uwotskype

Members

View Profile See their activity

Posts
8
Joined
April 15, 2016
Last visited
April 20, 2016

Reputation

0 Neutral

Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

do any hackers still have my info, can they still gain access to my computer and do things to it if i obtained the backdoor.bot and trojan.stolendata virus?
- April 19, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

So far, it doesn't show any threats anymore, it seems clean. So a few questions I have to ask, is it safe to use my computer to login to my email, I haven't seen any suspicious activity so far. What safe precautions should I take if i see suspicious activity, like someone attempts to logon to my bank account? The viruses are completely gone and I should be safe now?
- April 19, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/18/2016 Scan Time: 7:21 PM Logfile: report threat scan.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.19.01 Rootkit Database: v2016.04.17.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Gabriel Scan Type: Threat Scan Result: Completed Objects Scanned: 344334 Time Elapsed: 3 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 CrackTool.MHKTricks, C:\Users\Gabriel\Downloads\Hotspot Shield 5.20.11 Elite + Universal Cr-ack.zip, Quarantined, [6d40d3dd4e4b89ad03744fa930d1c838], PUP.Optional.SaveFrom, C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\extensions\helper-sig@savefrom.net.xpi, Quarantined, [baf31f91a5f48caaca280a4ff410fe02], Physical Sectors: 0 (No malicious items detected) (end)
- April 19, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016 Ran by Gabriel (2016-04-17 00:52:08) Run:1 Running from C:\Users\Gabriel\Desktop Loaded Profiles: Gabriel (Available Profiles: Gabriel) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d5-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d8-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d9-faef-11e5-8f91-40e23092e341} - D:\run32.exe CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation) FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll (Oracle Corporation) C:\Users\Gabriel\AppData\Local\Tempmusic.ogg C:\ProgramData\DP45977C.lfl C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe E:\B1 Free Archiver\installer.exe EmptyTemp: Reboot: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully "HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d5-faef-11e5-8f91-40e23092e341}" => key removed successfully HKCR\CLSID\{ce9a16d5-faef-11e5-8f91-40e23092e341} => key not found. "HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d8-faef-11e5-8f91-40e23092e341}" => key removed successfully HKCR\CLSID\{ce9a16d8-faef-11e5-8f91-40e23092e341} => key not found. "HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d9-faef-11e5-8f91-40e23092e341}" => key removed successfully HKCR\CLSID\{ce9a16d9-faef-11e5-8f91-40e23092e341} => key not found. "HKLM\SOFTWARE\Policies\Google" => key removed successfully "HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully "HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.71.2" => key removed successfully C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => moved successfully "HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2" => key removed successfully C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.71.2" => key removed successfully C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2" => key removed successfully C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => moved successfully C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => not found. C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => not found. C:\Users\Gabriel\AppData\Local\Tempmusic.ogg => moved successfully C:\ProgramData\DP45977C.lfl => moved successfully C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe => moved successfully C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll => moved successfully C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll => moved successfully C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll => moved successfully C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe => moved successfully E:\B1 Free Archiver\installer.exe => moved successfully EmptyTemp: => 574 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 00:52:09 ====
- April 18, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

I also uninstalled all java versions.
- April 17, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

everytime I click clean on AdwCleaner my computer completely freezes so i have to restart, how do i get the attach.txt.log? also i got the other frst64 log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016 Ran by Gabriel (administrator) on GABRIEL-PC (17-04-2016 00:55:58) Running from C:\Users\Gabriel\Desktop Loaded Profiles: Gabriel (Available Profiles: Gabriel) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation.) E:\Bluetooth Software\btwdins.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Broadcom Corporation.) E:\Bluetooth Software\BTTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\Live Update.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (MSI) C:\Windows\SysWOW64\muachost.exe (Beepa P/L) E:\Fraps\fraps.exe (NVIDIA Corporation) C:\Users\Gabriel\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (Broadcom Corporation.) E:\Bluetooth Software\BTStackServer.exe (Beepa P/L) E:\Fraps\fraps64.dat (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () E:\Downloads\pics and vid for element wd\AdwCleaner.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2015-12-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Live Update] => E:\Program Files\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-Star INT'L CO., LTD.) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-15] (Google Inc.) Lsa: [Notification Packages] scecli E:\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-17] ShortcutTarget: Bluetooth.lnk -> E:\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{0665F3A5-C1D9-44F9-98CF-744C3D1CDC49}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = FireFox: ======== FF ProfilePath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Extension: SaveFrom.net - helper - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\Extensions\helper-sig@savefrom.net.xpi [2016-01-25] StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\pdf.dll => No File CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => No File CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll => No File CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Tampermonkey) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-15] CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-04-15] CHR Extension: (Video Downloader professional) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-16] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-04-15] CHR Extension: (AdBlock) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16] CHR Extension: (StayFocusd) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-15] CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2016-04-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-04-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; E:\Bluetooth Software\btwdins.exe [1008384 2014-07-17] (Broadcom Corporation.) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-12-11] (DTS, Inc) R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [36008 2015-11-04] (Micro-Star Int'l Co., Ltd.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2731648 2016-03-31] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-03-31] () R2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MSI_LiveUpdate_Service; E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-Star INT'L CO., LTD.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-11] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2016-04-07] (Sysprogs OU) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-01-08] (Broadcom Corporation.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-30] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed] R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.) S3 MSICDSetup; \??\D:\programs games\msi\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\programs games\msi\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-17 00:55 - 2016-04-17 00:55 - 00016108 _____ C:\Users\Gabriel\Desktop\FRST.txt 2016-04-17 00:52 - 2016-04-17 00:52 - 00006703 _____ C:\Users\Gabriel\Desktop\Fixlog.txt 2016-04-17 00:52 - 2016-04-17 00:52 - 00000113 _____ C:\Users\Gabriel\Documents\kenny.txt 2016-04-17 00:51 - 2016-04-15 15:06 - 02375168 _____ (Farbar) C:\Users\Gabriel\Desktop\FRST64.exe 2016-04-16 22:13 - 2016-04-17 00:55 - 00000000 ____D C:\AdwCleaner 2016-04-16 22:11 - 2016-04-16 22:11 - 00004770 _____ C:\Users\Gabriel\Desktop\JRT.txt 2016-04-16 22:02 - 2016-04-16 22:02 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Apple 2016-04-15 16:47 - 2016-04-15 16:47 - 00000490 _____ C:\TDSSKiller.3.1.0.9_15.04.2016_16.47.42_log.txt 2016-04-15 16:47 - 2015-12-11 23:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Gabriel\Desktop\TDSSKiller.exe 2016-04-15 15:06 - 2016-04-17 00:55 - 00000000 ____D C:\FRST 2016-04-15 15:03 - 2016-03-31 12:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-04-15 15:03 - 2016-03-31 11:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-04-15 15:03 - 2016-03-30 17:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-04-15 15:03 - 2016-03-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-04-15 15:03 - 2016-03-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-04-15 15:03 - 2016-03-30 17:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-04-15 15:03 - 2016-03-30 17:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-04-15 15:03 - 2016-03-30 17:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-04-15 15:03 - 2016-03-30 17:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-04-15 15:03 - 2016-03-30 17:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-04-15 15:03 - 2016-03-30 17:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-04-15 15:03 - 2016-03-30 17:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-04-15 15:03 - 2016-03-30 17:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-04-15 15:03 - 2016-03-30 17:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-04-15 15:03 - 2016-03-30 17:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-04-15 15:03 - 2016-03-30 17:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-04-15 15:03 - 2016-03-30 17:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-04-15 15:03 - 2016-03-30 17:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-04-15 15:03 - 2016-03-30 17:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-04-15 15:03 - 2016-03-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-04-15 15:03 - 2016-03-30 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-04-15 15:03 - 2016-03-30 16:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-04-15 15:03 - 2016-03-30 16:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-04-15 15:03 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-04-15 15:03 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-04-15 15:03 - 2016-03-30 16:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-04-15 15:03 - 2016-03-30 16:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-04-15 15:03 - 2016-03-30 16:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-04-15 15:03 - 2016-03-30 16:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-04-15 15:03 - 2016-03-30 16:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-04-15 15:03 - 2016-03-30 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-04-15 15:03 - 2016-03-30 16:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-04-15 15:03 - 2016-03-30 16:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-04-15 15:03 - 2016-03-30 16:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-04-15 15:03 - 2016-03-30 16:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-04-15 15:03 - 2016-03-30 16:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-04-15 15:03 - 2016-03-30 16:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-04-15 15:03 - 2016-03-30 16:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-04-15 15:03 - 2016-03-30 16:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-04-15 15:03 - 2016-03-30 16:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-04-15 15:03 - 2016-03-30 16:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-04-15 15:03 - 2016-03-30 16:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-04-15 15:03 - 2016-03-30 16:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-04-15 15:03 - 2016-03-30 16:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-04-15 15:03 - 2016-03-30 16:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-04-15 15:03 - 2016-03-30 16:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-04-15 15:03 - 2016-03-30 16:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-04-15 15:03 - 2016-03-30 16:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-04-15 15:03 - 2016-03-30 16:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-04-15 15:03 - 2016-03-30 16:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-04-15 15:03 - 2016-03-30 16:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-04-15 15:03 - 2016-03-30 16:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-04-15 15:03 - 2016-03-30 16:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-04-15 15:03 - 2016-03-16 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-04-15 15:03 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-04-15 15:03 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-04-15 15:03 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-04-15 15:03 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-04-15 15:03 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-04-15 15:03 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-04-15 15:02 - 2016-02-02 11:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-04-15 14:57 - 2016-03-17 16:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-04-15 14:57 - 2016-03-17 16:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-04-15 14:57 - 2016-03-17 16:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-04-15 14:57 - 2016-03-17 16:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-04-15 14:57 - 2016-03-17 16:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-04-15 14:57 - 2016-03-17 16:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-04-15 14:57 - 2016-03-17 15:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-04-15 14:57 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-04-15 14:57 - 2016-03-17 15:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-04-15 14:57 - 2016-03-17 15:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-04-15 14:57 - 2016-03-17 15:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-04-15 14:57 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-04-15 14:57 - 2016-03-17 15:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-04-15 14:57 - 2016-03-17 15:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-04-15 14:57 - 2016-03-17 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-04-15 14:57 - 2016-03-17 14:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-04-15 14:57 - 2016-03-17 14:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-04-15 14:57 - 2016-03-17 14:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-04-15 14:57 - 2016-03-17 14:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-04-15 14:57 - 2016-03-17 14:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-04-15 14:57 - 2016-03-17 14:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-04-15 14:57 - 2016-03-17 14:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-04-15 14:57 - 2016-03-17 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-04-15 14:57 - 2016-03-17 14:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-04-15 14:57 - 2016-03-17 14:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-04-15 14:57 - 2016-03-17 14:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-04-15 14:57 - 2016-03-17 14:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-04-15 14:55 - 2016-04-04 11:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-04-15 14:55 - 2016-04-04 11:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-04-15 14:55 - 2016-04-02 06:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-04-15 14:55 - 2016-03-29 10:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-04-15 14:55 - 2016-03-23 07:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-04-15 14:55 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-04-15 14:55 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-04-15 14:55 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-04-15 14:55 - 2016-03-11 11:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-04-15 14:55 - 2016-03-11 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-04-15 14:55 - 2016-02-05 11:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-04-15 14:55 - 2016-02-05 11:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-04-15 14:55 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-04-15 14:55 - 2016-01-20 17:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2016-04-15 14:55 - 2015-06-03 13:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2016-04-15 12:10 - 2016-04-15 12:10 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Adobe 2016-04-14 22:41 - 2016-04-16 22:11 - 00000420 _____ C:\Users\Gabriel\Documents\skullmonkeys psx.txt 2016-04-13 22:37 - 2016-04-13 22:37 - 00000143 _____ C:\Users\Gabriel\Documents\rant.txt 2016-04-13 05:40 - 2016-04-13 05:40 - 00000000 ____D C:\Users\Gabriel\Desktop\SONY VEGAS PROJECTS 2016-04-13 04:43 - 2016-04-13 04:44 - 00210760 _____ C:\TDSSKiller.3.1.0.9_13.04.2016_04.43.29_log.txt 2016-04-11 06:19 - 2016-04-11 06:19 - 00000063 _____ C:\Users\Gabriel\Documents\alone in space.txt 2016-04-11 06:18 - 2016-04-11 06:18 - 00000167 _____ C:\Users\Gabriel\Documents\dead darkness demo.txt 2016-04-11 04:56 - 2016-04-11 04:59 - 00198280 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg 2016-04-11 04:56 - 2016-04-11 04:56 - 00198448 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg.bak 2016-04-10 18:56 - 2016-04-10 18:56 - 00000092 _____ C:\Users\Gabriel\Documents\cry of fear.txt 2016-04-08 23:54 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros 2016-04-08 23:54 - 2016-04-08 23:54 - 00000593 _____ C:\Users\Public\Desktop\Icaros.lnk 2016-04-07 22:05 - 2016-04-09 07:20 - 00001205 _____ C:\Users\Gabriel\Documents\firewatch.txt 2016-04-07 06:42 - 2016-04-07 06:42 - 00283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys 2016-04-04 22:54 - 2016-04-04 22:54 - 00000803 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk 2016-04-04 19:43 - 2016-04-04 19:43 - 00000000 ____D C:\Users\Gabriel\Emulation 2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\icarus 2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\higan 2016-04-03 16:03 - 2016-04-13 05:32 - 00000239 _____ C:\Users\Gabriel\Documents\SLENDERMAN THE EIGHT PAGES.txt 2016-03-31 02:05 - 2016-04-02 10:03 - 00016232 _____ C:\Users\Gabriel\Desktop\amnesia justine part 1.veg 2016-03-31 02:05 - 2016-04-02 10:02 - 00016232 _____ C:\Users\Gabriel\Desktop\amnesia justine part 1.veg.bak 2016-03-31 01:36 - 2016-04-01 22:37 - 00019592 _____ C:\Users\Gabriel\Desktop\mental hospital.veg.bak 2016-03-31 01:36 - 2016-04-01 22:37 - 00019592 _____ C:\Users\Gabriel\Desktop\mental hospital.veg 2016-03-30 21:09 - 2016-04-14 22:58 - 00003153 _____ C:\Users\Gabriel\Documents\amnesia justine.txt 2016-03-27 18:14 - 2016-03-27 20:15 - 00000144 _____ C:\Users\Gabriel\Documents\charge ganme.txt 2016-03-27 09:38 - 2016-03-27 09:38 - 00000493 _____ C:\Users\Gabriel\Documents\irritating stick px.txt 2016-03-27 09:37 - 2016-03-31 01:38 - 00001936 _____ C:\Users\Gabriel\Documents\mental hospital.txt 2016-03-26 22:44 - 2016-03-27 08:11 - 00000410 _____ C:\Users\Gabriel\Documents\blasto.txt 2016-03-23 20:17 - 2016-03-30 22:09 - 00000054 _____ C:\Users\Gabriel\Documents\dentist.txt 2016-03-23 20:15 - 2016-03-23 20:15 - 00000792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000721 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk 2016-03-23 20:13 - 2016-03-23 20:13 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2016-03-23 20:13 - 2016-03-23 20:13 - 00000841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk 2016-03-20 20:59 - 2016-04-15 15:25 - 00000000 ____D C:\Users\Gabriel\AppData\LocalLow\CampoSanto 2016-03-20 20:52 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2016-03-20 20:52 - 2016-03-20 20:52 - 00000653 _____ C:\Users\Gabriel\Desktop\Firewatch.lnk 2016-03-20 20:52 - 2016-03-20 20:52 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Firewatch_Uninstall 2016-03-19 01:34 - 2016-04-01 21:23 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg 2016-03-19 01:34 - 2016-04-01 21:20 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg.bak ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-17 00:54 - 2016-01-18 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-17 00:53 - 2016-01-24 11:53 - 00003146 _____ C:\Windows\System32\Tasks\FRAPS 2016-04-17 00:53 - 2016-01-17 21:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-17 00:53 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\NVIDIA 2016-04-17 00:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-17 00:35 - 2016-01-23 20:20 - 00000000 ____D C:\Users\Gabriel\Desktop\Dictionarie 2016-04-17 00:12 - 2016-01-17 21:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-16 23:30 - 2016-01-18 01:54 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\vlc 2016-04-16 22:11 - 2016-02-22 21:11 - 00000223 _____ C:\Users\Gabriel\Documents\YOUTUBE TAGS.txt 2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-16 00:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-04-15 21:17 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-15 21:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-04-15 16:59 - 2009-07-13 21:45 - 04960528 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-15 16:58 - 2016-01-18 08:40 - 00000000 ____D C:\Windows\system32\appraiser 2016-04-15 16:56 - 2016-01-18 08:33 - 00000000 ____D C:\Windows\system32\MRT 2016-04-15 16:55 - 2016-01-18 08:33 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-04-15 16:30 - 2016-01-17 21:24 - 00000000 ____D C:\ProgramData\TEMP 2016-04-15 15:26 - 2016-01-18 11:34 - 00000000 ____D C:\ProgramData\Avg 2016-04-15 15:26 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Avg 2016-04-15 15:26 - 2016-01-18 10:57 - 00000000 ____D C:\ProgramData\MFAData 2016-04-15 15:26 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media 2016-04-15 15:25 - 2016-03-12 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve 2016-04-15 15:25 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steam 2016-04-15 15:25 - 2016-03-07 00:05 - 00000000 ____D C:\Users\Gabriel\Desktop\Paint.NET 3.5.10 Portable 2016-04-15 15:25 - 2016-03-05 23:53 - 00000000 ____D C:\Users\Gabriel\AppData\Local\SKIDROW 2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\UnrealEngine 2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\TKGameJam 2016-04-15 15:25 - 2016-02-27 15:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AloneInSpace 2016-04-15 15:25 - 2016-02-25 16:17 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-04-15 15:25 - 2016-02-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\OBS 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files\OBS 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files (x86)\OBS 2016-04-15 15:25 - 2016-02-13 02:01 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\BANDISOFT 2016-04-15 15:25 - 2016-02-06 09:51 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate 2016-04-15 15:25 - 2016-02-01 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-04-15 15:25 - 2016-01-23 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2016-04-15 15:25 - 2016-01-23 19:14 - 00000000 ____D C:\ProgramData\IceJS 2016-04-15 15:25 - 2016-01-23 01:30 - 00000000 ____D C:\Users\Gabriel\Documents\Amnesia 2016-04-15 15:25 - 2016-01-19 16:36 - 00000000 ____D C:\Program Files\Java 2016-04-15 15:25 - 2016-01-19 14:09 - 00000000 ____D C:\Users\Gabriel\Documents\Penumbra Overture 2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2016-04-15 15:25 - 2016-01-18 15:26 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Audacity 2016-04-15 15:25 - 2016-01-18 11:36 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\AVG 2016-04-15 15:25 - 2016-01-18 10:45 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Mozilla 2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\ProgramData\Oracle 2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-15 15:25 - 2016-01-18 10:36 - 00000000 ____D C:\Users\Gabriel\AppData\Local\NVIDIA 2016-04-15 15:25 - 2016-01-18 08:45 - 00000000 ____D C:\Users\Gabriel\Documents\puNES 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\GWX 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-04-15 15:25 - 2016-01-18 01:47 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MedGui 2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\MSI 2016-04-15 15:25 - 2016-01-17 21:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-04-15 15:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-04-15 14:35 - 2016-01-25 19:04 - 00000763 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-15 14:35 - 2016-01-23 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2016-04-15 14:31 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AvgSetupLog 2016-04-15 14:28 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel 2016-04-15 14:19 - 2016-01-19 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-04-15 12:35 - 2016-01-17 22:51 - 00000000 ____D C:\Users\Gabriel\Desktop\Terraria.v1.3.0.8 2016-04-15 09:43 - 2016-01-18 12:08 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CrashDumps 2016-04-15 09:43 - 2015-11-11 22:07 - 00000000 ____D C:\Windows\Panther 2016-04-14 22:58 - 2016-03-12 03:47 - 00004034 _____ C:\Users\Gabriel\Documents\one liners for lets play commentarie.txt 2016-04-14 22:58 - 2016-02-21 22:57 - 00001336 _____ C:\Users\Gabriel\Documents\games i played in chrono order.txt 2016-04-07 22:54 - 2016-01-18 07:36 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-07 22:54 - 2016-01-18 07:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-07 22:54 - 2016-01-18 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-06 10:18 - 2010-11-20 20:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-03 10:46 - 2016-01-21 23:44 - 00000000 ____D C:\Users\Gabriel\AppData\Local\ElevatedDiagnostics 2016-04-02 19:43 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-29 13:47 - 2016-01-17 21:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 22:42 - 2016-03-12 20:26 - 00004753 _____ C:\Users\Gabriel\Documents\afraid of monsters.txt 2016-03-28 19:40 - 2016-03-17 01:49 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg 2016-03-28 19:39 - 2016-03-17 01:49 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg.bak 2016-03-28 17:59 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg 2016-03-28 16:03 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg.bak 2016-03-27 19:22 - 2016-01-21 21:26 - 00000952 _____ C:\Users\Gabriel\Documents\parappa the rapper.txt 2016-03-27 17:30 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg 2016-03-27 16:25 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg.bak 2016-03-23 20:19 - 2016-01-17 21:50 - 00058016 _____ C:\Users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-23 20:15 - 2016-01-18 09:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-03-23 20:15 - 2016-01-18 09:06 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-03-23 20:14 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Adobe 2016-03-23 20:13 - 2016-01-18 09:06 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-03-23 20:13 - 2016-01-18 09:06 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2016-03-23 20:13 - 2016-01-18 08:56 - 00000000 ____D C:\ProgramData\Adobe Some files in TEMP: ==================== C:\Users\Gabriel\AppData\Local\Temp\libeay32.dll C:\Users\Gabriel\AppData\Local\Temp\msvcr120.dll C:\Users\Gabriel\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-10 00:52 ==================== End of FRST.txt ============================
- April 17, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype replied to uwotskype's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.4 (03.14.2016) Operating System: Windows 7 Ultimate x64 Ran by Gabriel (Administrator) on Sat 04/16/2016 at 22:10:46.69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 26 Successfully deleted: C:\Users\Gabriel\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File) Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File) Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMYPVSVG (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJRLWW52 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMYPVSVG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJRLWW52 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71 (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 04/16/2016 at 22:11:36.38 End of JRT log # AdwCleaner v5.111 - Logfile created 16/04/2016 at 22:13:53 # Updated 14/04/2016 by Xplode # Database : 2016-04-15.1 [Server] # Operating system : Windows 7 Ultimate Service Pack 1 (X64) # Username : Gabriel - GABRIEL-PC # Running from : E:\Downloads\AdwCleaner.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver Folder Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil Folder Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp ***** [ Files ] ***** File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage-journal ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKCU\Software\b1.org Key Found : HKLM\SOFTWARE\b1.org Key Found : [x64] HKLM\SOFTWARE\b1.org Key Found : HKU\S-1-5-21-3115927195-901017698-3625494767-1000\Software\b1.org ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[S1].txt - [1651 bytes] - [16/04/2016 22:13:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1724 bytes] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016 Ran by Gabriel (administrator) on GABRIEL-PC (16-04-2016 22:24:06) Running from E:\Downloads\ Loaded Profiles: Gabriel (Available Profiles: Gabriel) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation.) E:\Bluetooth Software\btwdins.exe (DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Beepa P/L) E:\Fraps\fraps64.dat (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) E:\Downloads\pics and vid for element wd\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2015-12-11] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Live Update] => E:\Program Files\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-Star INT'L CO., LTD.) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-15] (Google Inc.) HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d5-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d8-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d9-faef-11e5-8f91-40e23092e341} - D:\run32.exe Lsa: [Notification Packages] scecli E:\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-17] ShortcutTarget: Bluetooth.lnk -> E:\Bluetooth Software\BTTray.exe (Broadcom Corporation.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{0665F3A5-C1D9-44F9-98CF-744C3D1CDC49}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Extension: SaveFrom.net - helper - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\Extensions\helper-sig@savefrom.net.xpi [2016-01-25] StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\pdf.dll => No File CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll => No File CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Tampermonkey) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-15] CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-04-15] CHR Extension: (Video Downloader professional) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-16] CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-04-15] CHR Extension: (AdBlock) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16] CHR Extension: (StayFocusd) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-15] CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2016-04-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15] CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-04-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; E:\Bluetooth Software\btwdins.exe [1008384 2014-07-17] (Broadcom Corporation.) R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-12-11] (DTS, Inc) R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [36008 2015-11-04] (Micro-Star Int'l Co., Ltd.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2731648 2016-03-31] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-03-31] () R2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed] R2 MSI_LiveUpdate_Service; E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-Star INT'L CO., LTD.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-11] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2016-04-07] (Sysprogs OU) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-01-08] (Broadcom Corporation.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-30] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed] R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.) S3 MSICDSetup; \??\D:\programs games\msi\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\programs games\msi\NTIOLib_X64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-16 22:17 - 2016-04-16 22:17 - 00000000 ____D C:\Program Files (x86)\ESET 2016-04-16 22:13 - 2016-04-16 22:13 - 00000000 ____D C:\AdwCleaner 2016-04-16 22:11 - 2016-04-16 22:11 - 00004770 _____ C:\Users\Gabriel\Desktop\JRT.txt 2016-04-16 22:02 - 2016-04-16 22:02 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Apple 2016-04-15 16:47 - 2016-04-15 16:47 - 00000490 _____ C:\TDSSKiller.3.1.0.9_15.04.2016_16.47.42_log.txt 2016-04-15 16:47 - 2015-12-11 23:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Gabriel\Desktop\TDSSKiller.exe 2016-04-15 15:06 - 2016-04-16 22:24 - 00000000 ____D C:\FRST 2016-04-15 15:03 - 2016-03-31 12:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-04-15 15:03 - 2016-03-31 11:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-04-15 15:03 - 2016-03-30 17:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-04-15 15:03 - 2016-03-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-04-15 15:03 - 2016-03-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-04-15 15:03 - 2016-03-30 17:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-04-15 15:03 - 2016-03-30 17:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-04-15 15:03 - 2016-03-30 17:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-04-15 15:03 - 2016-03-30 17:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-04-15 15:03 - 2016-03-30 17:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-04-15 15:03 - 2016-03-30 17:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-04-15 15:03 - 2016-03-30 17:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-04-15 15:03 - 2016-03-30 17:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-04-15 15:03 - 2016-03-30 17:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-04-15 15:03 - 2016-03-30 17:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-04-15 15:03 - 2016-03-30 17:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-04-15 15:03 - 2016-03-30 17:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-04-15 15:03 - 2016-03-30 17:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-04-15 15:03 - 2016-03-30 17:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-04-15 15:03 - 2016-03-30 17:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-04-15 15:03 - 2016-03-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-04-15 15:03 - 2016-03-30 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-04-15 15:03 - 2016-03-30 16:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-04-15 15:03 - 2016-03-30 16:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-04-15 15:03 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-04-15 15:03 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-04-15 15:03 - 2016-03-30 16:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-04-15 15:03 - 2016-03-30 16:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-04-15 15:03 - 2016-03-30 16:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-04-15 15:03 - 2016-03-30 16:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-04-15 15:03 - 2016-03-30 16:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-04-15 15:03 - 2016-03-30 16:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-04-15 15:03 - 2016-03-30 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-04-15 15:03 - 2016-03-30 16:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-04-15 15:03 - 2016-03-30 16:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-04-15 15:03 - 2016-03-30 16:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-04-15 15:03 - 2016-03-30 16:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-04-15 15:03 - 2016-03-30 16:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-04-15 15:03 - 2016-03-30 16:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-04-15 15:03 - 2016-03-30 16:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-04-15 15:03 - 2016-03-30 16:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-04-15 15:03 - 2016-03-30 16:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-04-15 15:03 - 2016-03-30 16:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-04-15 15:03 - 2016-03-30 16:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-04-15 15:03 - 2016-03-30 16:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-04-15 15:03 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-04-15 15:03 - 2016-03-30 16:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-04-15 15:03 - 2016-03-30 16:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-04-15 15:03 - 2016-03-30 16:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-04-15 15:03 - 2016-03-30 16:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-04-15 15:03 - 2016-03-30 16:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-04-15 15:03 - 2016-03-30 16:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-04-15 15:03 - 2016-03-30 16:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-04-15 15:03 - 2016-03-30 16:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-04-15 15:03 - 2016-03-30 16:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-04-15 15:03 - 2016-03-30 16:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-04-15 15:03 - 2016-03-30 16:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-04-15 15:03 - 2016-03-16 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-04-15 15:03 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-04-15 15:03 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-04-15 15:03 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-04-15 15:03 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-04-15 15:03 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-04-15 15:03 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-04-15 15:02 - 2016-02-02 11:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-04-15 14:57 - 2016-03-17 16:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-04-15 14:57 - 2016-03-17 16:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-04-15 14:57 - 2016-03-17 16:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-04-15 14:57 - 2016-03-17 16:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-04-15 14:57 - 2016-03-17 16:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-04-15 14:57 - 2016-03-17 16:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-04-15 14:57 - 2016-03-17 15:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-04-15 14:57 - 2016-03-17 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-04-15 14:57 - 2016-03-17 15:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-04-15 14:57 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-04-15 14:57 - 2016-03-17 15:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-04-15 14:57 - 2016-03-17 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-04-15 14:57 - 2016-03-17 15:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-04-15 14:57 - 2016-03-17 15:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-04-15 14:57 - 2016-03-17 15:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-04-15 14:57 - 2016-03-17 15:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-04-15 14:57 - 2016-03-17 15:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-04-15 14:57 - 2016-03-17 15:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-04-15 14:57 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-04-15 14:57 - 2016-03-17 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-04-15 14:57 - 2016-03-17 15:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-04-15 14:57 - 2016-03-17 15:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-04-15 14:57 - 2016-03-17 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-04-15 14:57 - 2016-03-17 14:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-04-15 14:57 - 2016-03-17 14:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-04-15 14:57 - 2016-03-17 14:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-04-15 14:57 - 2016-03-17 14:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-04-15 14:57 - 2016-03-17 14:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-04-15 14:57 - 2016-03-17 14:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-04-15 14:57 - 2016-03-17 14:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-04-15 14:57 - 2016-03-17 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-04-15 14:57 - 2016-03-17 14:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-04-15 14:57 - 2016-03-17 14:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-04-15 14:57 - 2016-03-17 14:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-04-15 14:57 - 2016-03-17 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-04-15 14:57 - 2016-03-17 14:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-04-15 14:57 - 2016-03-17 14:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-04-15 14:55 - 2016-04-04 11:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-04-15 14:55 - 2016-04-04 11:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-04-15 14:55 - 2016-04-02 06:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-04-15 14:55 - 2016-03-29 10:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-04-15 14:55 - 2016-03-23 07:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-04-15 14:55 - 2016-03-17 11:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-04-15 14:55 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-04-15 14:55 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-04-15 14:55 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-04-15 14:55 - 2016-03-11 11:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-04-15 14:55 - 2016-03-11 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-04-15 14:55 - 2016-02-05 11:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-04-15 14:55 - 2016-02-05 11:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-04-15 14:55 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-04-15 14:55 - 2016-01-20 17:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2016-04-15 14:55 - 2015-06-03 13:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2016-04-15 12:10 - 2016-04-15 12:10 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Adobe 2016-04-14 22:41 - 2016-04-16 22:11 - 00000420 _____ C:\Users\Gabriel\Documents\skullmonkeys psx.txt 2016-04-13 05:40 - 2016-04-13 05:40 - 00000000 ____D C:\Users\Gabriel\Desktop\SONY VEGAS PROJECTS 2016-04-13 04:43 - 2016-04-13 04:44 - 00210760 _____ C:\TDSSKiller.3.1.0.9_13.04.2016_04.43.29_log.txt 2016-04-11 06:19 - 2016-04-11 06:19 - 00000063 _____ C:\Users\Gabriel\Documents\alone in space.txt 2016-04-11 06:18 - 2016-04-11 06:18 - 00000167 _____ C:\Users\Gabriel\Documents\dead darkness demo.txt 2016-04-11 04:56 - 2016-04-11 04:59 - 00198280 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg 2016-04-11 04:56 - 2016-04-11 04:56 - 00198448 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg.bak 2016-04-10 18:56 - 2016-04-10 18:56 - 00000092 _____ C:\Users\Gabriel\Documents\cry of fear.txt 2016-04-08 23:54 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros 2016-04-08 23:54 - 2016-04-08 23:54 - 00000593 _____ C:\Users\Public\Desktop\Icaros.lnk 2016-04-07 22:05 - 2016-04-09 07:20 - 00001205 _____ C:\Users\Gabriel\Documents\firewatch.txt 2016-04-07 06:42 - 2016-04-07 06:42 - 00283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys 2016-04-04 22:54 - 2016-04-04 22:54 - 00000803 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk 2016-04-04 19:43 - 2016-04-04 19:43 - 00000000 ____D C:\Users\Gabriel\Emulation 2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\icarus 2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\higan 2016-04-03 16:03 - 2016-04-13 05:32 - 00000239 _____ 2016-03-23 20:15 - 2016-03-23 20:15 - 00000792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk 2016-03-23 20:14 - 2016-03-23 20:14 - 00000721 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk 2016-03-23 20:13 - 2016-03-23 20:13 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk 2016-03-23 20:13 - 2016-03-23 20:13 - 00000841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk 2016-03-20 20:59 - 2016-04-15 15:25 - 00000000 ____D C:\Users\Gabriel\AppData\LocalLow\CampoSanto 2016-03-20 20:52 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics 2016-03-20 20:52 - 2016-03-20 20:52 - 00000653 _____ C:\Users\Gabriel\Desktop\Firewatch.lnk 2016-03-20 20:52 - 2016-03-20 20:52 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Firewatch_Uninstall 2016-03-19 01:34 - 2016-04-01 21:23 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg 2016-03-19 01:34 - 2016-04-01 21:20 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg.bak 2016-03-17 01:49 - 2016-03-28 19:40 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg 2016-03-17 01:49 - 2016-03-28 19:39 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg.bak ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-16 22:12 - 2016-01-17 21:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-16 22:11 - 2016-02-22 21:11 - 00000223 _____ C:\Users\Gabriel\Documents\YOUTUBE TAGS.txt 2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-16 21:54 - 2016-01-18 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-16 20:12 - 2016-01-17 21:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-16 10:16 - 2016-01-18 01:54 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\vlc 2016-04-16 00:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2016-04-15 23:10 - 2016-01-23 20:20 - 00000000 ____D C:\Users\Gabriel\Desktop\Dictionarie 2016-04-15 21:17 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-15 21:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf 2016-04-15 16:59 - 2016-01-24 11:53 - 00003146 _____ C:\Windows\System32\Tasks\FRAPS 2016-04-15 16:59 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\NVIDIA 2016-04-15 16:59 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-15 16:59 - 2009-07-13 21:45 - 04960528 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-15 16:58 - 2016-01-18 08:40 - 00000000 ____D C:\Windows\system32\appraiser 2016-04-15 16:56 - 2016-01-18 08:33 - 00000000 ____D C:\Windows\system32\MRT 2016-04-15 16:55 - 2016-01-18 08:33 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-04-15 16:30 - 2016-01-17 21:24 - 00000000 ____D C:\ProgramData\TEMP 2016-04-15 15:26 - 2016-01-18 11:34 - 00000000 ____D C:\ProgramData\Avg 2016-04-15 15:26 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Avg 2016-04-15 15:26 - 2016-01-18 10:57 - 00000000 ____D C:\ProgramData\MFAData 2016-04-15 15:26 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media 2016-04-15 15:25 - 2016-03-12 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve 2016-04-15 15:25 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steam 2016-04-15 15:25 - 2016-03-07 00:05 - 00000000 ____D C:\Users\Gabriel\Desktop\Paint.NET 3.5.10 Portable 2016-04-15 15:25 - 2016-03-05 23:53 - 00000000 ____D C:\Users\Gabriel\AppData\Local\SKIDROW 2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\UnrealEngine 2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\TKGameJam 2016-04-15 15:25 - 2016-02-27 15:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AloneInSpace 2016-04-15 15:25 - 2016-02-25 16:17 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-04-15 15:25 - 2016-02-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\OBS 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files\OBS 2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files (x86)\OBS 2016-04-15 15:25 - 2016-02-13 02:01 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\BANDISOFT 2016-04-15 15:25 - 2016-02-06 09:51 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate 2016-04-15 15:25 - 2016-02-01 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-04-15 15:25 - 2016-01-23 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2016-04-15 15:25 - 2016-01-23 19:14 - 00000000 ____D C:\ProgramData\IceJS 2016-04-15 15:25 - 2016-01-23 01:30 - 00000000 ____D C:\Users\Gabriel\Documents\Amnesia 2016-04-15 15:25 - 2016-01-19 16:36 - 00000000 ____D C:\Program Files\Java 2016-04-15 15:25 - 2016-01-19 14:09 - 00000000 ____D C:\Users\Gabriel\Documents\Penumbra Overture 2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2016-04-15 15:25 - 2016-01-18 15:26 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Audacity 2016-04-15 15:25 - 2016-01-18 11:36 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\AVG 2016-04-15 15:25 - 2016-01-18 10:45 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Mozilla 2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\ProgramData\Oracle 2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\Program Files (x86)\Java 2016-04-15 15:25 - 2016-01-18 10:36 - 00000000 ____D C:\Users\Gabriel\AppData\Local\NVIDIA 2016-04-15 15:25 - 2016-01-18 08:45 - 00000000 ____D C:\Users\Gabriel\Documents\puNES 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\GWX 2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2016-04-15 15:25 - 2016-01-18 07:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-04-15 15:25 - 2016-01-18 01:47 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MedGui 2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI 2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\MSI 2016-04-15 15:25 - 2016-01-17 21:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-04-15 15:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-04-15 14:35 - 2016-01-25 19:04 - 00000763 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-15 14:35 - 2016-01-23 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2016-04-15 14:31 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AvgSetupLog 2016-04-15 14:28 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel 2016-04-15 14:19 - 2016-01-19 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2016-04-15 12:35 - 2016-01-17 22:51 - 00000000 ____D C:\Users\Gabriel\Desktop\Terraria.v1.3.0.8 2016-04-15 09:43 - 2016-01-18 12:08 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CrashDumps 2016-04-15 09:43 - 2015-11-11 22:07 - 00000000 ____D C:\Windows\Panther 2016-04-14 22:58 - 2016-03-12 03:47 - 00004034 _____ C:\Users\Gabriel\Documents\one liners for lets play commentarie.txt 2016-04-14 22:58 - 2016-02-21 22:57 - 00001336 _____ C:\Users\Gabriel\Documents\games i played in chrono order.txt 2016-04-09 23:48 - 2016-01-20 00:28 - 00072416 ____N C:\Users\Gabriel\AppData\Local\Tempmusic.ogg 2016-04-07 22:54 - 2016-01-18 07:36 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-04-07 22:54 - 2016-01-18 07:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-07 22:54 - 2016-01-18 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-04-06 10:18 - 2010-11-20 20:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-03 10:46 - 2016-01-21 23:44 - 00000000 ____D C:\Users\Gabriel\AppData\Local\ElevatedDiagnostics 2016-04-02 19:43 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-29 13:47 - 2016-01-17 21:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-03-28 22:42 - 2016-03-12 20:26 - 00004753 _____ C:\Users\Gabriel\Documents\afraid of monsters.txt 2016-03-28 17:59 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg 2016-03-28 16:03 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg.bak 2016-03-27 19:22 - 2016-01-21 21:26 - 00000952 _____ C:\Users\Gabriel\Documents\parappa the rapper.txt 2016-03-27 17:30 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg 2016-03-27 16:25 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg.bak 2016-03-23 20:19 - 2016-01-17 21:50 - 00058016 _____ C:\Users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-23 20:15 - 2016-01-18 09:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-03-23 20:15 - 2016-01-18 09:06 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-03-23 20:14 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Adobe 2016-03-23 20:13 - 2016-01-18 09:06 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk 2016-03-23 20:13 - 2016-01-18 09:06 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk 2016-03-23 20:13 - 2016-01-18 08:56 - 00000000 ____D C:\ProgramData\Adobe 2016-03-17 21:03 - 2016-03-16 19:38 - 00000522 _____ C:\Users\Gabriel\Documents\3d hunting grizzily.txt 2016-03-17 10:46 - 2016-03-15 17:34 - 00002457 _____ C:\Users\Gabriel\Documents\the briefcase.txt ==================== Files in the root of some directories ======= 2016-01-20 00:28 - 2016-04-09 23:48 - 0072416 ____N () C:\Users\Gabriel\AppData\Local\Tempmusic.ogg 2016-01-17 21:34 - 2016-01-17 21:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-10 00:52 ==================== End of FRST.txt ============================ E:\B1 Free Archiver\installer.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
- April 17, 2016
- 14 replies
Need urgent help on backdoor.bot and trojan.stolendata

uwotskype posted a topic in Resolved Malware Removal Logs

Can anyone help me, i had a program that i double clicked on and it turned out to be a virus, so i ran malawarebytes to see if i can get rid of the problem, this was the result that showed up: http://s23.postimg.org/c2oeq0n63/screenshot_149.png it shows i had a backdoor.bot and trojan.stolendata, i researched the viruses and it turns out it can steal data and hackers can gain control of the computer. The anti-virus program got rid of the viruses and quarrentined them. then i proceded to system restore back before i downloaded this program, but when i did that the computer would restart itself two times then i was presented with a black screen with a mouse crusor to move around, it indictaed that ithe system restore would no longer work, so i'm wondering if i still have a virus and everytime i reboot and logon, this message always pops up:http://s9.postimg.org/a0ba1nbv3/screenshot_150.png This popup is mentioning the virus location is no longer there, and i can't get rid of the popup the backdoor.bot and trojan.stolendata virus iam extremely worried about, what if my bank account was hacked or if hackers already gained a hold of all my data on my computer and iam completely screwed, Lastly, i rescanned my computer and it reported no viruses, so were these viruses false positives, am i safe or not?
- April 15, 2016
- 14 replies

Sign In

uwotskype

Posts

Joined

Last visited

Reputation

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Need urgent help on backdoor.bot and trojan.stolendata

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information