Hello,
A young friend of mine bought a second hand pc recently, it is the first pc he has owned and I gave him some advice concerning safe browsing etc but he still managed to infect his system. I was going to try and fix it myself but think it is probably best to get in contact with someone who has real technical knowledge of these things.
If anyone could help it would be greatly appreciated.
Thank you
______________________________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by user (administrator) on BRONS-PC (31-10-2015 18:54:13)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall\raidcall.exe [4152984 2015-02-11] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-15] (Valve Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: {da62a3c4-221f-11e5-9bdb-806e6f6e6963} - D:\CheckID.exe
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: {e6a4bfad-4701-11e5-9c15-e0cb4e39b4b5} - F:\setup.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6E7D7906-54DD-4042-81E5-EB8C7F91EC4A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{877E3145-3A44-4E16-A4A4-55D41ECA2F86}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Tcpip\..\Interfaces\{8C930C13-1218-40D7-8434-D3180DE42253}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BF25D6A9-356C-497B-82E5-863C2AE3D553}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\op8egejq.default-1446260642654
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{FD421367-C0A6-4A61-80D4-76B142C3E014}] - C:\Program Files\firstOffer170920151513\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FD421367-C0A6-4A61-80D4-76B142C3E014}] - C:\Program Files\firstOffer170920151513\Firefox => not found
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-11]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-20]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-03] (NVIDIA Corporation)
R4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 bb9b3463; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelayBoost\RelayBoost.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [3409112 2014-07-30] (Realtek Semiconductor Corporation )
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132712 2014-07-22] (Yamaha Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 18:51 - 2015-10-31 18:51 - 00039150 _____ C:\Users\user\Downloads\Addition.txt
2015-10-31 18:50 - 2015-10-31 18:54 - 00015386 _____ C:\Users\user\Downloads\FRST.txt
2015-10-31 18:50 - 2015-10-31 18:54 - 00000000 ____D C:\FRST
2015-10-31 18:49 - 2015-10-31 18:49 - 02198016 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-10-31 18:41 - 2015-10-31 18:41 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-31 18:37 - 2015-10-31 18:41 - 24925400 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2015-10-31 18:31 - 2015-10-31 18:31 - 00194048 _____ (Microsoft Corporation) C:\Users\user\Downloads\TrustedInstaller.exe
2015-10-31 18:28 - 2015-10-31 18:28 - 00003176 _____ C:\Windows\System32\Tasks\{A8EA9BD8-0656-4434-BDB3-191E1EB378C5}
2015-10-31 18:21 - 2015-10-31 18:42 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-31 18:21 - 2015-10-31 18:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-31 18:19 - 2015-10-31 18:21 - 18965064 _____ C:\Users\user\Downloads\RogueKiller.exe
2015-10-31 18:16 - 2015-10-31 18:16 - 00852720 _____ C:\Users\user\Downloads\SecurityCheck.exe
2015-10-31 15:10 - 2015-10-31 15:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2015-10-31 15:04 - 2015-10-31 15:04 - 00000000 ____D C:\Users\user\Downloads\backups
2015-10-31 15:02 - 2015-10-31 18:08 - 00000816 _____ C:\Users\user\Documents\hosts.txt
2015-10-31 15:02 - 2015-10-31 15:02 - 00008485 _____ C:\Users\user\Downloads\hijackthis.log
2015-10-31 15:00 - 2015-10-31 15:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2015-10-31 14:59 - 2015-10-31 14:59 - 06792566 _____ C:\Users\user\Documents\USER-PC.arn
2015-10-31 14:45 - 2015-10-31 14:45 - 00606643 _____ C:\Users\user\Downloads\Autoruns.zip
2015-10-31 14:04 - 2015-10-31 14:04 - 00000000 ____D C:\Users\user\Desktop\Old Firefox Data
2015-10-31 13:14 - 2015-10-31 13:14 - 00000621 _____ C:\Users\user\Desktop\windowsk.vbs
2015-10-31 12:37 - 2015-10-31 12:38 - 01694208 _____ C:\Users\user\Downloads\adwcleaner_5.015.exe
2015-10-30 21:46 - 2015-10-30 21:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-30 21:46 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-10-30 21:45 - 2015-10-30 21:46 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\user\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2015-10-30 19:55 - 2015-10-30 19:55 - 00000015 _____ C:\Users\user\Desktop\WIFI.txt
2015-10-25 11:56 - 2015-10-25 12:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2015-10-25 11:56 - 2015-10-25 12:02 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-10-25 11:56 - 2015-10-25 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-10-25 11:49 - 2015-10-25 11:54 - 10328598 _____ (Nullsoft, Inc.) C:\Users\user\Downloads\winamp5666_full_en-us_redux.exe
2015-10-24 13:13 - 2015-10-24 13:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-24 13:13 - 2015-10-24 13:13 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-10-24 13:12 - 2015-10-24 13:12 - 14243008 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe
2015-10-24 12:37 - 2015-10-31 12:41 - 00000000 ____D C:\AdwCleaner
2015-10-24 12:34 - 2015-10-03 13:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-24 12:33 - 2015-10-03 16:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 17395512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 12769408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-24 12:33 - 2015-10-03 16:06 - 03154104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-10-24 12:31 - 2015-10-24 12:31 - 00000000 ____D C:\NVIDIA
2015-10-24 12:13 - 2015-10-24 12:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-24 12:11 - 2015-10-24 12:11 - 00584288 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u65.exe
2015-10-24 12:11 - 2015-10-24 12:11 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files (x86)\Yamaha
2015-10-24 00:04 - 2015-10-24 00:04 - 00002090 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Program Files (x86)\Belkin
2015-10-19 00:37 - 2015-10-24 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-17 20:25 - 2015-10-31 16:02 - 00007601 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-10-17 20:25 - 2015-10-17 20:25 - 00000222 _____ C:\Users\user\Desktop\Warhammer End Times - Vermintide.url
2015-10-14 16:13 - 2015-10-14 16:13 - 00000222 _____ C:\Users\user\Desktop\Rogue Legacy.url
2015-10-14 15:55 - 2015-10-14 15:55 - 00000000 ____D C:\Users\user\AppData\Local\CrashRpt
2015-10-14 15:52 - 2015-10-14 15:52 - 00000222 _____ C:\Users\user\Desktop\Duke Nukem 3D Megaton Edition.url
2015-10-06 20:57 - 2015-10-06 20:57 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-10-06 20:35 - 2015-10-06 20:35 - 00000085 _____ C:\Windows\wininit.ini
2015-10-04 17:17 - 2015-10-04 17:17 - 00000000 ____D C:\Users\user\Documents\Paradox Interactive
2015-10-04 17:11 - 2015-10-04 17:12 - 00000222 _____ C:\Users\user\Desktop\Crusader Kings II Demo.url
2015-10-03 18:17 - 2015-10-03 18:17 - 00000222 _____ C:\Users\user\Desktop\Stranded Deep.url
2015-10-03 17:02 - 2015-10-17 20:28 - 00000291 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-10-03 17:02 - 2015-10-17 20:28 - 00000000 ____D C:\Users\user\AppData\Roaming\fatshark
2015-10-03 15:13 - 2015-10-17 20:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-03 15:13 - 2015-10-03 15:13 - 00000222 _____ C:\Users\user\Desktop\Warhammer End Times - Vermintide Public Test.url
2015-10-02 04:47 - 2015-10-02 04:47 - 00001729 _____ C:\Users\Public\Desktop\Lords of the Realm II.lnk
2015-10-02 04:47 - 2015-10-02 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 18:52 - 2015-07-20 22:01 - 00001332 _____ C:\Windows\Tasks\JVUEG.job
2015-10-31 18:20 - 2015-07-05 13:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-31 18:10 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-31 18:08 - 2015-07-04 18:42 - 01341931 _____ C:\Windows\WindowsUpdate.log
2015-10-31 18:01 - 2015-08-20 23:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-31 17:35 - 2009-07-14 16:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-31 17:35 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 17:35 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 17:29 - 2009-07-14 15:51 - 00082415 _____ C:\Windows\setupact.log
2015-10-31 17:28 - 2015-07-20 22:15 - 00001014 _____ C:\Windows\Tasks\pUSyaULwPKZJbwjf7eI2Jlr.job
2015-10-31 17:28 - 2015-07-20 22:05 - 00000334 _____ C:\Windows\Tasks\SeriesWatcher.job
2015-10-31 17:28 - 2015-07-05 14:15 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-10-31 17:28 - 2015-07-04 18:58 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-31 17:28 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 15:01 - 2015-07-04 18:45 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2015-10-31 14:54 - 2015-09-19 23:14 - 00003458 _____ C:\Windows\System32\Tasks\PROPCCleaner_Popup
2015-10-31 14:54 - 2015-09-19 23:14 - 00003194 _____ C:\Windows\System32\Tasks\PROPCCleaner_Start
2015-10-31 14:52 - 2015-07-20 22:15 - 00004048 _____ C:\Windows\System32\Tasks\pUSyaULwPKZJbwjf7eI2Jlr
2015-10-31 14:52 - 2015-07-20 22:05 - 00003256 _____ C:\Windows\System32\Tasks\SeriesWatcher
2015-10-31 13:59 - 2015-07-04 18:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-30 21:48 - 2015-07-04 18:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-27 12:18 - 2009-07-14 16:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-24 12:35 - 2015-07-08 20:24 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-24 12:34 - 2015-07-04 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-24 12:34 - 2015-07-04 18:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-24 12:02 - 2015-07-04 18:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-24 12:01 - 2015-07-08 19:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-24 11:44 - 2015-07-08 20:24 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2015-10-24 01:26 - 2015-07-04 18:48 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2015-10-24 01:25 - 2015-09-19 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-24 01:25 - 2010-11-21 14:47 - 00622022 _____ C:\Windows\PFRO.log
2015-10-24 01:17 - 2015-08-14 23:06 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-10-24 00:04 - 2015-09-19 23:14 - 00000965 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-24 00:04 - 2015-09-19 23:14 - 00000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-24 00:04 - 2015-07-20 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-24 00:03 - 2015-08-19 22:53 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-15 12:50 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-15 12:25 - 2015-08-18 21:04 - 00022528 ___SH C:\Users\user\Thumbs.db
2015-10-06 20:36 - 2015-07-20 23:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-06 20:35 - 2015-07-20 23:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-06 20:32 - 2015-09-20 02:18 - 00016478 _____ C:\Windows\SysWOW64\mlogger.log
2015-10-06 02:29 - 2015-09-19 23:14 - 00000000 ____D C:\Users\user\AppData\Roaming\updates
2015-10-04 00:52 - 2015-07-05 21:04 - 00000000 ____D C:\Users\user\AppData\Roaming\LolClient
2015-10-03 17:00 - 2015-07-09 08:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-03 16:06 - 2015-07-08 19:46 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-10-03 16:06 - 2015-07-08 19:42 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-03 16:06 - 2015-07-08 19:42 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-10-03 16:06 - 2015-07-08 19:33 - 00033507 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 16:06 - 2015-07-04 18:52 - 03573832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-10-03 13:49 - 2015-07-04 18:58 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 02982520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 13:49 - 2010-07-31 09:52 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-02 04:47 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-01 20:33 - 2015-07-05 14:06 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2015-08-14 23:06 - 2015-10-24 01:17 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-01-26 03:12 - 2015-01-26 03:12 - 0001248 _____ () C:\Users\user\AppData\Roaming\JVUEG
2015-04-19 23:20 - 2015-04-19 23:20 - 0005872 _____ () C:\Users\user\AppData\Roaming\pUSyaULwPKZJbwjf7eI2Jlr
2015-10-17 20:25 - 2015-10-31 16:02 - 0007601 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-07-20 21:53 - 2015-07-20 22:07 - 0089365 _____ () C:\ProgramData\JdLV07SR.dat
2015-10-03 17:02 - 2015-10-17 20:28 - 0000291 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\ProgramData\JdLV07SR.dat
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\user\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\user\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\user\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\user\AppData\Local\Temp\HitmanPro.exe
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\user\AppData\Local\Temp\patchw32.dll
C:\Users\user\AppData\Local\Temp\scp7EFF.tmp.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\SpOrder.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\_is778F.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-31 00:49
==================== End of FRST.txt ============================
A young friend of mine bought a second hand pc recently, it is the first pc he has owned and I gave him some advice concerning safe browsing etc but he still managed to infect his system. I was going to try and fix it myself but think it is probably best to get in contact with someone who has real technical knowledge of these things.
If anyone could help it would be greatly appreciated.
Thank you
______________________________________________________________________________________
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by user (administrator) on BRONS-PC (31-10-2015 18:54:13)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-10-03] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall\raidcall.exe [4152984 2015-02-11] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-15] (Valve Corporation)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: {da62a3c4-221f-11e5-9bdb-806e6f6e6963} - D:\CheckID.exe
HKU\S-1-5-21-2055689581-48535413-3719112780-1000\...\MountPoints2: {e6a4bfad-4701-11e5-9c15-e0cb4e39b4b5} - F:\setup.exe
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6E7D7906-54DD-4042-81E5-EB8C7F91EC4A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{877E3145-3A44-4E16-A4A4-55D41ECA2F86}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Tcpip\..\Interfaces\{8C930C13-1218-40D7-8434-D3180DE42253}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BF25D6A9-356C-497B-82E5-863C2AE3D553}: [DhcpNameServer] 208.67.220.222 208.67.220.220 198.142.235.14
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-24] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\op8egejq.default-1446260642654
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-19] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-19] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-04] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-03] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\user\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{FD421367-C0A6-4A61-80D4-76B142C3E014}] - C:\Program Files\firstOffer170920151513\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{FD421367-C0A6-4A61-80D4-76B142C3E014}] - C:\Program Files\firstOffer170920151513\Firefox => not found
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-20]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-08-11]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-20]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-19]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-19]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-19]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-19]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-10-03] (NVIDIA Corporation)
R4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2015-09-02] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-10-03] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-10-03] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-08-01] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-09-13] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 bb9b3463; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\RelayBoost\RelayBoost.dll",serv
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-08-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-10-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\DRTWlanU.sys [3409112 2014-07-30] (Realtek Semiconductor Corporation )
R3 ysusb64; C:\Windows\System32\drivers\ysusb64.sys [132712 2014-07-22] (Yamaha Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 18:51 - 2015-10-31 18:51 - 00039150 _____ C:\Users\user\Downloads\Addition.txt
2015-10-31 18:50 - 2015-10-31 18:54 - 00015386 _____ C:\Users\user\Downloads\FRST.txt
2015-10-31 18:50 - 2015-10-31 18:54 - 00000000 ____D C:\FRST
2015-10-31 18:49 - 2015-10-31 18:49 - 02198016 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2015-10-31 18:41 - 2015-10-31 18:41 - 00000848 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-10-31 18:41 - 2015-10-31 18:41 - 00000000 ____D C:\Program Files\RogueKiller
2015-10-31 18:37 - 2015-10-31 18:41 - 24925400 _____ (Adlice Software ) C:\Users\user\Downloads\setup.exe
2015-10-31 18:31 - 2015-10-31 18:31 - 00194048 _____ (Microsoft Corporation) C:\Users\user\Downloads\TrustedInstaller.exe
2015-10-31 18:28 - 2015-10-31 18:28 - 00003176 _____ C:\Windows\System32\Tasks\{A8EA9BD8-0656-4434-BDB3-191E1EB378C5}
2015-10-31 18:21 - 2015-10-31 18:42 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-31 18:21 - 2015-10-31 18:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-31 18:19 - 2015-10-31 18:21 - 18965064 _____ C:\Users\user\Downloads\RogueKiller.exe
2015-10-31 18:16 - 2015-10-31 18:16 - 00852720 _____ C:\Users\user\Downloads\SecurityCheck.exe
2015-10-31 15:10 - 2015-10-31 15:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\user\Downloads\tdsskiller.exe
2015-10-31 15:04 - 2015-10-31 15:04 - 00000000 ____D C:\Users\user\Downloads\backups
2015-10-31 15:02 - 2015-10-31 18:08 - 00000816 _____ C:\Users\user\Documents\hosts.txt
2015-10-31 15:02 - 2015-10-31 15:02 - 00008485 _____ C:\Users\user\Downloads\hijackthis.log
2015-10-31 15:00 - 2015-10-31 15:00 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2015-10-31 14:59 - 2015-10-31 14:59 - 06792566 _____ C:\Users\user\Documents\USER-PC.arn
2015-10-31 14:45 - 2015-10-31 14:45 - 00606643 _____ C:\Users\user\Downloads\Autoruns.zip
2015-10-31 14:04 - 2015-10-31 14:04 - 00000000 ____D C:\Users\user\Desktop\Old Firefox Data
2015-10-31 13:14 - 2015-10-31 13:14 - 00000621 _____ C:\Users\user\Desktop\windowsk.vbs
2015-10-31 12:37 - 2015-10-31 12:38 - 01694208 _____ C:\Users\user\Downloads\adwcleaner_5.015.exe
2015-10-30 21:46 - 2015-10-30 21:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-10-30 21:46 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-10-30 21:45 - 2015-10-30 21:46 - 131494359 _____ (Realtek Semiconductor Corp.) C:\Users\user\Downloads\0006-64bit_Win7_Win8_Win81_Win10_R279.exe
2015-10-30 19:55 - 2015-10-30 19:55 - 00000015 _____ C:\Users\user\Desktop\WIFI.txt
2015-10-25 11:56 - 2015-10-25 12:41 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2015-10-25 11:56 - 2015-10-25 12:02 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-10-25 11:56 - 2015-10-25 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-10-25 11:49 - 2015-10-25 11:54 - 10328598 _____ (Nullsoft, Inc.) C:\Users\user\Downloads\winamp5666_full_en-us_redux.exe
2015-10-24 13:13 - 2015-10-24 13:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-24 13:13 - 2015-10-24 13:13 - 00001945 _____ C:\Windows\epplauncher.mif
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-10-24 13:13 - 2015-10-24 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-10-24 13:12 - 2015-10-24 13:12 - 14243008 _____ (Microsoft Corporation) C:\Users\user\Downloads\mseinstall.exe
2015-10-24 12:37 - 2015-10-31 12:41 - 00000000 ____D C:\AdwCleaner
2015-10-24 12:34 - 2015-10-03 13:18 - 00102520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-10-24 12:33 - 2015-10-03 16:06 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 22306936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 18359928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 17395512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 16541040 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 15716648 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 14832968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 13518496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 12769408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 12032200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 11114616 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-10-24 12:33 - 2015-10-03 16:06 - 03154104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 02869880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 02489976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01905456 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00877176 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00689456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00512720 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00414000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00177416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00155976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-10-24 12:33 - 2015-10-03 16:06 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-10-24 12:31 - 2015-10-24 12:31 - 00000000 ____D C:\NVIDIA
2015-10-24 12:13 - 2015-10-24 12:13 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\AppData\LocalLow\Sun
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\ProgramData\Oracle
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-24 12:13 - 2015-10-24 12:13 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-24 12:11 - 2015-10-24 12:11 - 00584288 _____ (Oracle Corporation) C:\Users\user\Downloads\chromeinstall-8u65.exe
2015-10-24 12:11 - 2015-10-24 12:11 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2015-10-24 01:27 - 2015-10-24 01:27 - 00000000 ____D C:\Program Files (x86)\Yamaha
2015-10-24 00:04 - 2015-10-24 00:04 - 00002090 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Windows\{26F3D17D-4FF9-46D5-9255-A1F9FF6BD7E4}
2015-10-23 23:53 - 2015-10-23 23:53 - 00000000 ____D C:\Program Files (x86)\Belkin
2015-10-19 00:37 - 2015-10-24 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-17 20:25 - 2015-10-31 16:02 - 00007601 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-10-17 20:25 - 2015-10-17 20:25 - 00000222 _____ C:\Users\user\Desktop\Warhammer End Times - Vermintide.url
2015-10-14 16:13 - 2015-10-14 16:13 - 00000222 _____ C:\Users\user\Desktop\Rogue Legacy.url
2015-10-14 15:55 - 2015-10-14 15:55 - 00000000 ____D C:\Users\user\AppData\Local\CrashRpt
2015-10-14 15:52 - 2015-10-14 15:52 - 00000222 _____ C:\Users\user\Desktop\Duke Nukem 3D Megaton Edition.url
2015-10-06 20:57 - 2015-10-06 20:57 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-10-06 20:35 - 2015-10-06 20:35 - 00000085 _____ C:\Windows\wininit.ini
2015-10-04 17:17 - 2015-10-04 17:17 - 00000000 ____D C:\Users\user\Documents\Paradox Interactive
2015-10-04 17:11 - 2015-10-04 17:12 - 00000222 _____ C:\Users\user\Desktop\Crusader Kings II Demo.url
2015-10-03 18:17 - 2015-10-03 18:17 - 00000222 _____ C:\Users\user\Desktop\Stranded Deep.url
2015-10-03 17:02 - 2015-10-17 20:28 - 00000291 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-10-03 17:02 - 2015-10-17 20:28 - 00000000 ____D C:\Users\user\AppData\Roaming\fatshark
2015-10-03 15:13 - 2015-10-17 20:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-03 15:13 - 2015-10-03 15:13 - 00000222 _____ C:\Users\user\Desktop\Warhammer End Times - Vermintide Public Test.url
2015-10-02 04:47 - 2015-10-02 04:47 - 00001729 _____ C:\Users\Public\Desktop\Lords of the Realm II.lnk
2015-10-02 04:47 - 2015-10-02 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-31 18:52 - 2015-07-20 22:01 - 00001332 _____ C:\Windows\Tasks\JVUEG.job
2015-10-31 18:20 - 2015-07-05 13:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-31 18:10 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-31 18:08 - 2015-07-04 18:42 - 01341931 _____ C:\Windows\WindowsUpdate.log
2015-10-31 18:01 - 2015-08-20 23:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-31 17:35 - 2009-07-14 16:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-31 17:35 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-31 17:35 - 2009-07-14 15:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-31 17:29 - 2009-07-14 15:51 - 00082415 _____ C:\Windows\setupact.log
2015-10-31 17:28 - 2015-07-20 22:15 - 00001014 _____ C:\Windows\Tasks\pUSyaULwPKZJbwjf7eI2Jlr.job
2015-10-31 17:28 - 2015-07-20 22:05 - 00000334 _____ C:\Windows\Tasks\SeriesWatcher.job
2015-10-31 17:28 - 2015-07-05 14:15 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-10-31 17:28 - 2015-07-04 18:58 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-31 17:28 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-31 15:01 - 2015-07-04 18:45 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2015-10-31 14:54 - 2015-09-19 23:14 - 00003458 _____ C:\Windows\System32\Tasks\PROPCCleaner_Popup
2015-10-31 14:54 - 2015-09-19 23:14 - 00003194 _____ C:\Windows\System32\Tasks\PROPCCleaner_Start
2015-10-31 14:52 - 2015-07-20 22:15 - 00004048 _____ C:\Windows\System32\Tasks\pUSyaULwPKZJbwjf7eI2Jlr
2015-10-31 14:52 - 2015-07-20 22:05 - 00003256 _____ C:\Windows\System32\Tasks\SeriesWatcher
2015-10-31 13:59 - 2015-07-04 18:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-30 21:48 - 2015-07-04 18:48 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-27 12:18 - 2009-07-14 16:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-24 12:35 - 2015-07-08 20:24 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-10-24 12:34 - 2015-07-04 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-10-24 12:34 - 2015-07-04 18:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-24 12:02 - 2015-07-04 18:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-24 12:01 - 2015-07-08 19:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-24 11:44 - 2015-07-08 20:24 - 00000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2015-10-24 01:26 - 2015-07-04 18:48 - 00000000 ____D C:\Users\user\AppData\Local\Downloaded Installations
2015-10-24 01:25 - 2015-09-19 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-24 01:25 - 2010-11-21 14:47 - 00622022 _____ C:\Windows\PFRO.log
2015-10-24 01:17 - 2015-08-14 23:06 - 00000024 _____ C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-10-24 00:04 - 2015-09-19 23:14 - 00000965 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-10-24 00:04 - 2015-09-19 23:14 - 00000965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-24 00:04 - 2015-07-20 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-24 00:03 - 2015-08-19 22:53 - 00000000 ____D C:\Windows\system32\appmgmt
2015-10-15 12:50 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-15 12:25 - 2015-08-18 21:04 - 00022528 ___SH C:\Users\user\Thumbs.db
2015-10-06 20:36 - 2015-07-20 23:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-06 20:35 - 2015-07-20 23:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-06 20:32 - 2015-09-20 02:18 - 00016478 _____ C:\Windows\SysWOW64\mlogger.log
2015-10-06 02:29 - 2015-09-19 23:14 - 00000000 ____D C:\Users\user\AppData\Roaming\updates
2015-10-04 00:52 - 2015-07-05 21:04 - 00000000 ____D C:\Users\user\AppData\Roaming\LolClient
2015-10-03 17:00 - 2015-07-09 08:03 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-03 16:06 - 2015-07-08 19:46 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01423120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-10-03 16:06 - 2015-07-08 19:46 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-10-03 16:06 - 2015-07-08 19:42 - 15002304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-10-03 16:06 - 2015-07-08 19:42 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-10-03 16:06 - 2015-07-08 19:33 - 00033507 _____ C:\Windows\system32\nvinfo.pb
2015-10-03 16:06 - 2015-07-04 18:52 - 03573832 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-10-03 13:49 - 2015-07-04 18:58 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 02982520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-10-03 13:49 - 2010-07-31 09:52 - 00938800 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-10-03 13:49 - 2010-07-31 09:52 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-10-02 04:47 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-01 20:33 - 2015-07-05 14:06 - 05284082 _____ C:\Windows\system32\nvcoproc.bin
==================== Files in the root of some directories =======
2015-08-14 23:06 - 2015-10-24 01:17 - 0000024 _____ () C:\Users\user\AppData\Roaming\appdataFr25.bin
2015-01-26 03:12 - 2015-01-26 03:12 - 0001248 _____ () C:\Users\user\AppData\Roaming\JVUEG
2015-04-19 23:20 - 2015-04-19 23:20 - 0005872 _____ () C:\Users\user\AppData\Roaming\pUSyaULwPKZJbwjf7eI2Jlr
2015-10-17 20:25 - 2015-10-31 16:02 - 0007601 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2015-07-20 21:53 - 2015-07-20 22:07 - 0089365 _____ () C:\ProgramData\JdLV07SR.dat
2015-10-03 17:02 - 2015-10-17 20:28 - 0000291 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\ProgramData\JdLV07SR.dat
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dllnt_dump.dll
C:\Users\user\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\user\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\user\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\user\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\user\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\user\AppData\Local\Temp\HitmanPro.exe
C:\Users\user\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\user\AppData\Local\Temp\nvStInst.exe
C:\Users\user\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\user\AppData\Local\Temp\patchw32.dll
C:\Users\user\AppData\Local\Temp\scp7EFF.tmp.exe
C:\Users\user\AppData\Local\Temp\sonarinst.exe
C:\Users\user\AppData\Local\Temp\SpOrder.dll
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\Uninstall.exe
C:\Users\user\AppData\Local\Temp\_is778F.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-31 00:49
==================== End of FRST.txt ============================