secureprohelp.com says

[zmas*]

Hello,
I'm using the Chrome browser and I am getting an alert that comes up during normal browsing (i've attached a screen shot of it). If I hit the "x" on the window it comes back within a second. IE doesn't appear to have the same issue. When the alert originally pops up it has a "robotic" voice that says "warning, warning, your firewall has... something or another" - Sorry I cant remember exactly what it said.


It's worth noting I don't have Norton installed, I use Avira as my antivirus and the windows firewall. The browser becomes unresponsive as this box takes focus. If I close the box I can quickly close the browser.


Yesterday I updated my adobe flash player to the latest version. Other than that I haven't installed or made any other changes recently that I can recall, thanks for your help in advance,
Z


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8151 Mb
Graphics Card: NVIDIA GeForce GTX 560, 1024 Mb
Hard Drives: C: Total - 476837 MB, Free - 219189 MB; D: Total - 99 MB, Free - 71 MB; W: Total - 114470 MB, Free - 24963 MB;
Motherboard: Gigabyte Technology Co., Ltd., H55M-S2H
Antivirus: Avira Desktop, Updated and Enabled

 

[JSntgRvr]

Welcome

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download AdwCleaner from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:

• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

• Select the language and click OK.
• Accept the agreement
• Make sure a checkmark is placed next to Enable the Free Trial and Launch [*]Malwarebytes' Anti-Malware, then click on finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Scan Now".
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click on Quanrantee All,.
• When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
• Upon restart, launch Malwarebytes Antimalware and select History.
• Double click on the last scan done, then on Copy to Clipboard.
• Right click on your next reply and select Paste.
• Submit your reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Once done, please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

 

[zmas*]

Hello,
Here is the following outputs


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Zmaster on Wed 11/02/2015 at 15:25:33.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



~~~ Services


~~~ Registry Values


~~~ Registry Keys


~~~ Files


~~~ Folders


~~~ Event Viewer Logs were cleared




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/02/2015 at 15:27:46.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~






# AdwCleaner v4.110 - Logfile created 11/02/2015 at 15:30:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Zmaster - ZMASTER-PC
# Running from : C:\Users\Zmaster\Downloads\adwcleaner_4.110.exe
# Option : Cleaning
***** [ Services ] *****

***** [ Files / Folders ] *****
File Deleted : C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v

-\\ Google Chrome v40.0.2214.111

*************************
AdwCleaner[R0].txt - [1049 bytes] - [15/09/2014 20:54:32]
AdwCleaner[R1].txt - [1696 bytes] - [11/02/2015 15:28:16]
AdwCleaner[S0].txt - [1078 bytes] - [15/09/2014 20:56:14]
AdwCleaner[S1].txt - [1629 bytes] - [11/02/2015 15:30:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1688 bytes] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/02/2015
Scan Time: 3:35:35 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.11.02
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zmaster
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323407
Time Elapsed: 11 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Zmaster (administrator) on ZMASTER-PC on 11-02-2015 18:57:37
Running from C:\Users\Zmaster\Downloads
Loaded Profiles: Zmaster (Available profiles: Zmaster)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Apps\Super\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Apps\Super\SUPERANTISPYWARE.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Zhorn Software) C:\Apps\zbar\zbar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Elaborate Bytes AG) C:\Apps\Virtual Drive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(KVIrc Development Team) C:\Apps\Kvirc\kvirc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Apps\Virtual Drive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4277350356-3660271439-807184056-1000\...\Run: [SUPERAntiSpyware] => C:\Apps\Super\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-4277350356-3660271439-807184056-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-21] (Piriform Ltd)
HKU\S-1-5-21-4277350356-3660271439-807184056-1000\...\MountPoints2: {7aaae781-7d80-11e4-8d30-1c6f65ab1678} - F:\setup.exe
Startup: C:\Users\Zmaster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zbar.lnk
ShortcutTarget: zbar.lnk -> C:\Apps\zbar\zbar.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4277350356-3660271439-807184056-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/?gws_rd=ssl
HKU\S-1-5-21-4277350356-3660271439-807184056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Apps\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Apps\FDM\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Apps\Java\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\Zmaster\AppData\Roaming\Mozilla\Firefox\Profiles\K4V8W3qn.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Apps\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Apps\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Apps\VLC\npvlc.dll (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\Zmaster\AppData\Roaming\Mozilla\Firefox\Profiles\K4V8W3qn.default\Extensions\[email protected] [2014-08-15]
FF HKU\S-1-5-21-4277350356-3660271439-807184056-1000\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Zmaster\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Zmaster\AppData\Roaming\IDM\idmmzcc5 [2014-10-15]
Chrome:
=======
CHR HomePage: Default -> file:///C:/Apps/webpage/index.html
CHR StartupUrls: Default -> "file:///C:/Apps/webpage/index.html"
CHR Profile: C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2014-09-24]
CHR Extension: (Downloads) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkhjekibcfjngomhbbifihellcaebcn [2014-09-02]
CHR Extension: (Google Docs) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Google Drive) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Google Search) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Avira Browser Safety) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-15]
CHR Extension: (AdBlock) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-11]
CHR Extension: (Little Joy Rider) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\klfdccoepjlaopkkgaaiaojopafjmajd [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Zmaster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-04-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Apps\Super\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-11] (Avira Operations GmbH & Co. KG)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
R1 SASDIFSV; C:\Apps\Super\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Apps\Super\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 18:57 - 2015-02-11 18:57 - 00011673 _____ () C:\Users\Zmaster\Downloads\FRST.txt
2015-02-11 18:56 - 2015-02-11 18:57 - 00000000 ____D () C:\FRST
2015-02-11 15:49 - 2015-02-11 15:49 - 00001052 _____ () C:\Users\Zmaster\Downloads\malwarebytes.txt
2015-02-11 15:27 - 2015-02-11 15:27 - 00000635 _____ () C:\Users\Zmaster\Desktop\JRT.txt
2015-02-11 15:21 - 2015-02-11 15:21 - 02132992 _____ (Farbar) C:\Users\Zmaster\Downloads\FRST64.exe
2015-02-11 15:20 - 2015-02-11 15:20 - 01388274 _____ (Thisisu) C:\Users\Zmaster\Downloads\JRT.exe
2015-02-11 15:19 - 2015-02-11 15:20 - 02112512 _____ () C:\Users\Zmaster\Downloads\adwcleaner_4.110.exe
2015-02-10 16:29 - 2015-02-10 16:29 - 00509440 _____ (Tech Support Guy System) C:\Users\Zmaster\Downloads\SysInfo.exe
2015-02-02 16:40 - 2015-02-02 16:40 - 01046528 _____ () C:\Users\Zmaster\Downloads\MicrosoftFixit50848.msi
2015-02-02 16:03 - 2015-01-10 18:07 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-02 16:03 - 2015-01-10 18:07 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-02 16:03 - 2015-01-10 09:30 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-02 16:03 - 2015-01-10 09:30 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-02 16:03 - 2015-01-10 09:29 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-02 16:03 - 2015-01-10 09:29 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-02 16:03 - 2015-01-10 09:29 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-02 16:03 - 2015-01-10 09:29 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-02 16:03 - 2015-01-10 05:47 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-02 16:02 - 2015-02-11 15:31 - 00001252 _____ () C:\Windows\setupact.log
2015-02-02 16:02 - 2015-02-02 16:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-02 16:01 - 2015-01-13 14:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-02 16:01 - 2015-01-13 14:15 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-02 16:01 - 2015-01-13 14:15 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-02 16:01 - 2015-01-10 18:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-02 16:01 - 2015-01-10 18:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-02 15:50 - 2015-02-02 15:53 - 359471688 _____ (NVIDIA Corporation) C:\Users\Zmaster\Downloads\347.25-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-02-02 15:48 - 2015-02-02 15:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\Windows\Sun
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\Sun
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-02 15:47 - 2015-02-02 15:47 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-02 15:46 - 2015-02-02 15:47 - 00639400 _____ (Oracle Corporation) C:\Users\Zmaster\Downloads\chromeinstall-8u31 (1).exe
2015-02-02 15:46 - 2015-02-02 15:46 - 00639400 _____ (Oracle Corporation) C:\Users\Zmaster\Downloads\chromeinstall-8u31.exe
2015-02-02 15:41 - 2015-02-02 15:41 - 05325208 _____ (Piriform Ltd) C:\Users\Zmaster\Downloads\ccsetup502.exe
2015-02-01 07:14 - 2015-02-01 07:14 - 00000000 ____D () C:\Users\Zmaster\AppData\Local\Razer
2015-01-31 16:33 - 2015-01-31 16:33 - 00000000 ____D () C:\Users\Zmaster\AppData\Local\Razer_Inc
2015-01-31 14:59 - 2015-01-31 14:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2015-01-31 14:59 - 2015-01-31 14:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzendpt_01009.Wdf
2015-01-31 14:59 - 2014-12-11 06:43 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2015-01-31 14:59 - 2014-12-10 08:21 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2015-01-31 14:58 - 2015-01-31 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-01-31 14:52 - 2015-02-01 07:13 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-01-31 14:52 - 2015-01-31 14:59 - 00000000 ____D () C:\ProgramData\Razer
2015-01-30 19:38 - 2015-01-30 19:41 - 00000000 ____D () C:\Users\Zmaster\Downloads\Sex Tape (2014) [BRRip]
2015-01-27 08:11 - 2015-01-27 08:11 - 00000000 ____D () C:\Users\Zmaster\Documents\Larian Studios
2015-01-27 06:58 - 2015-01-27 06:58 - 00000202 _____ () C:\Users\Zmaster\Desktop\Divinity Original Sin.url
2015-01-25 18:07 - 2015-01-13 23:20 - 254307610 ____N () C:\Users\Zmaster\Downloads\person.of.interest.411.hdtv-lol.www.RapidMovieZ.com.mp4
2015-01-25 16:25 - 2015-01-05 21:06 - 329805250 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e09.mkv
2015-01-25 16:25 - 2015-01-05 21:05 - 181575838 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e08.mkv
2015-01-25 16:25 - 2015-01-05 21:03 - 197520784 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e07.mkv
2015-01-25 16:24 - 2015-01-05 21:00 - 196413342 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e06.mkv
2015-01-25 16:24 - 2015-01-05 21:00 - 194694897 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e05.mkv
2015-01-25 16:24 - 2014-12-15 19:47 - 177991881 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e04.mkv
2015-01-25 16:24 - 2014-12-14 22:25 - 217797402 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e03.mkv
2015-01-25 16:24 - 2014-12-14 22:24 - 192437295 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e02.mkv
2015-01-25 16:24 - 2014-12-14 22:21 - 186455278 _____ () C:\Users\Zmaster\Downloads\Its.A.Date.s02e01.mkv
2015-01-20 17:03 - 2014-12-17 01:56 - 186986689 _____ () C:\Users\Zmaster\Downloads\Person.Of.Interest.S04E10.480p.mkv
2015-01-20 17:03 - 2014-11-26 01:57 - 161813722 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E09.480p.mkv
2015-01-20 17:02 - 2014-11-19 01:52 - 175097081 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E08.480p.mkv
2015-01-20 17:01 - 2014-11-12 01:56 - 174656775 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E07.480p.mkv
2015-01-20 17:00 - 2014-10-29 03:58 - 198322303 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E06.480p.mkv
2015-01-20 16:59 - 2014-10-22 01:56 - 174448400 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E05.480p.mkv
2015-01-20 16:58 - 2014-10-15 01:53 - 173832002 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E04.480p.mkv
2015-01-20 16:58 - 2014-10-08 02:01 - 197049335 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E03.480p.mkv
2015-01-20 16:57 - 2014-10-01 02:05 - 167751273 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E02.480p.mkv
2015-01-20 16:56 - 2014-09-24 02:00 - 173781347 _____ () C:\Users\Zmaster\Downloads\Person.of.Interest.S04E01.480p.mkv
2015-01-19 18:52 - 2015-01-19 18:52 - 00000000 ____D () C:\Users\Zmaster\Downloads\The Rover 2014 720p BluRay x264 AAC - Ozlem
2015-01-19 18:41 - 2014-08-25 04:10 - 559380738 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E10.HDTV.x264.mp4
2015-01-19 18:41 - 2014-08-18 03:04 - 385065553 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E09.HDTV.x264.mp4
2015-01-19 18:40 - 2014-08-11 05:33 - 480602262 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E08.HDTV.x264.mp4
2015-01-19 18:40 - 2014-08-04 04:02 - 576082052 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E07.HDTV.x264.mp4
2015-01-19 18:40 - 2014-07-28 09:00 - 388841409 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E06.hdtv.x264.mp4
2015-01-19 18:40 - 2014-07-21 04:03 - 512251737 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E05.HDTV.x264.mp4
2015-01-19 18:39 - 2014-07-14 04:00 - 530749079 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E04.HDTV.x264.mp4
2015-01-19 18:39 - 2014-07-07 04:02 - 483313853 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E03.HDTV.x264.mp4
2015-01-19 18:39 - 2014-06-30 04:03 - 529377327 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E02.hdtv.x264.mp4
2015-01-19 18:30 - 2014-06-24 12:34 - 250690151 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E00.A.Farewell.to.Bon.mp4
2015-01-19 18:30 - 2014-06-23 03:59 - 449010917 _____ () C:\Users\Zmaster\Downloads\True.Blood.S07E01.hdtv.x264.mp4
2015-01-19 18:29 - 2015-01-18 14:01 - 289335400 _____ () C:\Users\Zmaster\Downloads\revenge.413.hdtv.mp4
2015-01-19 18:29 - 2015-01-16 02:55 - 202288873 _____ () C:\Users\Zmaster\Downloads\Person.Of.Interest.S04E12.480p.mkv
2015-01-19 18:29 - 2015-01-11 20:02 - 248095026 _____ () C:\Users\Zmaster\Downloads\revenge.412.hdtv.mp4
2015-01-19 18:29 - 2015-01-04 14:20 - 234867881 _____ () C:\Users\Zmaster\Downloads\revenge.411.hdtv.mp4
2015-01-19 18:28 - 2015-01-13 23:17 - 375373180 _____ () C:\Users\Zmaster\Downloads\Person.Of.Interest.S04E11.hdtv.avi
2015-01-14 15:41 - 2014-12-19 13:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:41 - 2014-12-19 11:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:41 - 2014-12-12 15:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 15:41 - 2014-12-12 15:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 15:41 - 2014-12-12 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 15:41 - 2014-12-12 15:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 15:41 - 2014-12-12 15:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 15:41 - 2014-12-12 15:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 15:41 - 2014-12-12 15:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:41 - 2014-12-12 03:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:41 - 2014-12-06 14:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:41 - 2014-12-06 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:41 - 2014-12-06 13:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-11 18:56 - 2014-08-15 14:50 - 00000000 ____D () C:\Files
2015-02-11 18:32 - 2014-08-15 11:55 - 01464999 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 18:18 - 2014-09-02 09:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 17:59 - 2014-08-15 12:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 15:39 - 2009-07-14 14:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 15:39 - 2009-07-14 14:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 15:35 - 2014-09-09 15:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 15:31 - 2014-08-15 12:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 15:31 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 15:30 - 2014-09-15 20:54 - 00000000 ____D () C:\AdwCleaner
2015-02-11 15:16 - 2014-08-15 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 15:16 - 2014-08-15 12:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-11 15:16 - 2014-08-15 12:29 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 21:56 - 2014-09-02 08:55 - 00000000 ____D () C:\Users\Zmaster\AppData\Roaming\DMCache
2015-02-10 16:10 - 2014-08-15 14:06 - 00000000 ____D () C:\Users\Zmaster\AppData\Roaming\vlc
2015-02-09 16:55 - 2014-10-15 17:25 - 00000000 ____D () C:\Users\Zmaster\Downloads\Video
2015-02-09 16:08 - 2014-10-15 17:25 - 00000000 ____D () C:\Users\Zmaster\AppData\Roaming\IDM
2015-02-06 14:54 - 2014-08-15 12:35 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 14:54 - 2014-08-15 12:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 19:18 - 2014-09-02 09:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 19:18 - 2014-09-02 09:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 19:18 - 2014-09-02 09:11 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-02 16:41 - 2014-09-24 16:55 - 00000000 ____D () C:\Users\Zmaster\AppData\Roaming\Free Download Manager
2015-02-02 16:04 - 2014-08-15 12:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-02 16:04 - 2014-08-15 12:08 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-02 16:03 - 2014-08-15 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-02 16:03 - 2014-08-15 12:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-02 16:03 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\Help
2015-02-02 16:02 - 2014-08-16 05:51 - 00000000 ____D () C:\Windows\Panther
2015-02-02 15:50 - 2014-08-15 14:26 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 07:14 - 2014-08-15 12:30 - 00070800 _____ () C:\Users\Zmaster\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 07:12 - 2009-07-14 14:45 - 00321800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-30 22:31 - 2014-09-02 08:46 - 00000600 _____ () C:\Users\Zmaster\AppData\Roaming\winscp.rnd
2015-01-30 18:15 - 2014-12-31 07:09 - 00000000 ____D () C:\Users\Zmaster\Downloads\american horror
2015-01-30 15:36 - 2014-08-15 11:17 - 00001152 _____ () C:\Users\Zmaster\Desktop\IRC_commands.txt
2015-01-27 07:40 - 2009-07-14 13:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
==================== Files in the root of some directories =======
2014-09-02 08:46 - 2015-01-30 22:31 - 0000600 _____ () C:\Users\Zmaster\AppData\Roaming\winscp.rnd
Some content of TEMP:
====================
C:\Users\Zmaster\AppData\Local\Temp\avgnt.exe
C:\Users\Zmaster\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Zmaster\AppData\Local\Temp\nvStInst.exe
C:\Users\Zmaster\AppData\Local\Temp\Quarantine.exe
C:\Users\Zmaster\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 20:23
==================== End Of Log ============================


thanks

 

[JSntgRvr]

Download the enclosed file. (see below) Save it in the same location FRST is saved. Open FRST. Click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post its contents in your next reply.

Reset your browsers to default. For instructions see here.

Let me know how is it doing after a restart.

 

[zmas*]

Hi,


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Zmaster at 2015-02-12 17:23:21 Run:1
Running from C:\Users\Zmaster\Downloads
Loaded Profiles: Zmaster (Available profiles: Zmaster)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> file:///C:/Apps/webpage/index.html
CHR StartupUrls: Default -> "file:///C:/Apps/webpage/index.html"
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
End
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
==== End of Fixlog 17:23:21 ====






I will restart and update how I go
thanks,
Z

 

[JSntgRvr]

 

[zmas*]

hi JSntgRvr,
After a few days of testing I think I can safely say the issue is resolved. Thank you for your time and effort in helping me

 

[JSntgRvr]

You are welcome.

We need to remove the tools we've used during cleaning your machine

1. Download Delfix from here
2. Ensure Remove disinfection tools is ticked
   Also tick:
   
   • Create registry backup
   • Purge system restore
   
   
   
3. Click Run

Here are some suggestions.

1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
   
2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

For more information and great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes!

 

[zmas*]

ok,
I will do this in the afternoon

thanks alot!

 

[JSntgRvr]