XjamathonX
Posts: 20 +0
Good afternoon.. After some trial and error and more than a few sleepless nights struggling with this I figured I'd reach out for help from people far more experienced and educated in this than myself...
Any help with this would be greatly appreciated.. Thanks so much for your time..
Per the initial post here are the FRST.txt and Addition.txt logs...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by XjamathonX (administrator) on BFNERDGASM (11-04-2016 12:23:48)
Running from C:\Users\XjamathonX\Desktop
Loaded Profiles: XjamathonX (Available Profiles: XjamathonX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, I 1024)I .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) D:\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Users\XjamathonX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-07] (AVAST Software)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-07] (AVAST Software)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32D1360D-2E52-4463-858F-B807B4E5D191}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> DefaultScope {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe Acrobat\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn [2012-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-10-02]
CHR Extension: (Google Search) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (ARC Welder) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Avast Online Security) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-05]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-07] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-06-13] () [File not signed]
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-07] (AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-05] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-10] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2012-03-07] (Texas Instruments) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-07] ()
U3 a6o487fi; C:\Windows\System32\Drivers\a6o487fi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 12:23 - 2016-04-11 12:23 - 00023261 _____ C:\Users\XjamathonX\Desktop\FRST.txt
2016-04-07 19:17 - 2016-04-07 19:17 - 00005798 _____ C:\Users\XjamathonX\Documents\cc_20160407_191721.reg
2016-04-07 19:16 - 2016-04-07 19:16 - 00184314 _____ C:\Users\XjamathonX\Documents\cc_20160407_191650.reg
2016-04-07 14:15 - 2016-04-07 19:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-07 14:15 - 2016-04-07 19:05 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-07 14:15 - 2016-04-07 14:15 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-07 14:09 - 2016-04-07 14:09 - 01610352 _____ (Malwarebytes) C:\Users\XjamathonX\Desktop\JRT.exe
2016-04-07 13:56 - 2016-04-07 13:55 - 00602112 _____ (OldTimer Tools) C:\Users\XjamathonX\Desktop\OTL.exe
2016-04-07 13:48 - 2016-04-11 12:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 13:48 - 2016-04-07 13:48 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-07 13:46 - 2016-04-07 13:47 - 00231744 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_13.46.04_log.txt
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\KVRT_Data
2016-04-07 13:19 - 2016-04-07 13:19 - 00042131 _____ C:\ComboFix.txt
2016-04-07 13:11 - 2016-04-07 13:11 - 05660031 ____R (Swearware) C:\Users\XjamathonX\Desktop\ComboFix.exe
2016-04-07 13:00 - 2016-04-07 18:57 - 00000000 ____D C:\AdwCleaner
2016-04-07 13:00 - 2016-04-07 13:00 - 03119168 _____ C:\Users\XjamathonX\Desktop\adwcleaner_5.109.exe
2016-04-07 13:00 - 2016-04-07 12:59 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-07 12:59 - 2016-04-07 12:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-07 12:55 - 2016-04-11 12:23 - 00000000 ____D C:\FRST
2016-04-07 12:53 - 2016-04-07 12:53 - 02374144 _____ (Farbar) C:\Users\XjamathonX\Desktop\FRST64.exe
2016-04-05 23:26 - 2016-04-05 23:54 - 00421106 _____ C:\spyhunter.fix
2016-04-05 23:26 - 2016-04-05 23:26 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-05 23:04 - 2016-04-05 23:04 - 00022400 ____R C:\Windows\SysWOW64\sh4native.exe
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Enigma Software Group
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 _____ C:\autoexec.bat
2016-04-05 22:38 - 2016-04-05 22:38 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-05 22:11 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-05 22:11 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-05 22:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-05 22:10 - 2016-04-07 13:19 - 00000000 ____D C:\Qoobox
2016-04-05 22:10 - 2016-04-05 22:18 - 00000000 ____D C:\Windows\erdnt
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-05 15:59 - 2016-04-05 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-05 15:04 - 2016-04-05 15:03 - 00380928 _____ C:\Users\XjamathonX\Desktop\tomy88gb.exe
2016-03-28 19:11 - 2016-03-28 19:11 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-28 19:11 - 2016-03-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-23 04:25 - 2016-04-07 13:06 - 00003050 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721533
2016-03-23 04:25 - 2016-04-07 12:59 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 12:19 - 2014-12-27 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-11 12:19 - 2014-12-27 19:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 12:19 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 19:00 - 2009-07-14 01:13 - 00809218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 19:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-07 18:54 - 2012-04-03 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:45 - 2014-12-27 19:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 18:45 - 2012-04-03 10:12 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 18:45 - 2012-04-03 10:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 18:45 - 2011-12-09 19:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 14:19 - 2011-12-10 17:38 - 00000000 ____D C:\Users\XjamathonX\AppData\Local\Apps\2.0
2016-04-07 14:07 - 2012-07-12 16:53 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\uTorrent
2016-04-07 13:57 - 2016-03-02 04:42 - 00000000 ____D C:\Users\XjamathonX\AppData\LocalLow\uTorrent
2016-04-07 13:57 - 2015-02-22 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-07 13:56 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-07 13:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-07 13:05 - 2014-12-27 19:45 - 00000000 ____D C:\Program Files\Google
2016-04-07 13:05 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\epson
2016-04-07 13:05 - 2011-12-09 19:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 13:05 - 2009-07-14 00:45 - 04986424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 13:04 - 2012-03-28 23:14 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Yahoo!
2016-04-07 13:00 - 2012-07-12 00:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-07 12:59 - 2014-05-05 17:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-07 12:59 - 2014-01-02 13:27 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-07 12:59 - 2012-03-24 12:14 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-05 23:56 - 2011-12-09 19:20 - 00000000 ____D C:\ProgramData\Google
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\VMware
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\ProgramData\VMware
2016-04-05 23:53 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-04-05 23:52 - 2011-12-09 19:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-05 23:51 - 2013-02-07 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\ProgramData\Citrix
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-05 22:25 - 2012-05-10 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-05 22:04 - 2014-10-16 10:11 - 00000000 ____D C:\Temp
2016-04-05 21:44 - 2015-11-26 22:40 - 00000000 ____D C:\Windows\pss
2016-04-05 14:54 - 2015-09-12 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-05 04:31 - 2011-12-09 17:22 - 00000000 ____D C:\Users\XjamathonX
2016-04-04 14:10 - 2012-06-26 20:36 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\vlc
2016-03-28 19:16 - 2014-03-18 10:54 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Intuit
2016-03-28 19:12 - 2014-03-18 10:54 - 00000774 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-28 19:10 - 2014-03-18 10:53 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\Program Files\AVAST Software
==================== Files in the root of some directories =======
2015-09-05 20:25 - 2015-09-05 20:25 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-06-29 10:32 - 2015-11-16 17:38 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-07 20:50 - 2013-04-07 20:50 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-12-30 18:40 - 2016-03-17 22:09 - 0001456 _____ () C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-22 10:27 - 2014-01-22 10:27 - 0007606 _____ () C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg
2011-12-09 19:55 - 2011-12-09 19:55 - 0000000 _____ () C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E}
2012-03-28 23:12 - 2013-12-26 23:27 - 0006285 _____ () C:\ProgramData\hpzinstall.log
2014-03-18 10:54 - 2016-03-28 19:12 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-29 03:58
==================== End of FRST.txt ============================
Any help with this would be greatly appreciated.. Thanks so much for your time..
Per the initial post here are the FRST.txt and Addition.txt logs...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by XjamathonX (administrator) on BFNERDGASM (11-04-2016 12:23:48)
Running from C:\Users\XjamathonX\Desktop
Loaded Profiles: XjamathonX (Available Profiles: XjamathonX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "kernel32::GetLongPathNameW(w R8, w .R7, I 1024)I .R6" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics.) D:\Samsung Magician\Samsung Magician.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Users\XjamathonX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-07] (AVAST Software)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-07] (AVAST Software)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{32D1360D-2E52-4463-858F-B807B4E5D191}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> DefaultScope {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> {E6F7284B-8EE1-4A43-A4CA-6A5AC402DBF9} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-07] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-07] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1048063312-2773705554-3676865481-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-02-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Program Files (x86)\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Program Files (x86)\Adobe Acrobat\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-28] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\XjamathonX\AppData\Roaming\Mozilla\Firefox\Profiles\rswjl8f6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-05] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCFirefoxExtn [2012-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-07]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-02]
CHR Extension: (Google Drive) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05]
CHR Extension: (YouTube) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgihflhdpokeobcfimliamffejfnmfii [2015-10-02]
CHR Extension: (Google Search) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-02]
CHR Extension: (ARC Welder) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2016-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Avast Online Security) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-05]
CHR Extension: (APK Downloader) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\XjamathonX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR Extension: (__MSG_extName__) - D:\Program Files (x86)\ARC Chrome\Flash Fire Aerial Ops_1.0_1.apk_export_GApkc [2015-10-02]
CHR HKU\S-1-5-21-1048063312-2773705554-3676865481-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files (x86)\Adobe Acrobat\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-07] (AVAST Software)
S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2012-06-13] () [File not signed]
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-07] (AVAST Software)
R1 BIOS; C:\Windows\system32\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R1 BIOS; C:\Windows\SysWOW64\drivers\BIOS64.sys [14136 2009-07-15] (BIOSTAR Group)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-05] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-12-10] () [File not signed]
S3 TIEHDUSB; C:\Windows\System32\DRIVERS\tiehdusb.sys [128512 2012-03-07] (Texas Instruments) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-07] ()
U3 a6o487fi; C:\Windows\System32\Drivers\a6o487fi.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 vmwvusb; System32\Drivers\vmwvusb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 12:23 - 2016-04-11 12:23 - 00023261 _____ C:\Users\XjamathonX\Desktop\FRST.txt
2016-04-07 19:17 - 2016-04-07 19:17 - 00005798 _____ C:\Users\XjamathonX\Documents\cc_20160407_191721.reg
2016-04-07 19:16 - 2016-04-07 19:16 - 00184314 _____ C:\Users\XjamathonX\Documents\cc_20160407_191650.reg
2016-04-07 14:15 - 2016-04-07 19:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-07 14:15 - 2016-04-07 19:05 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-07 14:15 - 2016-04-07 14:15 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-04-07 14:15 - 2016-04-07 14:15 - 00000000 ____D C:\Program Files\RogueKiller
2016-04-07 14:09 - 2016-04-07 14:09 - 01610352 _____ (Malwarebytes) C:\Users\XjamathonX\Desktop\JRT.exe
2016-04-07 13:56 - 2016-04-07 13:55 - 00602112 _____ (OldTimer Tools) C:\Users\XjamathonX\Desktop\OTL.exe
2016-04-07 13:48 - 2016-04-11 12:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-07 13:48 - 2016-04-07 13:48 - 00000613 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-07 13:48 - 2016-04-07 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 13:48 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-07 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-07 13:46 - 2016-04-07 13:47 - 00231744 _____ C:\TDSSKiller.3.1.0.9_07.04.2016_13.46.04_log.txt
2016-04-07 13:43 - 2016-04-07 13:43 - 00000000 ____D C:\KVRT_Data
2016-04-07 13:19 - 2016-04-07 13:19 - 00042131 _____ C:\ComboFix.txt
2016-04-07 13:11 - 2016-04-07 13:11 - 05660031 ____R (Swearware) C:\Users\XjamathonX\Desktop\ComboFix.exe
2016-04-07 13:00 - 2016-04-07 18:57 - 00000000 ____D C:\AdwCleaner
2016-04-07 13:00 - 2016-04-07 13:00 - 03119168 _____ C:\Users\XjamathonX\Desktop\adwcleaner_5.109.exe
2016-04-07 13:00 - 2016-04-07 12:59 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-07 12:59 - 2016-04-07 12:59 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-07 12:55 - 2016-04-11 12:23 - 00000000 ____D C:\FRST
2016-04-07 12:53 - 2016-04-07 12:53 - 02374144 _____ (Farbar) C:\Users\XjamathonX\Desktop\FRST64.exe
2016-04-05 23:26 - 2016-04-05 23:54 - 00421106 _____ C:\spyhunter.fix
2016-04-05 23:26 - 2016-04-05 23:26 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-04-05 23:04 - 2016-04-05 23:04 - 00022400 ____R C:\Windows\SysWOW64\sh4native.exe
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Enigma Software Group
2016-04-05 22:39 - 2016-04-05 22:39 - 00000000 _____ C:\autoexec.bat
2016-04-05 22:38 - 2016-04-05 22:38 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-05 22:11 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-05 22:11 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-05 22:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-05 22:11 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-05 22:10 - 2016-04-07 13:19 - 00000000 ____D C:\Qoobox
2016-04-05 22:10 - 2016-04-05 22:18 - 00000000 ____D C:\Windows\erdnt
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
2016-04-05 22:03 - 2016-04-05 22:03 - 00000000 ____D C:\Program Files (x86)\CleanUp!
2016-04-05 15:59 - 2016-04-05 22:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-05 15:04 - 2016-04-05 15:03 - 00380928 _____ C:\Users\XjamathonX\Desktop\tomy88gb.exe
2016-03-28 19:11 - 2016-03-28 19:11 - 00002531 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-28 19:11 - 2016-03-28 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-23 04:25 - 2016-04-07 13:06 - 00003050 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458721533
2016-03-23 04:25 - 2016-04-07 12:59 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 04:25 - 2016-03-23 04:25 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-11 12:19 - 2014-12-27 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-11 12:19 - 2014-12-27 19:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-11 12:19 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 19:00 - 2009-07-14 01:13 - 00809218 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 19:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-07 18:54 - 2012-04-03 10:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:51 - 2009-07-14 00:45 - 00032096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-07 18:45 - 2014-12-27 19:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-07 18:45 - 2012-04-03 10:12 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 18:45 - 2012-04-03 10:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-07 18:45 - 2011-12-09 19:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 14:19 - 2011-12-10 17:38 - 00000000 ____D C:\Users\XjamathonX\AppData\Local\Apps\2.0
2016-04-07 14:07 - 2012-07-12 16:53 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\uTorrent
2016-04-07 13:57 - 2016-03-02 04:42 - 00000000 ____D C:\Users\XjamathonX\AppData\LocalLow\uTorrent
2016-04-07 13:57 - 2015-02-22 10:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-07 13:56 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2016-04-07 13:17 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-04-07 13:05 - 2014-12-27 19:45 - 00000000 ____D C:\Program Files\Google
2016-04-07 13:05 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\epson
2016-04-07 13:05 - 2011-12-09 19:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-07 13:05 - 2009-07-14 00:45 - 04986424 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-07 13:04 - 2012-03-28 23:14 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Yahoo!
2016-04-07 13:00 - 2012-07-12 00:33 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-07 12:59 - 2014-05-05 17:32 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-07 12:59 - 2014-01-02 13:27 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-04-07 12:59 - 2013-03-17 11:47 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-07 12:59 - 2012-03-24 12:14 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-04-07 12:59 - 2011-12-09 19:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-04-05 23:56 - 2011-12-09 19:20 - 00000000 ____D C:\ProgramData\Google
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\VMware
2016-04-05 23:53 - 2013-08-23 12:07 - 00000000 ____D C:\ProgramData\VMware
2016-04-05 23:53 - 2013-02-07 18:35 - 00000000 ____D C:\Program Files (x86)\EPSON Software
2016-04-05 23:52 - 2011-12-09 19:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-05 23:51 - 2013-02-07 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\ProgramData\Citrix
2016-04-05 23:50 - 2012-01-11 21:31 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-05 22:25 - 2012-05-10 11:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-05 22:04 - 2014-10-16 10:11 - 00000000 ____D C:\Temp
2016-04-05 21:44 - 2015-11-26 22:40 - 00000000 ____D C:\Windows\pss
2016-04-05 14:54 - 2015-09-12 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-05 04:31 - 2011-12-09 17:22 - 00000000 ____D C:\Users\XjamathonX
2016-04-04 14:10 - 2012-06-26 20:36 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\vlc
2016-03-28 19:16 - 2014-03-18 10:54 - 00000000 ____D C:\Users\XjamathonX\AppData\Roaming\Intuit
2016-03-28 19:12 - 2014-03-18 10:54 - 00000774 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-28 19:10 - 2014-03-18 10:53 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 04:25 - 2011-12-09 19:36 - 00000000 ____D C:\Program Files\AVAST Software
==================== Files in the root of some directories =======
2015-09-05 20:25 - 2015-09-05 20:25 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-06-29 10:32 - 2015-11-16 17:38 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-07 20:50 - 2013-04-07 20:50 - 0000132 _____ () C:\Users\XjamathonX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2011-12-30 18:40 - 2016-03-17 22:09 - 0001456 _____ () C:\Users\XjamathonX\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-01-22 10:27 - 2014-01-22 10:27 - 0007606 _____ () C:\Users\XjamathonX\AppData\Local\Resmon.ResmonCfg
2011-12-09 19:55 - 2011-12-09 19:55 - 0000000 _____ () C:\Users\XjamathonX\AppData\Local\{414AF067-011E-4897-B01B-245E88F1279E}
2012-03-28 23:12 - 2013-12-26 23:27 - 0006285 _____ () C:\ProgramData\hpzinstall.log
2014-03-18 10:54 - 2016-03-28 19:12 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-29 03:58
==================== End of FRST.txt ============================