Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

explorer.exe established many connections being hacked...

Started by ralox111 , Apr 09 2016 07:44 PM

  • Please log in to reply

#1
ralox111
Posted 09 April 2016 - 07:44 PM

ralox111

    New Member

  • Member
  • Pip
  • 1 posts

hello im being hacked and i really need help here are the logs... i tryed to run malware scanners but it seems they dont find it i really need help on this

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by eea (administrator) on AAA (10-04-2016 04:34:10)
Running from C:\Users\eea\Desktop
Loaded Profiles: eea (Available Profiles: eea)
Platform: Windows 10 Home Version 1511 (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\eea\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell SonicWALL, Inc.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [935544 2016-01-22] (Check Point Software Technologies LTD)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-03-24] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-01] (Valve Corporation)
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Run: [BingSvc] => C:\Users\eea\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-27] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoColorChoice] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoSizeChoice] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoVisualStyleChoice] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\Explorer: [ClassicShell] 0
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\...\Policies\Explorer: [NoThemesTab] 0
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 62.145.169.130 213.145.216.231
Tcpip\..\Interfaces\{223c757b-2765-4532-9846-89e9bb525371}: [DhcpNameServer] 62.145.169.130 213.145.216.231
Tcpip\..\Interfaces\{ca30c838-87cd-46c6-b429-e3436a5dcfbe}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2078009098-672532629-1064675910-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\S-1-5-21-2078009098-672532629-1064675910-1001 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://fi.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=33090001005_ds_sp&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2078009098-672532629-1064675910-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
 
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-24] (NVIDIA Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2442368 2016-02-17] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-02-17] ()
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1156728 2016-01-22] (Check Point Software Technologies LTD)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-24] (NVIDIA Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2015-10-19] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3145552 2016-03-24] (Check Point Software Technologies Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-12-25] (Windows ® Win 7 DDK provider)
R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-07-17] (Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-11-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-11-26] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [172920 2015-11-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [919416 2015-11-26] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [103096 2015-11-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [194320 2015-10-14] (Intel Corporation)
S3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2016-01-30] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-11-10] (The OpenVPN Project)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek                                            )
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2016-01-31] (SoftEther Corporation)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2014-11-05] (The OpenVPN Project) [File not signed]
R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42088 2016-01-14] (Anchorfree Inc.)
S3 tapSF0901; C:\Windows\System32\drivers\tapSF0901.sys [39104 2015-07-31] (Spotflux, Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [462304 2016-03-24] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 GPU-Z; \??\C:\Users\eea\AppData\Local\Temp\GPU-Z.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-10 04:34 - 2016-04-10 04:34 - 00013097 _____ C:\Users\eea\Desktop\FRST.txt
2016-04-10 04:33 - 2016-04-10 04:34 - 02374144 _____ (Farbar) C:\Users\eea\Desktop\FRST64.exe
2016-04-10 03:33 - 2016-04-10 03:33 - 02781137 _____ ( ) C:\Users\eea\Downloads\reshacker_setup.exe
2016-04-10 03:20 - 2016-04-10 03:23 - 00000024 _____ C:\Users\eea\random.dat
2016-04-10 03:20 - 2016-04-10 03:22 - 00000023 _____ C:\Users\eea\jagexappletviewer.preferences
2016-04-10 03:20 - 2016-04-10 03:20 - 00000042 _____ C:\Users\eea\jagex_cl_runescape_LIVE.dat
2016-04-10 03:20 - 2016-04-10 03:20 - 00000000 ____D C:\Users\eea\AppData\Roaming\NVIDIA
2016-04-10 03:20 - 2016-04-10 03:20 - 00000000 ____D C:\.jagex_cache_32
2016-04-10 03:19 - 2016-04-10 03:23 - 00000000 ____D C:\Users\eea\jagexcache
2016-04-10 03:19 - 2016-04-10 03:19 - 24223744 _____ C:\Users\eea\Downloads\RuneScape.msi
2016-04-10 02:47 - 2016-04-10 02:47 - 00094866 _____ C:\Users\eea\Downloads\RONLOPEZ-PC.txt
2016-04-10 02:29 - 2016-04-10 02:29 - 00000000 ____D C:\Users\eea\AppData\Local\Apps\2.0
2016-04-09 22:54 - 2016-04-09 22:54 - 00001052 _____ C:\Users\eea\Desktop\guide.txt
2016-04-09 22:16 - 2016-04-09 22:16 - 00000000 ____D C:\Users\eea\AppData\Local\NVIDIA
2016-04-09 22:15 - 2016-04-09 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-04-09 22:15 - 2016-03-22 04:57 - 00110528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-04-09 22:14 - 2016-04-09 22:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-09 22:14 - 2016-04-09 22:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-04-09 22:14 - 2016-03-22 07:08 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-04-09 22:14 - 2016-03-22 07:08 - 00201664 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 06369728 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 02994744 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 02561472 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 01265720 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-04-09 22:14 - 2016-03-22 05:37 - 00530880 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-04-09 22:14 - 2016-03-22 05:37 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-04-09 22:14 - 2016-03-18 14:44 - 06253721 _____ C:\Windows\system32\nvcoproc.bin
2016-04-09 22:13 - 2016-03-25 04:23 - 12659136 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-04-09 22:13 - 2016-03-24 14:52 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-04-09 22:13 - 2016-03-24 14:52 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-04-09 22:13 - 2016-03-24 14:52 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 31594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 25350080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 21364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 20906168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 20074728 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 17755928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 17369448 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 17349776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 17328008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 14226672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 10550552 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 03685280 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 03263480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 02614208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 02260024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 01922496 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436472.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436472.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00960056 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00889400 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00751552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00572096 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00546328 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00448824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00129208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-04-09 22:13 - 2016-03-22 07:08 - 00038050 _____ C:\Windows\system32\nvinfo.pb
2016-04-09 22:13 - 2016-03-22 07:08 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-04-09 22:13 - 2016-03-22 07:08 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-04-09 22:13 - 2016-03-21 23:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-09 22:13 - 2016-03-21 23:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-09 22:13 - 2016-03-21 23:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-09 22:12 - 2016-04-09 22:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-09 21:38 - 2016-04-09 21:48 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2016-04-09 21:38 - 2016-04-09 21:40 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-09 21:35 - 2016-04-09 21:35 - 00000000 ____D C:\Users\eea\Desktop\[Guru3D.com]-DDU
2016-04-09 16:53 - 2016-04-10 04:34 - 00000000 ____D C:\FRST
2016-04-09 16:53 - 2016-04-09 17:01 - 00000000 ____D C:\Users\eea\Desktop\New folder
2016-04-09 16:38 - 2016-04-09 16:38 - 00000000 ____D C:\Users\eea\Desktop\TCPView
2016-04-08 22:01 - 2016-04-08 22:01 - 00042168 _____ (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCEXP152.SYS
2016-04-08 22:00 - 2016-04-08 22:00 - 00000000 ____D C:\Users\eea\Desktop\ProcessExplorer
2016-04-07 21:53 - 2016-04-07 21:53 - 00000000 ____D C:\Program Files (x86)\ChangeIP.com INC
2016-04-07 21:42 - 2016-04-08 17:57 - 00007611 _____ C:\Users\eea\AppData\Local\Resmon.ResmonCfg
2016-04-07 17:07 - 2016-04-07 17:07 - 00000776 _____ C:\DelFix.txt
2016-04-07 00:51 - 2016-04-07 00:51 - 00000000 ____D C:\Users\eea\AppData\Roaming\MailFrontier
2016-04-07 00:51 - 2016-04-07 00:51 - 00000000 ____D C:\ProgramData\MailFrontier
2016-04-07 00:49 - 2016-03-24 05:30 - 00645968 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\AntiTheftCredentialProvider.dll
2016-04-07 00:48 - 2016-04-07 00:48 - 00431074 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-04-07 00:48 - 2016-04-07 00:48 - 00000144 _____ C:\Windows\SysWOW64\lkfl.dat
2016-04-07 00:48 - 2016-04-07 00:48 - 00000128 _____ C:\Windows\SysWOW64\pdfl.dat
2016-04-07 00:48 - 2016-04-07 00:48 - 00000080 _____ C:\Windows\SysWOW64\ibfl.dat
2016-04-07 00:48 - 2016-04-07 00:48 - 00000000 ____D C:\Users\eea\AppData\Roaming\CheckPoint
2016-04-07 00:48 - 2016-04-07 00:48 - 00000000 ____D C:\ProgramData\ContentWatch
2016-04-07 00:48 - 2016-04-07 00:48 - 00000000 ____D C:\Program Files (x86)\PC Tune-Up
2016-04-07 00:47 - 2016-04-07 00:47 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-04-07 00:47 - 2016-04-07 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-04-07 00:44 - 2016-04-07 00:48 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-04-05 18:27 - 2016-04-05 18:27 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-05 02:33 - 2016-04-10 03:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-05 02:32 - 2016-04-05 02:32 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-05 02:32 - 2016-04-05 02:32 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-05 02:32 - 2016-04-05 02:32 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-05 02:32 - 2016-04-05 02:32 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-05 02:32 - 2016-04-05 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-05 02:32 - 2016-04-05 02:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-05 02:32 - 2016-04-05 02:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-05 02:31 - 2016-04-05 02:31 - 00000993 _____ C:\Users\eea\Desktop\NTREGOPT.lnk
2016-04-05 02:31 - 2016-04-05 02:31 - 00000974 _____ C:\Users\eea\Desktop\ERUNT.lnk
2016-04-05 02:31 - 2016-04-05 02:31 - 00000000 ____D C:\Windows\ERDNT
2016-04-05 02:31 - 2016-04-05 02:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-04-05 02:31 - 2016-04-05 02:31 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-04-02 20:06 - 2016-04-07 00:40 - 00000000 ____D C:\Users\eea\AppData\Roaming\Comodo
2016-03-31 21:01 - 2016-03-31 21:12 - 00006090 _____ C:\Users\eea\Desktop\Untitled.vpj
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Users\eea\Documents\VideoPad Projects
2016-03-31 20:50 - 2016-03-31 20:51 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-03-31 20:50 - 2016-03-31 20:50 - 00002331 _____ C:\Users\eea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-03-31 20:50 - 2016-03-31 20:50 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-03-31 20:50 - 2016-03-31 20:50 - 00001359 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-03-31 20:50 - 2016-03-31 20:50 - 00001219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2016-03-31 20:50 - 2016-03-31 20:50 - 00001207 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2016-03-31 20:50 - 2016-03-31 20:50 - 00000000 ____D C:\Users\eea\AppData\Roaming\NCH Software
2016-03-31 20:50 - 2016-03-31 20:50 - 00000000 ____D C:\ProgramData\NCH Software
2016-03-31 20:50 - 2016-03-31 20:50 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-03-29 22:48 - 2016-03-29 22:48 - 00000000 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2016-03-29 22:47 - 2016-03-29 22:47 - 00000000 _____ C:\Windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2016-03-24 03:21 - 2016-03-24 03:21 - 00462304 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-10 04:26 - 2016-01-28 05:19 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-10 04:23 - 2016-01-28 14:45 - 01708264 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-10 04:23 - 2016-01-28 04:27 - 00666922 _____ C:\Windows\system32\perfh00B.dat
2016-04-10 04:23 - 2016-01-28 04:27 - 00170082 _____ C:\Windows\system32\perfc00B.dat
2016-04-10 04:23 - 2016-01-28 04:23 - 00000000 ____D C:\Windows\INF
2016-04-10 04:16 - 2016-01-28 14:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-10 04:16 - 2016-01-28 14:35 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-10 04:15 - 2016-01-28 04:16 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-10 04:13 - 2016-01-28 14:47 - 00000000 ____D C:\Users\eea
2016-04-10 04:12 - 2016-01-31 04:07 - 00000000 ____D C:\Users\eea\AppData\Local\ElevatedDiagnostics
2016-04-10 04:12 - 2016-01-28 04:24 - 00000000 ____D C:\Windows\system32\NDF
2016-04-10 03:40 - 2016-01-28 04:24 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-04-10 01:34 - 2016-01-28 20:17 - 00004182 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D951EBE-650E-4490-9FC1-CC74F16D5A4E}
2016-04-09 22:16 - 2016-01-31 07:12 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-04-09 22:14 - 2016-01-28 04:23 - 00000000 ____D C:\Windows\Help
2016-04-09 21:21 - 2016-02-01 19:13 - 00000000 ____D C:\Users\eea\AppData\Local\CrashDumps
2016-04-09 17:07 - 2016-01-28 04:19 - 00000000 ____D C:\Windows\CbsTemp
2016-04-09 16:50 - 2016-01-28 04:23 - 00000000 ____D C:\Windows\AppReadiness
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\system32\winrm
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\system32\WCN
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\system32\slmgr
2016-04-08 22:12 - 2016-01-28 04:27 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ___SD C:\Windows\system32\F12
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-04-08 22:12 - 2016-01-28 04:24 - 00000000 ____D C:\Windows\system32\migwiz
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ___RD C:\Windows\MiracastView
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ___RD C:\Windows\DevicesFlow
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-08 22:12 - 2016-01-28 04:23 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-08 22:12 - 2016-01-28 04:16 - 00000000 ____D C:\Windows\servicing
2016-04-08 16:11 - 2016-01-28 04:23 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-07 21:53 - 2016-02-02 17:21 - 00000000 ____D C:\Users\eea\AppData\Local\Downloaded Installations
2016-04-07 17:04 - 2016-02-03 22:14 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-07 00:48 - 2016-02-03 22:01 - 00000000 ____D C:\ProgramData\CheckPoint
2016-04-07 00:47 - 2016-01-28 04:16 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-04-07 00:40 - 2016-03-02 20:46 - 00000000 ____D C:\ProgramData\Comodo
2016-04-03 20:40 - 2016-01-31 21:18 - 00000000 ____D C:\Users\eea\AppData\Local\Google
2016-04-03 20:40 - 2016-01-31 21:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-02 20:06 - 2016-02-27 05:44 - 00000000 ____D C:\Users\eea\AppData\Roaming\Skype
2016-03-31 20:46 - 2016-02-03 02:33 - 00000000 ____D C:\Users\eea\AppData\Local\Sony
2016-03-30 17:03 - 2016-02-27 05:44 - 00000000 ____D C:\ProgramData\Skype
2016-03-30 17:02 - 2016-02-27 05:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-30 16:58 - 2016-02-09 04:00 - 00000000 ____D C:\Users\eea\AppData\Roaming\OBS
2016-03-26 04:57 - 2016-01-28 20:18 - 00000000 ____D C:\ProgramData\Oracle
2016-03-26 04:56 - 2016-01-28 20:18 - 00000000 ____D C:\Users\eea\.oracle_jre_usage
2016-03-11 22:05 - 2016-01-28 19:51 - 00000000 ____D C:\Users\eea\Documents\Rockstar Games
2016-03-11 19:18 - 2016-01-28 14:49 - 00002381 _____ C:\Users\eea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-11 19:18 - 2016-01-28 14:49 - 00000000 ___RD C:\Users\eea\OneDrive
 
==================== Files in the root of some directories =======
 
2016-04-07 21:42 - 2016-04-08 17:57 - 0007611 _____ () C:\Users\eea\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-04-01 15:46
 
==================== End of FRST.txt ============================

 

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP