - 2014-12-29 11:32 - 00014897 _____ () C:\Users\Jeff\Downloads\FRST.txt
2014-12-01 08:15 - 2014-12-01 08:16 - 00029566 _____ () C:\Users\Jeff\Downloads\Addition.txt
2014-12-01 08:14 - 2014-12-29 11:32 - 02123264 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2014-12-01 08:14 - 2014-12-01 08:14 - 00000000 __SHD () C:\Users\Jeff\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 11:20 - 2014-04-21 17:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 11:11 - 2014-02-23 13:03 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1516866678-2134814311-3096657-1001
2014-12-29 11:08 - 2014-08-13 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 11:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-29 10:47 - 2014-03-13 12:20 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 10:33 - 2014-02-23 13:04 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 10:28 - 2014-11-18 11:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 10:28 - 2014-10-31 09:14 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-29 10:28 - 2014-03-13 12:20 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 10:28 - 2014-02-23 13:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-29 10:28 - 2014-02-23 13:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-29 10:28 - 2014-02-23 12:59 - 00000000 ___DO () C:\Users\Jeff\SkyDrive
2014-12-29 10:28 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-29 10:28 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Comodo
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-29 10:25 - 2014-10-31 09:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-29 10:25 - 2014-03-13 12:20 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Google
2014-12-29 10:25 - 2014-02-23 12:56 - 00000000 ____D () C:\Users\Jeff
2014-12-29 10:25 - 2013-08-22 07:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-12-29 10:25 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-12-29 09:18 - 2014-02-23 13:06 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4A74657-D0D1-4B84-A9B3-3252CA9AD32A}
2014-12-29 09:15 - 2014-02-23 13:09 - 00000000 ____D () C:\ProgramData\Origin
2014-12-28 10:25 - 2013-08-22 06:44 - 00479064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-28 10:24 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-28 09:56 - 2014-05-22 07:55 - 00000000 ___RD () C:\Users\Jeff\Google Drive
2014-12-28 09:45 - 2014-04-21 17:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-28 09:45 - 2014-04-21 17:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-28 09:44 - 2013-08-22 11:11 - 00000000 ____D () C:\Windows\ShellNew
2014-12-28 09:44 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-28 05:54 - 2013-08-22 00:21 - 00256251 ____N () C:\Windows\Minidump\122814-16453-01.dmp
2014-12-27 18:26 - 2014-02-23 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-26 17:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-20 21:02 - 2014-03-29 15:30 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-12-20 21:02 - 2013-08-22 05:25 - 00000076 _____ () C:\Windows\win.ini
2014-12-20 20:57 - 2014-02-23 13:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-17 10:42 - 2014-03-15 14:51 - 00955392 ___SH () C:\Users\Jeff\Desktop\Thumbs.db
2014-12-14 23:20 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-12-14 10:15 - 2014-08-07 08:48 - 00000000 ____D () C:\Program Files\DIFX
2014-12-14 10:09 - 2014-07-10 09:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-14 10:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-14 10:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-14 10:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 10:09 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-13 02:08 - 2014-11-10 09:22 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-13 02:08 - 2014-11-10 09:22 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 02:08 - 2014-02-23 22:38 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 02:08 - 2014-02-23 22:38 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 02:08 - 2014-02-23 13:04 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-13 02:08 - 2014-02-23 13:04 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-12-13 02:08 - 2013-10-27 09:12 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 02:08 - 2013-10-27 09:12 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 00:03 - 2014-02-23 13:04 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 00:03 - 2014-02-23 13:04 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 00:03 - 2014-02-23 13:04 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 00:03 - 2014-02-23 13:04 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 00:03 - 2014-02-23 13:04 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 00:03 - 2014-02-23 13:04 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-12 16:12 - 2014-09-20 10:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 16:12 - 2014-09-20 10:00 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-12 16:12 - 2014-02-23 22:39 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 16:12 - 2014-02-23 22:39 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 15:11 - 2014-02-23 13:04 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-10 10:46 - 2014-04-10 17:48 - 00000000 ____D () C:\Users\Jeff\AppData\Roaming\VERIZON
2014-12-10 10:38 - 2014-09-13 12:20 - 00000000 ____D () C:\ProgramData\ASGVIS
2014-12-10 10:06 - 2014-02-25 13:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 10:04 - 2014-02-25 13:11 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 14:21 - 2014-11-18 10:16 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-12-09 10:08 - 2014-08-13 21:28 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-04 11:59 - 2014-11-18 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-04 11:59 - 2014-11-18 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 02:01 - 2014-06-23 13:11 - 00000000 ____D () C:\Users\Jeff\AppData\Local\Plex Media Server

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-29 11:11

==================== End Of Log ============================

 

[TwinHeadedEagle]

Good. PC seems clean now.

CHR dev: Chrome dev build detected! <======= ATTENTION

You need to reinstall Chrome, it is altered by malware.



Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle