1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack on browser and other systems

Discussion in 'Virus & Other Malware Removal' started by AngryDutchman, Mar 3, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    Hi,

    I'm having issues after clicking on a file I shouldn't have clicked on. It immediately changed some of the default programs for some video files and gave me errors when trying to open them saying that the files are not compatable.

    Also, the task manager refuses to open. When it does, it closes immediately again.

    I tried opening Windows in safe mode, but it give me an error saying that 'cvxsync.exe' has stopped working. It then just gives me a blank screen in safe mode.

    Bit annoying, but am willing to put in some work to sort it out.

    Running Windows 7 SP1 (64)

    Thanks in advance!
     
  2. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    We'll put this one on ice for the moment.
     
  3. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    I had to freeze this thread for a bit as I went away for the weekend. It's now reopened.

    I had downloaded Malwarebytes and Hijack This in anticipation of of the scans I'd have to do, but it won't even install those programs. So, I can't do anything with my computer at the moment...

    Any help would be muchly appreciated!
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    See if you can run the following:

    Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

    There are three buttons to choose from with different names on, select the first one and save it to your desktop.

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7/8, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.

    Next,

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Thank you,

    Kevin.....
     
  5. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    Hi Kevin,

    Thanks for helping out. I've pasted the logs below and attached the "Addition.txt" file:

    ***rkill***

    Rkill 2.7.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/09/2015 09:27:12 PM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:


    ***FRST.txt***

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
    Ran by Nguyen (administrator) on NGUYEN-PC on 09-03-2015 21:30:28
    Running from C:\Users\Nguyen\Desktop
    Loaded Profiles: Nguyen (Available profiles: Nguyen)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\ProgramData\nvxasync\cvxasync.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\System32\PnkBstrA.exe
    () C:\Windows\runSW.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
    (Realtek) C:\Windows\SwUSB.exe
    () C:\ProgramData\TVersity\Media Server\MediaServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    () C:\Program Files (x86)\D-Link\DWA-182\WlanWpsSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    () C:\Users\Nguyen\AppData\Roaming\nvxasync\nvxasync.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    () C:\Users\Nguyen\AppData\Roaming\nvxasync\nvxasync.exe
    (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-182\wirelesscm.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro SafeSync\hrfscore.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    (Seagate LLC) C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
    HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
    HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-05-01] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [SmartViewAgent] => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
    HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-07-07] (Creative Technology Ltd)
    HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
    HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
    HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-30] (Samsung Electronics Co., Ltd.)
    HKLM-x32\...\Run: [FreeAgentTheaterTrayIcon] => C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe [176128 2011-06-07] (Seagate LLC)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
    HKLM-x32\...\Run: [fst_au_54] => [X]
    HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
    HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [ASRockXTU] => [X]
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [zASRockInstantBoot] => [X]
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [Steam] => D:\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-30] ()
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Run: [nvxasync] => C:\Users\Nguyen\AppData\Roaming\nvxasync\nvxasync.exe [142678528 2015-03-03] ()
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\MountPoints2: {5fb254e0-7279-11e2-9ee0-002522cdc344} - F:\DTVP_Launcher.exe
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\MountPoints2: {849001f4-4976-11e1-9f76-002522cdc344} - G:\unlock.exe autoplay=true
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\MountPoints2: {8cb45867-80c8-11e2-81fa-806e6f6e6963} - G:\DTVP_Launcher.exe
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\MountPoints2: {a6fd839f-4cc2-11e1-bb24-002522cdc344} - F:\unlock.exe autoplay=true
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142678528 2015-03-03] () <==== ATTENTION
    HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
    AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL => C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll [187488 2011-06-09] (Lucidlogix Inc.)
    AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-06] (NVIDIA Corporation)
    AppInit_DLLs-x32: c:\progra~1\lucidl~1\virtu\x86\appini~1.dll => c:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll [157792 2011-06-09] (Lucidlogix Inc.)
    AppInit_DLLs-x32: c:\progra~2\softqu~1\sprote~1.dll => c:\Program Files (x86)\SoftQuick\sprotector.dll [425984 2012-10-12] ()
    AppInit_DLLs-x32: ,c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164752 2015-02-06] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
    ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
    ShortcutTarget: Trend Micro SafeSync.lnk -> C:\Program Files\Trend Micro SafeSync\HrfsClient.exe (Trend Micro Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-182\wirelesscm.exe (D-Link Corp.)
    ShellIconOverlayIdentifiers: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoReadonly] -> {7479C9AF-DA81-4944-92E5-23E49390BB2C} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoPaired] -> {A203F945-39E9-4286-AFA2-F3ADFCD5FAAA} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoPriority] -> {6F1BB626-1107-4b82-B322-54C5E64461B8} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoProblem] -> {7479C9AF-DA81-4944-92E5-23E49390BB2B} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoSynced] -> {7479C9AF-DA81-4944-92E5-23E49390BB2A} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoSyncing] -> {7479C9AF-DA81-4944-92E5-23E49390BB29} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    ShellIconOverlayIdentifiers-x32: [00HumyoUnavailable] -> {66669544-5639-4922-99C8-CE7A86651364} => C:\Program Files\Trend Micro SafeSync\HrfsShellExtension32.dll (Trend Micro Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
    HKU\S-1-5-21-2197768304-176113283-626598917-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
    URLSearchHook: HKU\S-1-5-21-2197768304-176113283-626598917-1000 - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
    URLSearchHook: HKU\S-1-5-21-2197768304-176113283-626598917-1000 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.resulthunters.info/?unqvl=21&l=1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> {3C29E3AB-5716-433b-95D2-5293DEAE4447} URL = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&q=&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> {71F630AE-04BA-42a4-9212-B8F1E12B0FCC} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partner-pub-0900663996874144:6813731868&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-2197768304-176113283-626598917-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.resulthunters.info/?unqvl=21&l=1&q={searchTerms}
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll [2011-01-21] (Splashtop Inc.)
    BHO-x32: continuetosave -> {53EC1DBF-F50F-0594-42FD-2C23320E1DF5} -> C:\ProgramData\continuetosave\50dff54e76252.dll [2012-12-30] ()
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-08] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: continuetosave -> {AFFA0730-F7F4-B651-EDDA-6E6941C50C46} -> C:\ProgramData\continuetosave\50dff5fd5b915.dll [2012-12-30] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-08] (Oracle Corporation)
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\wje34ng7.default
    FF DefaultSearchEngine: SurfVox
    FF SelectedSearchEngine: SurfVox
    FF Homepage: hxxp://www.surfvox.com
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-10] ()
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-06] (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=1.96.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-09-08] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-08] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-08] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-10-06] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-20] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-20] (Google Inc.)
    FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\wje34ng7.default\user.js [2015-03-03]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-12-02] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-07-12] (Nullsoft, Inc.)
    FF SearchPlugin: C:\Users\Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\wje34ng7.default\searchplugins\starter.xml [2015-03-03]
    FF SearchPlugin: C:\Users\Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\wje34ng7.default\searchplugins\WebSearch.xml [2013-06-13]

    Chrome:
    =======
    CHR Profile: C:\Users\Nguyen\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (continuetosave) - C:\Users\Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhlgmcnfjmombgglihallpndjdllipog [2013-01-10]
    CHR Extension: (NewSaVVeer) - C:\Users\Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhidblajhnfcfnpdpgfeadjimcdhjpkm [2014-03-01]
    CHR Extension: (No Name) - C:\Users\Nguyen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-05-13]
    CHR HKU\S-1-5-21-2197768304-176113283-626598917-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Nguyen\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-18]
    CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [npmeagjloldclfcppdbpmimemaceibmi] - C:\ProgramData\continuetosave\npmeagjloldclfcppdbpmimemaceibmi.crx [2012-12-30]
    CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Nguyen\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-04-18]
    CHR HKLM-x32\...\Chrome\Extension: [pbgdhkkdoginlnccfkhbiibhiejhacof] - C:\ProgramData\continuetosave\pbgdhkkdoginlnccfkhbiibhiejhacof.crx [2012-12-30]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-01-30] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-10-04] (Creative Labs) [File not signed]
    S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2011-10-04] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
    R2 FreeAgentTheater Service; C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [155648 2011-06-07] (Seagate Technology LLC) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-05-01] (NVIDIA Corporation)
    R3 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7974688 2013-12-20] (Trend Micro Inc.)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-05] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-21] ()
    R2 RunSwUSB; C:\Windows\runSW.exe [36864 2012-12-14] () [File not signed]
    R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2011-10-04] (Creative Labs) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-30] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-182\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
    S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
    R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-11-30] ()
    S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-10-05] (FNet Co., Ltd.)
    R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-10-04] (FNet Co., Ltd.)
    S3 hrfsmrx; C:\Windows\System32\Drivers\hrfsmrx.sys [186128 2011-09-27] (Trend Micro Inc.)
    R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-11-30] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-05-01] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
    R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2350152 2013-05-07] (Realtek Semiconductor Corporation )
    R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-04-24] (StdLib)
    S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 21:30 - 2015-03-09 21:32 - 00031163 _____ () C:\Users\Nguyen\Desktop\FRST.txt
    2015-03-09 21:29 - 2015-03-09 21:30 - 00000000 ____D () C:\FRST
    2015-03-09 21:29 - 2015-03-09 21:29 - 02095104 _____ (Farbar) C:\Users\Nguyen\Desktop\FRST64.exe
    2015-03-09 21:27 - 2015-03-09 21:27 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Nguyen\Desktop\rkill64.exe
    2015-03-09 21:27 - 2015-03-09 21:27 - 00000940 _____ () C:\Users\Nguyen\Desktop\Rkill.txt
    2015-03-09 21:25 - 2015-03-09 21:25 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Nguyen\Desktop\rkill.exe
    2015-03-09 20:17 - 2015-03-09 20:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nguyen\Downloads\HijackThis.exe
    2015-03-09 20:13 - 2015-03-09 20:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nguyen\Downloads\mbam-setup-2.0.4.1028.exe
    2015-03-03 22:37 - 2015-03-03 22:37 - 00000000 _RSHD () C:\ProgramData\nvxasync
    2015-03-03 22:36 - 2015-03-03 22:37 - 00000000 _RSHD () C:\Users\Nguyen\AppData\Roaming\nvxasync
    2015-03-03 22:36 - 2015-03-03 22:36 - 00000000 ____D () C:\Users\Nguyen\AppData\Roaming\chportu
    2015-02-26 03:01 - 2015-01-09 10:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-26 03:01 - 2015-01-09 10:43 - 00419936 _____ () C:\Windows\system32\locale.nls
    2015-02-23 23:34 - 2015-02-06 04:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-02-23 23:32 - 2015-02-06 08:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-02-23 23:32 - 2015-02-06 08:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-02-23 23:32 - 2015-02-06 08:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2015-02-23 23:32 - 2015-02-06 08:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2015-02-20 13:24 - 2015-02-20 13:24 - 00000000 ____D () C:\Users\Nguyen\AppData\Local\Steam
    2015-02-19 16:28 - 2015-02-19 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    2015-02-19 16:28 - 2015-02-19 16:28 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
    2015-02-18 17:37 - 2015-01-09 14:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-18 17:37 - 2015-01-09 14:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-18 17:37 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-18 17:37 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-17 21:52 - 2015-02-17 21:52 - 00000853 _____ () C:\Users\Nguyen\Desktop\µTorrent.lnk
    2015-02-12 13:01 - 2015-01-23 15:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-12 13:01 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 13:01 - 2015-01-23 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-12 13:01 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-02-11 11:38 - 2015-02-04 14:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-02-11 11:38 - 2015-02-04 14:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-02-11 11:38 - 2015-01-28 10:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-02-11 11:38 - 2015-01-14 16:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 11:38 - 2015-01-14 16:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 11:38 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 11:38 - 2015-01-12 14:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 11:38 - 2015-01-12 14:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 11:38 - 2015-01-12 13:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 11:38 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 11:38 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 11:38 - 2015-01-12 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 11:38 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 11:38 - 2015-01-12 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 11:38 - 2015-01-12 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 11:38 - 2015-01-12 13:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 11:38 - 2015-01-12 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 11:38 - 2015-01-12 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 11:38 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 11:38 - 2015-01-12 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 11:38 - 2015-01-12 13:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 11:38 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 11:38 - 2015-01-12 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 11:38 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 11:38 - 2015-01-12 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 11:38 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 11:38 - 2015-01-12 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 11:38 - 2015-01-12 13:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 11:38 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 11:38 - 2015-01-12 13:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 11:38 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 11:38 - 2015-01-12 13:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 11:38 - 2015-01-12 12:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 11:38 - 2015-01-12 12:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 11:38 - 2015-01-12 12:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 11:38 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 11:38 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 11:38 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 11:38 - 2015-01-12 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 11:38 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 11:38 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 11:38 - 2015-01-12 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 11:38 - 2015-01-12 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 11:38 - 2015-01-12 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 11:38 - 2015-01-12 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 11:38 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 11:38 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 11:38 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 11:38 - 2015-01-12 12:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 11:38 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 11:38 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 11:38 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 11:38 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 11:38 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 11:38 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 11:38 - 2015-01-10 17:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 11:38 - 2015-01-10 17:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 11:34 - 2015-01-15 19:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 11:34 - 2015-01-15 19:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 11:34 - 2015-01-15 19:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 11:34 - 2015-01-15 19:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 11:34 - 2015-01-15 19:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 11:34 - 2015-01-15 19:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 11:34 - 2015-01-15 19:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 11:34 - 2015-01-15 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 11:34 - 2015-01-15 19:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 11:34 - 2015-01-15 19:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 11:34 - 2015-01-15 19:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 11:34 - 2015-01-15 18:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 11:34 - 2015-01-15 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 11:34 - 2015-01-15 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 11:34 - 2015-01-15 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 11:34 - 2015-01-15 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 11:34 - 2015-01-15 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 11:34 - 2015-01-15 15:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 11:34 - 2015-01-13 14:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 11:34 - 2015-01-13 13:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 11:34 - 2014-12-12 16:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-11 11:34 - 2014-12-12 16:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-11 11:34 - 2014-11-26 14:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-11 11:34 - 2014-11-26 14:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-11 11:34 - 2014-10-04 13:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-11 11:34 - 2014-10-04 12:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-11 11:34 - 2014-10-04 12:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2015-02-11 11:34 - 2014-07-07 13:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-11 11:34 - 2014-07-07 13:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-11 11:34 - 2014-07-07 12:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-11 11:34 - 2014-07-07 12:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-11 11:33 - 2015-01-14 17:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 11:33 - 2015-01-14 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 11:33 - 2015-01-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 11:33 - 2015-01-14 17:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 11:33 - 2015-01-14 16:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 11:33 - 2015-01-14 16:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 11:33 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 11:33 - 2015-01-09 13:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 11:33 - 2014-12-08 14:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 11:33 - 2014-12-08 13:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 21:32 - 2014-01-01 14:49 - 956662474 _____ () C:\Windows\runSW.log
    2015-03-09 21:29 - 2012-04-04 21:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-09 21:27 - 2011-10-04 15:48 - 01648926 _____ () C:\Windows\WindowsUpdate.log
    2015-03-09 21:25 - 2009-07-14 15:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-09 21:25 - 2009-07-14 15:45 - 00026112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-09 21:22 - 2012-08-11 17:28 - 00000000 ____D () C:\Users\Nguyen\AppData\Local\LogMeIn Hamachi
    2015-03-09 21:21 - 2011-10-04 21:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2015-03-09 21:20 - 2013-06-15 14:34 - 00064233 _____ () C:\Windows\setupact.log
    2015-03-09 21:20 - 2012-04-09 21:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-09 21:20 - 2011-10-05 00:33 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-03-09 21:20 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-09 20:17 - 2012-04-09 21:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-09 20:13 - 2012-01-08 14:48 - 00894523 _____ () C:\Windows\SysWOW64\TVersityMediaServer.log
    2015-03-04 00:17 - 2010-02-10 17:18 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-03-03 22:55 - 2011-10-09 20:45 - 00000000 ____D () C:\Users\Nguyen\AppData\Roaming\uTorrent
    2015-02-23 23:34 - 2012-04-23 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-02-19 16:27 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-18 17:23 - 2013-06-15 14:33 - 00182900 _____ () C:\Windows\PFRO.log
    2015-02-17 21:52 - 2014-01-24 20:34 - 00000833 _____ () C:\Users\Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-02-16 16:20 - 2012-08-30 19:45 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
    2015-02-12 22:14 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-12 03:16 - 2014-12-14 20:31 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-02-12 03:16 - 2014-05-07 21:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-02-11 22:42 - 2009-07-14 15:45 - 04997696 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-11 22:40 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-11 16:20 - 2014-05-31 23:33 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-11 16:18 - 2011-11-27 21:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-11 16:17 - 2013-06-12 22:15 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-11 16:17 - 2013-06-12 22:15 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-11 16:17 - 2013-06-12 22:14 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-11 16:17 - 2013-06-12 22:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-02-11 16:16 - 2014-01-02 02:22 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-11 16:12 - 2010-02-10 17:16 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-10 13:29 - 2012-04-04 21:04 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-10 13:29 - 2012-04-04 21:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-10 13:29 - 2011-10-04 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2014-04-25 16:09 - 2014-04-25 16:09 - 0000314 _____ () C:\Users\Nguyen\AppData\Roaming\aps.uninstall.scan.results
    2012-04-29 21:07 - 2012-04-29 21:49 - 0004163 _____ () C:\Users\Nguyen\AppData\Roaming\Rim.Desktop.Exception.log
    2012-04-29 21:06 - 2012-04-29 21:50 - 0002021 _____ () C:\Users\Nguyen\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2012-04-29 21:07 - 2012-04-29 21:49 - 0000154 _____ () C:\Users\Nguyen\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2014-04-25 16:06 - 2014-04-25 16:06 - 1107304 _____ (AnyProtect.com) C:\Users\Nguyen\AppData\Local\nsb6F70.tmp
    2011-10-05 00:10 - 2012-08-26 22:23 - 0007607 _____ () C:\Users\Nguyen\AppData\Local\Resmon.ResmonCfg
    2011-10-04 18:09 - 2011-10-04 18:09 - 0000003 _____ () C:\Users\Nguyen\AppData\Local\user_data.ini
    2014-01-16 23:00 - 2014-01-16 23:00 - 0000039 _____ () C:\ProgramData\InstallerWebUI.ini

    Some content of TEMP:
    ====================
    C:\Users\Nguyen\AppData\Local\Temp\BackupSetup.exe
    C:\Users\Nguyen\AppData\Local\Temp\epom3_nationzoom_20131128171919.exe
    C:\Users\Nguyen\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
    C:\Users\Nguyen\AppData\Local\Temp\nsx5FE7.exe
    C:\Users\Nguyen\AppData\Local\Temp\nv3DVStreaming.dll
    C:\Users\Nguyen\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Nguyen\AppData\Local\Temp\nvSCPAPISvr.exe
    C:\Users\Nguyen\AppData\Local\Temp\nvStereoApiI.dll
    C:\Users\Nguyen\AppData\Local\Temp\nvStInst.exe
    C:\Users\Nguyen\AppData\Local\Temp\setup.exe
    C:\Users\Nguyen\AppData\Local\Temp\sonarinst.exe
    C:\Users\Nguyen\AppData\Local\Temp\Trend_Micro_SafeSync_5.1.0.1522.exe
    C:\Users\Nguyen\AppData\Local\Temp\UNT120B.exe
    C:\Users\Nguyen\AppData\Local\Temp\_isA10F.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-09 21:07

    ==================== End Of Log ============================
     

    Attached Files:

  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    • Now select > Scan > Threat scan > Scan now
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
    Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

    Next,

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Scan
    • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
    • You will get a prompt asking to close all programs. Click OK.
    • Click OK again to reboot your computer.
    • A text file will open after the restart. Please post the content of that logfile in your reply.
    • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

    Next,

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Next,

    [​IMG] Scan with ESET Online Scanner

    This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
    Please visit ESET Online Scanner website.

    Click there Run ESET Online Scanner.

    If using Internet Explorer:

    • Accept the Terms of Use and click Start.
    • Allow the running of add-on.
    If using Mozilla Firefox or Google Chrome:
    • Download esetsmartinstaller_enu.exe that you'll be given link to.
    • Double click esetsmartinstaller_enu.exe.
    • Allow the Terms of Use and click Start.
    To perform the scan:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
    • Click Start
    • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    • When completed, the program will begin to scan. This may take several hours. Please, be patient.
    • Do not do anything on your machine as it may interrupt the scan.
    • When the scan is done, click Finish.
    • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
    Please include this logfile in your next reply.

    Don't forget to re-enable protection software!

    Let me see those logs, also give an update on any remaining issues or concerns...

    Thanks,

    Kevin...
     

    Attached Files:

  7. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    Hi Kevin,

    I've done all the scans. I'll attached the logs rather than copy and paste them here, for ease of reading.

    Everthing seems to run better. It doesn't stop me from opening task manager or installing other software. seems to be OK.

    Thanks again!
     

    Attached Files:

  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    ESET log entries are ok, what is the current status of your system, any remaining issues or concerns?

    Run this please:

    Download Security Check by screen317 from either of the following:
    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Kevin......
     
  9. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    Hi Kevin,

    The system was a little slow upon restarting, but it all seems OK now. Everything is functioning as it should. I've run the scan and pasted the log below:

    Results of screen317's Security Check version 0.99.97
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 67
    Java version 32-bit out of Date!
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.305
    Adobe Reader 10.1.12 Adobe Reader out of Date!
    Mozilla Firefox (36.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    Trend Micro SafeSync HrfsClient.exe
    Trend Micro SafeSync hrfscore.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    Let me know if I need to do anything else!

    Cheers!

    - Vinnie
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello Vinnie,

    Couple of udates needed..

    Adobe Reader is outdated...
    Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

    Step 1 - Select your Operating System.
    Step 2 - Select your Langauge.
    Step 3 - Select latest version.

    Untick the option for any security scanner or toolbar if offered.

    Download and install.

    Having the latest updates ensures there are no security vulnerabilities in your system.

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

    Next,

    If no remaining issues or concerns run the following to clean up....

    Download "Delfix by Xplode" and save it to your desktop.

    Or use the following if first link is down:

    "Delfix link mirror"

    Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

    Make Sure the following items are checked:


    • Remove disinfection tools
    • Purge System Restore
    • Reset system settings

    Now click on "Run" and wait patiently until the tool has completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Any remnant files/logs from tools we have used can be deleted…

    Next,

    Read the following link to fully understand PC security and best practices, you may find it useful....

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    If the system now responds as expected with no issues or concerns hit the "Mark Solved" tab at the top of the thread...

    Thanks,

    Kevin...
     
  11. AngryDutchman

    AngryDutchman Thread Starter

    Joined:
    Mar 3, 2015
    Messages:
    7
    Thanks again, mate! Appreciate the help!
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You`re very welcome, take care and surf safe....

    Kevin....(y)
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Hijack browser systems
  1. bj nick
    Replies:
    0
    Views:
    665
  2. genubi
    Replies:
    0
    Views:
    300
  3. Brigham
    Replies:
    1
    Views:
    583
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144105

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice