Mr_dicvodka
-
Posts
6 -
Joined
-
Last visited
-
Rampant Dllhost.exe processes on boot
Mr_dicvodka replied to Mr_dicvodka's topic in Resolved Malware Removal Logs
Everything appears to be running normal now, anything else you need me to do! Fixlog.txt Malwarebytes.txt -
Rampant Dllhost.exe processes on boot
Mr_dicvodka replied to Mr_dicvodka's topic in Resolved Malware Removal Logs
Sorry, I thought I had put both of them in one post FRST.txt -
Rampant Dllhost.exe processes on boot
Mr_dicvodka replied to Mr_dicvodka's topic in Resolved Malware Removal Logs
Alright, here you go! Addition.txt -
Rampant Dllhost.exe processes on boot
Mr_dicvodka replied to Mr_dicvodka's topic in Resolved Malware Removal Logs
I beilve I have. -
Rampant Dllhost.exe processes on boot
Mr_dicvodka replied to Mr_dicvodka's topic in Resolved Malware Removal Logs
Awesome! What should my first step be? -
Hey there, so basicallly when ever I boot up about 30 dllhosts.exe launch using up all of my Cpu and RAM until the system crashes. I have tried Malwarebytes and a few others that didnt work and they both found nothing. Also to note, this doesnt happen in safe mode only when I boot normally. Thanks, here are the logs FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014 Ran by Home (administrator) on HOME-PC on 11-10-2014 21:52:27 Running from C:\Users\Home\Downloads Loaded Profile: Home (Available profiles: Home) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe ( ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\GPU Boost\GpuBoostServer.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Flux Software LLC) C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe (Valve Corporation) C:\Program Files (x86)\steam\Steam.exe () C:\Users\Home\AppData\Roaming\Fepyymba\hebefon.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboUnlocker\turboInfo.exe (Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\HMService\aaHM.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\puush\puush.exe (Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\steam\steamerrorreporter.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Hyduylmihyavpin] => C:\Users\Home\AppData\Roaming\Fepyymba\hebefon.exe [287117 2012-11-09] () HKLM-x32\...\Run: [upwadavyoqanso] => C:\Users\Home\AppData\Roaming\Akefucn\ohimy.exe [287117 2013-07-18] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [steam] => C:\Program Files (x86)\steam\steam.exe [1938624 2014-10-09] (Valve Corporation) HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] () HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [F.lux] => C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-04-06] (AMD) HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.) HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [bitTorrent] => C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe [1417048 2014-09-22] (BitTorrent Inc.) HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flux - Shortcut.lnk ShortcutTarget: flux - Shortcut.lnk -> C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam - Shortcut.lnk ShortcutTarget: Steam - Shortcut.lnk -> C:\Program Files (x86)\steam\Steam.exe (Valve Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD25B280E1D6CC01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found () Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ava7bwki.default-1409440335566 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Home\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF Extension: MEGA - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ava7bwki.default-1409440335566\Extensions\firefox@mega.co.nz.xpi [2014-08-31] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed] S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-06-18] () [File not signed] S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-04] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation) S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] () R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] () S3 nocashio; C:\Windows\SysWOW64\drivers\nocashio.sys [4096 2011-09-27] () [File not signed] S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed] S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation ) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-11] () S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft) U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 21:52 - 2014-10-11 21:52 - 00017091 _____ () C:\Users\Home\Downloads\FRST.txt 2014-10-11 21:52 - 2014-10-11 21:52 - 00000000 ____D () C:\FRST 2014-10-11 21:50 - 2014-10-11 21:51 - 02109952 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe 2014-10-11 21:39 - 2014-10-11 21:39 - 06770080 _____ () C:\Users\Home\Downloads\bitdefender_isecurity(1).exe 2014-10-11 21:33 - 2014-10-11 21:33 - 06770080 _____ () C:\Users\Home\Downloads\bitdefender_isecurity.exe 2014-10-11 21:33 - 2014-10-11 21:33 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender 2014-10-11 21:00 - 2014-10-11 21:00 - 02347384 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_enu.exe 2014-10-11 21:00 - 2014-10-11 21:00 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-10-11 20:54 - 2014-10-09 04:46 - 01705755 _____ (Thisisu) C:\Users\Home\Desktop\JRT_NEW.exe 2014-10-11 20:21 - 2014-10-11 20:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Fepyymba 2014-10-11 20:21 - 2014-10-11 20:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Akefucn 2014-10-11 20:09 - 2014-10-11 20:09 - 00000000 _____ () C:\Users\Home\Downloads\eav_nt64_ENU.msi 2014-10-11 20:03 - 2014-10-11 20:03 - 01761992 _____ (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe 2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft 2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\Program Files\Media Preview 2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\Program Files (x86)\Media Preview 2014-10-11 17:11 - 2014-10-11 20:47 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r 2014-10-11 16:04 - 2014-10-11 16:05 - 01375089 _____ () C:\Users\Home\Downloads\adwcleaner_3.311.exe 2014-10-11 15:48 - 2014-10-11 15:48 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-11 15:48 - 2014-10-11 15:48 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-10-11 15:47 - 2014-10-11 15:48 - 15677528 _____ () C:\Users\Home\Downloads\RogueKiller.exe 2014-10-11 15:30 - 2014-10-11 15:30 - 00000222 _____ () C:\Users\Home\Desktop\Borderlands The Pre-Sequel.url 2014-10-09 20:51 - 2014-10-09 20:51 - 02737592 _____ (Malwarebytes ) C:\Users\Home\Downloads\mbae-setup-1.04.1.1012.exe 2014-10-03 14:38 - 2014-10-03 14:38 - 00002108 _____ () C:\Users\Home\AppData\Local\rx_audio.Cache 2014-10-03 14:38 - 2014-10-03 14:38 - 00000072 _____ () C:\Users\Home\AppData\Local\rx_image32.Cache 2014-10-03 14:33 - 2014-10-03 14:34 - 06086217 _____ () C:\Users\Home\Downloads\just friends.zip 2014-10-03 14:33 - 2014-10-03 14:33 - 04719906 _____ () C:\Users\Home\Downloads\Rhumba Corazon recording for listening.zip 2014-10-03 14:32 - 2014-10-03 14:32 - 06621519 _____ () C:\Users\Home\Downloads\Sunday Driver MP3.zip 2014-09-30 17:32 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 17:32 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-29 22:19 - 2014-09-29 22:20 - 06276229 _____ () C:\Users\Home\Downloads\media.io.75764928.zip 2014-09-28 16:28 - 2014-10-11 20:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Woinid 2014-09-28 16:28 - 2014-10-11 20:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Isuhwou 2014-09-27 21:46 - 2014-09-27 21:58 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll 2014-09-24 21:11 - 2014-09-24 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-23 23:12 - 2014-09-23 23:12 - 00080384 _____ () C:\Windows\system32\dvprki.dll 2014-09-23 23:12 - 2014-09-23 23:12 - 00003858 _____ () C:\Windows\System32\Tasks\{26C88687-7EAE-1145-F8FA-E64457FBD83F} 2014-09-23 23:12 - 2014-09-23 23:12 - 00000000 _____ () C:\Windows\system32\ihmrnwg.dll 2014-09-23 22:44 - 2014-09-24 21:23 - 1203218495 _____ () C:\Users\Home\Downloads\iPhone3,3_7.1.2_11D257_Restore.ipsw 2014-09-23 22:01 - 2014-09-23 22:01 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-23 22:01 - 2014-09-23 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\Program Files\iTunes 2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-23 22:00 - 2014-09-23 22:00 - 00000000 ____D () C:\Program Files\iPod 2014-09-23 21:56 - 2014-09-23 21:56 - 00000000 ____D () C:\Program Files\Bonjour 2014-09-23 21:56 - 2014-09-23 21:56 - 00000000 ____D () C:\Program Files (x86)\Bonjour 2014-09-23 21:52 - 2014-09-23 21:55 - 112794960 _____ (Apple Inc.) C:\Users\Home\Downloads\iTunes64Setup(1).exe 2014-09-23 20:45 - 2014-09-23 21:23 - 1200255851 _____ () C:\Users\Home\Downloads\iPhone3,3_7.0_11A465_Restore.ipsw 2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament 2004 2014-09-23 18:50 - 2014-09-27 22:49 - 00000000 ____D () C:\UT2004 2014-09-23 18:38 - 2014-09-23 18:49 - 919941644 _____ () C:\Users\Home\Downloads\09.21.2014 Celebrity Nude Photo Hack Collection Part 2 - #thefappening.zip 2014-09-23 15:12 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 15:12 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-17 12:16 - 2014-09-17 20:59 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp 2014-09-17 12:16 - 2014-09-17 20:36 - 00001224 _____ () C:\ProgramData\@system.att 2014-09-17 12:16 - 2014-09-17 20:36 - 00000960 ____H () C:\ProgramData\@system2.att 2014-09-17 12:16 - 2014-09-17 12:16 - 00000448 ____H () C:\Users\Home\AppData\Roaming\麽鎒駓覜 2014-09-14 19:33 - 2014-09-14 19:36 - 00000051 _____ () C:\Users\Home\Desktop\Audiveris2.bat 2014-09-14 19:32 - 2014-09-14 19:33 - 01901654 _____ () C:\Users\Home\Downloads\Converted_Files_Online2PDF.zip 2014-09-14 14:55 - 2014-09-14 14:55 - 00002191 _____ () C:\Users\Home\Desktop\Audiveris.lnk 2014-09-14 14:55 - 2013-07-01 11:33 - 02309120 _____ (Dan Bloomberg) C:\Windows\system32\liblept168.dll 2014-09-14 14:55 - 2013-07-01 11:33 - 02309120 _____ (Dan Bloomberg) C:\Windows\liblept168.dll 2014-09-14 14:55 - 2013-07-01 11:33 - 02150400 _____ () C:\Windows\system32\libtesseract302.dll 2014-09-14 14:55 - 2013-07-01 11:33 - 02150400 _____ () C:\Windows\libtesseract302.dll 2014-09-14 14:55 - 2013-07-01 11:33 - 00055808 _____ () C:\Windows\system32\jniTessBridge.dll 2014-09-14 14:55 - 2013-07-01 11:33 - 00055808 _____ () C:\Windows\jniTessBridge.dll 2014-09-14 14:54 - 2014-09-14 14:54 - 01932452 _____ () C:\Users\Home\Downloads\tess-windows-64bit.jar 2014-09-14 14:42 - 2014-09-14 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript 2014-09-14 14:42 - 2014-09-14 14:42 - 00000000 ____D () C:\Program Files\gs 2014-09-14 14:41 - 2014-09-14 14:42 - 13346833 _____ () C:\Users\Home\Downloads\gs914w64.exe 2014-09-14 14:35 - 2014-09-14 14:35 - 21323656 _____ (Oracle Corporation) C:\Users\Home\Downloads\jre-7-windows-x64.exe 2014-09-14 14:23 - 2014-09-14 14:23 - 00001067 _____ () C:\Users\Home\Desktop\PDFtoMusic.lnk 2014-09-14 14:18 - 2014-09-14 14:18 - 00001084 _____ () C:\Users\Public\Desktop\MuseScore.lnk 2014-09-14 14:18 - 2014-09-14 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore 2014-09-14 14:14 - 2014-09-14 14:16 - 38678632 _____ () C:\Users\Home\Downloads\MuseScore-1.3(1).exe 2014-09-13 19:03 - 2014-09-13 19:03 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Empty Clip Studios 2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Home\AppData\Local\PAYDAY 2 2014-09-11 23:09 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 23:09 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 23:09 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 23:09 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 23:09 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 23:09 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 23:09 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 23:09 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 23:09 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 23:09 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 23:09 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 23:09 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 23:09 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 23:09 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 23:09 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 23:09 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 23:09 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 23:09 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 23:09 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 23:09 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 23:09 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 23:09 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 23:09 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 23:09 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 23:09 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 23:09 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 23:09 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 23:09 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 23:09 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 23:09 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 23:09 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 23:09 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 23:09 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 23:09 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 23:09 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 23:09 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 23:09 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 23:09 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 23:09 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 23:09 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 23:09 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 23:09 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 23:09 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 23:09 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 23:09 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 23:09 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 23:09 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 23:09 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 23:09 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 23:09 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 23:09 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 23:09 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 23:09 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 23:09 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 23:09 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 23:09 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 23:04 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 23:04 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 20:33 - 2014-09-14 23:13 - 00000112 _____ () C:\Users\Home\Desktop\JRT.txt 2014-09-11 20:27 - 2014-09-11 20:27 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-09-11 20:24 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 20:24 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 20:23 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 20:23 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 20:21 - 2014-09-11 20:21 - 04901352 _____ (Piriform Ltd) C:\Users\Home\Downloads\ccsetup417.exe 2014-09-11 20:17 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 20:17 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 20:17 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 20:17 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 20:17 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 20:17 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 20:17 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-11 21:51 - 2014-07-11 22:05 - 00007604 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg 2014-10-11 21:32 - 2012-12-08 21:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769124411-1136293391-1213875144-1000UA.job 2014-10-11 21:32 - 2012-12-08 21:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769124411-1136293391-1213875144-1000Core.job 2014-10-11 20:59 - 2009-07-13 23:45 - 00028944 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-11 20:59 - 2009-07-13 23:45 - 00028944 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-11 20:56 - 2011-07-17 12:49 - 02044559 _____ () C:\Windows\WindowsUpdate.log 2014-10-11 20:54 - 2014-07-09 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-11 20:51 - 2012-05-04 19:41 - 00000000 ___RD () C:\Users\Home\Dropbox 2014-10-11 20:51 - 2012-05-04 19:38 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Dropbox 2014-10-11 20:49 - 2014-08-15 16:22 - 00000000 ____D () C:\Program Files (x86)\steam 2014-10-11 20:48 - 2014-06-12 10:21 - 02132965 _____ () C:\Windows\setupact.log 2014-10-11 20:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-11 20:47 - 2014-06-12 10:21 - 00137862 _____ () C:\Windows\PFRO.log 2014-10-11 20:47 - 2013-12-09 00:29 - 00000000 ____D () C:\Windows\Minidump 2014-10-11 18:14 - 2011-07-17 14:55 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D0E16A3-5D56-46CB-9A42-7ABA6872DA89} 2014-10-11 16:16 - 2014-08-30 18:15 - 00000000 ____D () C:\AdwCleaner 2014-10-11 16:16 - 2011-12-18 16:15 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-11 16:16 - 2011-07-17 12:55 - 00000987 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-11 16:04 - 2012-07-05 06:47 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps 2014-10-11 15:30 - 2011-09-04 16:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-06 21:21 - 2011-09-22 22:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Spotify 2014-10-06 20:56 - 2011-09-22 22:48 - 00000000 ____D () C:\Users\Home\AppData\Local\Spotify 2014-10-05 22:47 - 2011-07-19 06:12 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype 2014-10-03 23:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-03 21:26 - 2011-12-18 16:37 - 00000000 ____D () C:\Windows\pss 2014-09-30 22:47 - 2011-07-23 11:07 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BitTorrent 2014-09-29 22:55 - 2013-11-06 21:01 - 00000000 ____D () C:\Users\Home\Desktop\My works 2014-09-29 22:55 - 2013-01-06 17:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Audacity 2014-09-28 19:58 - 2009-07-14 00:13 - 00799374 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-27 21:48 - 2011-10-21 22:51 - 00056320 ___SH () C:\Users\Home\Thumbs.db 2014-09-27 21:45 - 2011-08-01 16:10 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-09-25 20:42 - 2012-04-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-24 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-09-23 21:56 - 2011-07-17 19:32 - 00000000 ____D () C:\ProgramData\Apple 2014-09-23 19:04 - 2014-06-12 22:27 - 00038505 _____ () C:\Windows\DirectX.log 2014-09-23 18:55 - 2014-04-11 10:23 - 00000000 ____D () C:\Users\Home\Desktop\dad 2014-09-23 18:22 - 2013-11-28 00:12 - 00000000 ____D () C:\Users\Home\Desktop\Antivirus 2014-09-22 21:48 - 2013-07-18 15:07 - 00000000 ____D () C:\Users\Home\Documents\Universe Sandbox 2014-09-21 15:47 - 2014-01-26 01:04 - 00000000 ____D () C:\Users\Home\Desktop\GP7E01 2014-09-21 15:46 - 2012-06-18 20:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft 2014-09-20 23:19 - 2014-07-08 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-09-17 22:12 - 2012-05-04 19:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-17 22:04 - 2013-10-10 21:18 - 00000000 __SHD () C:\Users\Home\AppData\Roaming\htjtjiiu 2014-09-16 20:18 - 2009-07-14 00:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-15 09:06 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 20:53 - 2011-10-05 17:32 - 00000000 ____D () C:\Users\Home\AppData\Local\ESN Sonar 2014-09-14 14:36 - 2011-09-10 17:27 - 00627600 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2014-09-14 14:36 - 2011-09-10 17:27 - 00252296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-09-14 14:36 - 2011-09-10 17:27 - 00188808 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-09-14 14:36 - 2011-09-10 17:27 - 00188808 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-09-14 14:36 - 2011-09-10 17:27 - 00000000 ____D () C:\Program Files\Java 2014-09-13 18:57 - 2013-12-21 17:36 - 00000000 ____D () C:\Users\Home\AppData\Local\DayZ 2014-09-11 23:08 - 2011-07-17 22:41 - 00791496 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 23:07 - 2013-07-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 23:04 - 2011-07-17 18:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 23:03 - 2014-05-06 21:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-11 20:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas 2014-09-11 20:19 - 2011-07-18 22:50 - 00000000 ____D () C:\Users\Home\AppData\Local\Google 2014-09-11 20:19 - 2011-07-18 22:50 - 00000000 ____D () C:\Program Files (x86)\Google Files to move or delete: ==================== C:\ProgramData\5it12s5a.dat C:\ProgramData\hash.dat C:\Users\Home\jagex_cl_runescape_LIVE.dat C:\Users\Home\random.dat Some content of TEMP: ==================== C:\Users\Home\AppData\Local\Temp\airbvfz.dll C:\Users\Home\AppData\Local\Temp\cabex.dll C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvost1.dll C:\Users\Home\AppData\Local\Temp\kowvqyk.dll C:\Users\Home\AppData\Local\Temp\MediaPreviewSetup.exe C:\Users\Home\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe C:\Users\Home\AppData\Local\Temp\Quarantine.exe C:\Users\Home\AppData\Local\Temp\SIntf16.dll C:\Users\Home\AppData\Local\Temp\SIntf32.dll C:\Users\Home\AppData\Local\Temp\SIntfNT.dll C:\Users\Home\AppData\Local\Temp\tjrrkse.dll C:\Users\Home\AppData\Local\Temp\tkfsolq.dll C:\Users\Home\AppData\Local\Temp\tu17p84.exe C:\Users\Home\AppData\Local\Temp\unelevate.exe C:\Users\Home\AppData\Local\Temp\uninstal.exe C:\Users\Home\AppData\Local\Temp\UpdateFlashPlayer_225b03e2.exe C:\Users\Home\AppData\Local\Temp\UpdateFlashPlayer_b9120011.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-07 00:38 ==================== End Of Log ============================ Addition.txt