Jump to content

StanleyBeast

Honorary Members
  • Posts

    42
  • Joined

  • Last visited

Everything posted by StanleyBeast

  1. Okay, maybe I should run eset once more. I still cannot access my win firewall.
  2. Thinking this may be why... what do we do from here with this program? Zoiper.exe
  3. No user account...see? and what are the 15 google ports for if I have only 1 google chrome open, 1 extension on? I can clean up with your help once I know i the answers.. Maybe windows search is set wrong, but I dont know why so many ports to google is needed. Look at the length of the image name in task mgr,... looks fishy
  4. Farbar Service Scanner Version: 21-07-2014 Ran by McMillan (administrator) on 02-08-2014 at 00:37:47 Running from "C:\Users\McMillan\Desktop" Microsoft Windows 7 Home Basic Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => File is digitally signed C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed C:\Windows\system32\dhcpcore.dll => File is digitally signed C:\Windows\system32\Drivers\afd.sys => File is digitally signed C:\Windows\system32\Drivers\tdx.sys => File is digitally signed C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed C:\Windows\system32\dnsrslvr.dll => File is digitally signed C:\Windows\system32\mpssvc.dll => File is digitally signed C:\Windows\system32\bfe.dll => File is digitally signed C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed C:\Windows\system32\SDRSVC.dll => File is digitally signed C:\Windows\system32\vssvc.exe => File is digitally signed C:\Windows\system32\wscsvc.dll => File is digitally signed C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\system32\wuaueng.dll => File is digitally signed C:\Windows\system32\qmgr.dll => File is digitally signed C:\Windows\system32\es.dll => File is digitally signed C:\Windows\system32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed **** End of log ****
  5. Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Emsisoft Anti-Malware Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 65 Adobe Flash Player 14.0.0.145 Google Chrome 36.0.1985.125 ````````Process Check: objlist.exe by Laurent```````` Emsisoft Anti-Malware a2service.exe Emsisoft Anti-Malware a2guard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  6. And those extra chrome exe files running thru my connection, established, from all over the world, what's up with that? I had one extension, lazrus running and one google chrome window and 15-20 established connections don't seem right
  7. I have no user/admin account now I type in windows search to change my name, or password, nothing shows up, not even my back up log in account... Also I cannot open my windows firewall and my anti virus is auto disabled and asking for admin user and my account is not showing up, my back up admin account is and the guest account, which I know to never have turned on What's happening?
  8. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01 Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 19:04:31 Running from C:\Users\McMillan\Desktop Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe BootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: ======= CHR HomePage: https://www.google.com/ CHR StartupUrls: "hxxp://www.gmail.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31] CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31] CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25] CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28] CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31] CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28] CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31] CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31] CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31] CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28] CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31] CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31] CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31] CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25] CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH) S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 19:04 - 2014-08-01 19:04 - 00010441 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 07:57 - 2014-08-01 07:57 - 00000000 ____D () C:\Users\McMillan\Desktop\New folder 2014-08-01 07:09 - 2014-08-01 07:10 - 00057843 _____ () C:\Users\McMillan\Downloads\fport.zip 2014-08-01 06:18 - 2014-08-01 06:18 - 00046655 _____ () C:\Users\McMillan\Desktop\FRSTafterimanuallystartedcrypto.txt 2014-08-01 06:18 - 2014-08-01 06:18 - 00000011 _____ () C:\Users\McMillan\Desktop\command.bat 2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition4.txt 2014-08-01 04:13 - 2014-08-01 06:10 - 00046655 _____ () C:\Users\McMillan\Desktop\FRST4.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:31 - 2014-08-01 18:15 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-08-01 19:04 - 00000000 ____D () C:\FRST 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 07:52 - 2014-08-01 18:11 - 00001028 _____ () C:\Windows\setupact.log 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:44 - 2014-08-01 19:02 - 00077211 _____ () C:\Windows\WindowsUpdate.log 2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub 2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun 2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 19:04 - 2014-08-01 19:04 - 00010441 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 19:04 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST 2014-08-01 19:02 - 2014-07-31 07:44 - 00077211 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 18:18 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 18:18 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 18:15 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-08-01 18:15 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 18:14 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-01 18:11 - 2014-07-31 07:52 - 00001028 _____ () C:\Windows\setupact.log 2014-08-01 18:11 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 07:57 - 2014-08-01 07:57 - 00000000 ____D () C:\Users\McMillan\Desktop\New folder 2014-08-01 07:10 - 2014-08-01 07:09 - 00057843 _____ () C:\Users\McMillan\Downloads\fport.zip 2014-08-01 06:18 - 2014-08-01 06:18 - 00046655 _____ () C:\Users\McMillan\Desktop\FRSTafterimanuallystartedcrypto.txt 2014-08-01 06:18 - 2014-08-01 06:18 - 00000011 _____ () C:\Users\McMillan\Desktop\command.bat 2014-08-01 06:10 - 2014-08-01 04:13 - 00046655 _____ () C:\Users\McMillan\Desktop\FRST4.txt 2014-08-01 06:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration 2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt 2014-08-01 05:47 - 2009-07-14 12:53 - 00019240 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition4.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc 2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool 2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation 2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan 2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch 2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk 2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp 2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD 2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk 2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther 2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya 2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google 2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment 2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet 2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars 2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg 2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss 2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me 2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc 2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio 2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars 2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk 2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA 2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0 2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA 2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding 2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia 2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions 2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe 2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google 2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions 2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype 2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN 2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines 2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================ and addition file Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01 Ran by McMillan at 2014-08-01 19:05:05 Running from C:\Users\McMillan\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated) Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Damn oDesk Team (HKCU\...\oDVT) (Version: - oDesk Corporation) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH) Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden join.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.) magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Poker fukin Stars (HKLM\...\PokerStars) (Version: - PokerStars) Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio) Ringio (Version: 2.4 - Ringio) Hidden SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-07-2014 05:05:23 Windows Modules Installer 24-07-2014 15:46:34 Restore Operation 24-07-2014 20:52:25 July 25th, back to normal again 28-07-2014 13:31:48 Removed Java 7 Update 60 28-07-2014 13:37:25 Installed Java 7 Update 21 30-07-2014 17:04:37 Windows Backup 30-07-2014 21:06:50 Windows Update 30-07-2014 22:33:38 Restore Operation 30-07-2014 23:03:17 Windows Modules Installer 30-07-2014 23:33:05 Windows Update 31-07-2014 11:37:41 Removed Java 7 Update 21 31-07-2014 12:40:31 Installed Java 7 Update 65 31-07-2014 21:46:54 Installed Microsoft Fix it 50671 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll 2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AppIDSvc => 3 MSCONFIG\Services: SensrSvc => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: SNMPTRAP => 3 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: WSearch => 3 MSCONFIG\Services: wuauserv => 3 MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2014 06:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 06:10:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 05:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 05:36:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/01/2014 05:48:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (08/01/2014 05:34:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (08/01/2014 05:33:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (08/01/2014 03:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Cryptographic Services service failed to start due to the following error: %%1079 Microsoft Office Sessions: ========================= Error: (08/01/2014 06:13:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 06:10:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 05:50:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 05:36:28 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: ) Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 3327.23 MB Available physical RAM: 2232.91 MB Total Pagefile: 5825.52 MB Available Pagefile: 4196.82 MB Total Virtual: 2047.88 MB Available Virtual: 1919.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:171.29 GB) (Free:133.65 GB) NTFS Drive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.54 GB) NTFS Drive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. Morning Jurgen! I was just loooking over ports with netstat after yesterday with CMD and task mgr. here are the results and its all from google chrome okay? Very disturbing I think. Hoping you would over look them before we clean up today.
  10. I'm waiting.. I need to be back in here in 12 hours, so I hope you can make it. I got to get back to life too:P See you later!
  11. The one highlighted. I edited its name when I downloaded it so I would know what it is for..
  12. Yeah, I have a clean up file from your site that says to use it after I remove the junk bad files disinfection. I'll log on in 12 hours and wait for you to order me some more. Long two days but I can feel the difference already and feel safe. Thanks to you! I just learned how to turn a note pad into cmd with admin privilidges, haha, cool. See you in a while crocodile;)
  13. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01 Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 06:09:22 Running from C:\Users\McMillan\Desktop Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe BootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: ======= CHR HomePage: https://www.google.com/ CHR StartupUrls: "hxxp://www.gmail.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31] CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31] CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25] CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28] CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31] CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31] CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28] CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31] CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31] CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31] CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28] CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31] CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31] CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31] CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31] CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31] CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25] CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH) S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:13 - 2014-08-01 06:09 - 00010910 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:31 - 2014-08-01 06:08 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-08-01 06:09 - 00000000 ____D () C:\FRST 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 07:52 - 2014-08-01 06:08 - 00000972 _____ () C:\Windows\setupact.log 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:44 - 2014-08-01 06:07 - 00069639 _____ () C:\Windows\WindowsUpdate.log 2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub 2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun 2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 06:10 - 2014-08-01 04:13 - 00010910 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 06:09 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST 2014-08-01 06:08 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-08-01 06:08 - 2014-07-31 07:52 - 00000972 _____ () C:\Windows\setupact.log 2014-08-01 06:08 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 06:07 - 2014-07-31 07:44 - 00069639 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 06:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration 2014-08-01 05:56 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 05:56 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 05:53 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt 2014-08-01 05:47 - 2009-07-14 12:53 - 00018992 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc 2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool 2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation 2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan 2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch 2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk 2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp 2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD 2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk 2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther 2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya 2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google 2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment 2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet 2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars 2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg 2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss 2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me 2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc 2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio 2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars 2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk 2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA 2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0 2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA 2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding 2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia 2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions 2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe 2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google 2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions 2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype 2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN 2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines 2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================
  14. Okay, I started it in network service. It was under local service. I'll reboot, run FRST and post it. I will be back here to finish up in 12-13 hours:) See you Jurgen, thanks so far!
  15. I can open services and change the log on user manually if that helps.. It says its in wrong log on as other services that use it
  16. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01 Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 05:50:21 Running from C:\Users\McMillan\Desktop Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe BootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: ======= CHR HomePage: https://www.google.com/ CHR StartupUrls: "hxxp://www.gmail.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31] CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31] CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25] CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28] CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31] CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31] CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28] CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31] CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31] CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31] CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28] CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31] CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31] CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31] CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31] CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31] CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25] CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH) S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:13 - 2014-08-01 05:50 - 00011169 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:31 - 2014-08-01 05:49 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-08-01 05:50 - 00000000 ____D () C:\FRST 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 07:52 - 2014-08-01 05:48 - 00000916 _____ () C:\Windows\setupact.log 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:44 - 2014-08-01 05:47 - 00065509 _____ () C:\Windows\WindowsUpdate.log 2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub 2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun 2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 05:50 - 2014-08-01 04:13 - 00011169 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 05:50 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST 2014-08-01 05:49 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-08-01 05:48 - 2014-07-31 07:52 - 00000916 _____ () C:\Windows\setupact.log 2014-08-01 05:48 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 05:47 - 2014-07-31 07:44 - 00065509 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 05:47 - 2009-07-14 12:53 - 00018744 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi 2014-08-01 05:41 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 05:41 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt 2014-08-01 05:39 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc 2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration 2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool 2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation 2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan 2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch 2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk 2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp 2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD 2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk 2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther 2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya 2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google 2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment 2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet 2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars 2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg 2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss 2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me 2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc 2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio 2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars 2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk 2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA 2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0 2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA 2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding 2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia 2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions 2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe 2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google 2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions 2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype 2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN 2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines 2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================
  17. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01 Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 05:37:59 Running from C:\Users\McMillan\Desktop Platform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe BootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: ======= CHR HomePage: https://www.google.com/ CHR StartupUrls: "hxxp://www.gmail.com/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31] CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31] CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25] CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28] CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31] CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31] CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28] CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31] CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31] CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31] CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28] CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31] CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31] CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31] CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31] CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31] CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25] CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH) S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation) S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH) R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation) S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:13 - 2014-08-01 05:37 - 00011088 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:31 - 2014-08-01 05:35 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-08-01 05:38 - 00000000 ____D () C:\FRST 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 07:52 - 2014-08-01 05:34 - 00000860 _____ () C:\Windows\setupact.log 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:44 - 2014-08-01 05:33 - 00064726 _____ () C:\Windows\WindowsUpdate.log 2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub 2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun 2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 05:38 - 2014-08-01 04:13 - 00011088 _____ () C:\Users\McMillan\Desktop\FRST.txt 2014-08-01 05:38 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST 2014-08-01 05:37 - 2014-07-31 07:44 - 00064726 _____ () C:\Windows\WindowsUpdate.log 2014-08-01 05:35 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware 2014-08-01 05:34 - 2014-07-31 07:52 - 00000860 _____ () C:\Windows\setupact.log 2014-08-01 05:34 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt 2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt 2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt 2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt 2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc 2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt 2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt 2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java 2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe 2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log 2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe 2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe 2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype 2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe 2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar 2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe 2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt 2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt 2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve 2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe 2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery 2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW 2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer 2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms 2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe 2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com 2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi 2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration 2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub 2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp 2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe 2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr 2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe 2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe 2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe 2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe 2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe 2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe 2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe 2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe 2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe 2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe 2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe 2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe 2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe 2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe 2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat 2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState 2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO 2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool 2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation 2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan 2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch 2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk 2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp 2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD 2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk 2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps 2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther 2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe 2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe 2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe 2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe 2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe 2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya 2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper 2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB 2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk 2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google 2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment 2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet 2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars 2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg 2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl 2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV 2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8} 2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss 2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security 2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype 2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable 2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper 2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me 2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc 2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio 2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars 2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk 2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk 2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA 2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype 2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0 2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help 2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr 2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell 2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI 2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources 2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA 2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization 2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding 2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia 2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions 2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe 2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google 2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions 2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype 2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN 2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default 2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe 2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System 2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines 2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt 2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks 2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList 2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList 2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA 2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks 2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype 2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation 2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet 2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg 2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol 2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe 2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe 2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe 2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe 2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES 2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss 2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache 2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk 2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================
  18. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01 Ran by McMillan at 2014-08-01 05:33:42 Run:2 Running from C:\Users\McMillan\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** cmd: sc config cryptsvc start= auto cmd: net start cryptsvc Reboot: ***************** ========= sc config cryptsvc start= auto ========= [sC] ChangeServiceConfig SUCCESS ========= End of CMD: ========= ========= net start cryptsvc ========= System error 1079 has occurred. The account specified for this service is different from the account specified for other services running in the same process. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog ====
  19. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01 Ran by McMillan at 2014-08-01 05:30:49 Run:1 Running from C:\Users\McMillan\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe C:\ProgramData\6XDvn37n S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X] ***************** HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found. "C:\ProgramData\6XDvn37n" => File/Directory not found. vToolbarUpdater18.0.0 => Service not found. ==== End of Fixlog ====
  20. Maybe because I have no life without my pc like you:P I don't know where it is. I have kept all frst files on my desktop as per your orders.So the dir is desktop? I dont see frst in c program data or program files either
  21. So what;s next? Been at this 12 hours now and would love to have a good sleep knowing its done. Jurgen, Please help me get to the end of this fast:) OH I notice 12 svchost running and 4 google chrome.exe running is task mgr...csrss.exe PID 452 and also 368 C:\windows\system32\csrss.exe - Client server runtime process If it means anything
  22. My Apologies, I had my virus program on. Here is the scan again with it off. FRST txt file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 04:13:51Running from C:\Users\McMillan\DesktopPlatform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exeBootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: =======CHR HomePage: https://www.google.com/CHR StartupUrls: "hxxp://www.gmail.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No FileCHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 04:13 - 2014-08-01 04:14 - 00011008 _____ () C:\Users\McMillan\Desktop\FRST.txt2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware2014-07-31 19:31 - 2014-08-01 04:12 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt2014-07-31 16:13 - 2014-08-01 04:13 - 00000000 ____D () C:\FRST2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO2014-07-31 07:52 - 2014-08-01 03:55 - 00000804 _____ () C:\Windows\setupact.log2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 07:44 - 2014-08-01 03:58 - 00060596 _____ () C:\Windows\WindowsUpdate.log2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 04:14 - 2014-08-01 04:13 - 00011008 _____ () C:\Users\McMillan\Desktop\FRST.txt2014-08-01 04:13 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST2014-08-01 04:12 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-01 03:58 - 2014-07-31 07:44 - 00060596 _____ () C:\Windows\WindowsUpdate.log2014-08-01 03:55 - 2014-07-31 07:52 - 00000804 _____ () C:\Windows\setupact.log2014-08-01 03:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.02014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================ and the addition.txt file Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01Ran by McMillan at 2014-08-01 04:14:13Running from C:\Users\McMillan\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Damn oDesk Team (HKCU\...\oDVT) (Version: - oDesk Corporation)Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenJava 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hiddenjoin.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPoker fukin Stars (HKLM\...\PokerStars) (Version: - PokerStars)Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)Ringio (Version: 2.4 - Ringio) HiddenSHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) HiddenSkype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-07-2014 05:05:23 Windows Modules Installer24-07-2014 15:46:34 Restore Operation24-07-2014 20:52:25 July 25th, back to normal again28-07-2014 13:31:48 Removed Java 7 Update 6028-07-2014 13:37:25 Installed Java 7 Update 2130-07-2014 17:04:37 Windows Backup30-07-2014 21:06:50 Windows Update30-07-2014 22:33:38 Restore Operation30-07-2014 23:03:17 Windows Modules Installer30-07-2014 23:33:05 Windows Update31-07-2014 11:37:41 Removed Java 7 Update 2131-07-2014 12:40:31 Installed Java 7 Update 65 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-07-28 21:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-07-28 21:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: ALG => 3MSCONFIG\Services: AppIDSvc => 3MSCONFIG\Services: SensrSvc => 3MSCONFIG\Services: SessionEnv => 3MSCONFIG\Services: SNMPTRAP => 3MSCONFIG\Services: TapiSrv => 3MSCONFIG\Services: TermService => 3MSCONFIG\Services: W32Time => 3MSCONFIG\Services: WSearch => 3MSCONFIG\Services: wuauserv => 3MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )Description: Unknown Error, 0x80004003 System errors:=============Error: (08/01/2014 03:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Microsoft Office Sessions:=========================Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )Description: Unknown Error, 0x80004003 ==================== Memory info =========================== Percentage of memory in use: 30%Total physical RAM: 3327.23 MBAvailable physical RAM: 2312.81 MBTotal Pagefile: 5825.52 MBAvailable Pagefile: 4300.82 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1925.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:171.29 GB) (Free:134.09 GB) NTFSDrive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.56 GB) NTFSDrive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.43 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  23. Here is the addition txt file Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01Ran by McMillan at 2014-08-01 04:03:02Running from C:\Users\McMillan\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) HiddenAdobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Damn oDesk Team (HKCU\...\oDVT) (Version: - oDesk Corporation)Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Update Helper (Version: 1.3.24.15 - Google Inc.) HiddenJava 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hiddenjoin.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPoker fukin Stars (HKLM\...\PokerStars) (Version: - PokerStars)Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)Ringio (Version: 2.4 - Ringio) HiddenSHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) HiddenSkype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 23-07-2014 05:05:23 Windows Modules Installer24-07-2014 15:46:34 Restore Operation24-07-2014 20:52:25 July 25th, back to normal again28-07-2014 13:31:48 Removed Java 7 Update 6028-07-2014 13:37:25 Installed Java 7 Update 2130-07-2014 17:04:37 Windows Backup30-07-2014 21:06:50 Windows Update30-07-2014 22:33:38 Restore Operation30-07-2014 23:03:17 Windows Modules Installer30-07-2014 23:33:05 Windows Update31-07-2014 11:37:41 Removed Java 7 Update 2131-07-2014 12:40:31 Installed Java 7 Update 65 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (whitelisted) ============= 2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-07-25 03:18 - 2014-07-25 03:18 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: ALG => 3MSCONFIG\Services: AppIDSvc => 3MSCONFIG\Services: SensrSvc => 3MSCONFIG\Services: SessionEnv => 3MSCONFIG\Services: SNMPTRAP => 3MSCONFIG\Services: TapiSrv => 3MSCONFIG\Services: TermService => 3MSCONFIG\Services: W32Time => 3MSCONFIG\Services: WSearch => 3MSCONFIG\Services: wuauserv => 3MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )Description: Unknown Error, 0x80004003 System errors:=============Error: (08/01/2014 03:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Error: (07/31/2014 08:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Cryptographic Services service failed to start due to the following error: %%1079 Microsoft Office Sessions:=========================Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008] Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )Description: Unknown Error, 0x80004003 ==================== Memory info =========================== Percentage of memory in use: 30%Total physical RAM: 3327.23 MBAvailable physical RAM: 2309 MBTotal Pagefile: 5825.52 MBAvailable Pagefile: 4401.5 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1937.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:171.29 GB) (Free:134.1 GB) NTFSDrive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.56 GB) NTFSDrive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.43 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ and FRST txt file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 04:02:35Running from C:\Users\McMillan\DesktopPlatform: Microsoft Windows 7 Home Basic Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRunHKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exeBootExecute: autocheck autochk * regdefrag ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Hosts: 127.0.0.1 localhostTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: =======CHR HomePage: https://www.google.com/CHR StartupUrls: "hxxp://www.gmail.com/"CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No FileCHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)S4 NVHDA; system32\drivers\nvhda32v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 04:02 - 2014-08-01 04:02 - 00011007 _____ () C:\Users\McMillan\Desktop\FRST.txt2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware2014-07-31 19:31 - 2014-08-01 03:58 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt2014-07-31 16:13 - 2014-08-01 04:02 - 00000000 ____D () C:\FRST2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO2014-07-31 07:52 - 2014-08-01 03:55 - 00000804 _____ () C:\Windows\setupact.log2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 07:44 - 2014-08-01 03:58 - 00060596 _____ () C:\Windows\WindowsUpdate.log2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-01 04:02 - 2014-08-01 04:02 - 00011007 _____ () C:\Users\McMillan\Desktop\FRST.txt2014-08-01 04:02 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-01 03:58 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware2014-08-01 03:58 - 2014-07-31 07:44 - 00060596 _____ () C:\Windows\WindowsUpdate.log2014-08-01 03:55 - 2014-07-31 07:52 - 00000804 _____ () C:\Windows\setupact.log2014-08-01 03:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.02014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legitC:\Windows\system32\winlogon.exe => MD5 is legitC:\Windows\system32\wininit.exe => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\services.exe => MD5 is legitC:\Windows\system32\User32.dll => MD5 is legitC:\Windows\system32\userinit.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legitC:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-07-29 01:56 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.