Jump to content

Search the Community

Showing results for tags 'backdoor'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Now this happened about 3 months ago I have long before reset my PC to windows 10 by now but for some mysterious reason my ABV.bg email has been repeatedly getting hacked every time! even tho last time I changed my password to be unique combination of 30 symbols and letters including the secret question and answer. Its still getting mysteriously hacked and at this point its obvious the information is being leaked from my PC so the trojan/keylogger/hijacker or whatever has not been removed even tho I did repeated Malwarebytes scans and I even scanned with Bitdefender in boot environment still no such luck! Yesterday I saw about total of 74 SVHOST.exe processes in my task manager and I don't wanna say all of them are viruses but I doubt windows needs that many processes to run! So something is definitely up here! As for the virus I had in February that hijacked my browser immediately after I found my email hacked I checked my Temp folder and what do i find multitude of unknown files scattered on about I put them all in a 7zip archieve in case I need them to be give them to a professional for analyzing etc! The hacker had even hijacked my wifi (I even found some chinese characters within the wifi app pointing at some access point in some chinese province) I am pretty sure so at this point I am not even sure if its DNS hijack or browser hijack...or whatever hijack the trojan just keeps appearing and this time he seems to be not leaving any files on HDD so I am not sure if its using fake windows processes or services I need to get rid of the malicious files before trying another clean system install... The FRST.zip logs I have provided are from Safe mode scan today in Windows 10 I included some older ones too from previous months! FRST.zip temp folder viruses package.7z FRST 09th-05 Logs.zip FRST 27th-04 Logs.zip
  2. Hey guys, Newbie here. I've run a Custom Scan on my machine because it was getting a bit slow and a Backdoor.Remcos was detected in the LIBCRYPTO-1_1.DLL file in an Intel Install folder (Scan report attached below, sorry, it's in French, I can provide translations if needed) . Have you ever had this file detected as a malware ? Is this a false positive ? Or has my machine really been infected by something ? I've quarantined then rebooted then deleted the file. I hope I won't suffer any consequences in the long-term.. What do you guys think about this ? Lichew. ------------------------------------------------------------------------------------------- -Détails du journal- Date de l'analyse: 27/03/2020 -Informations du logiciel- Version: 4.0.4.49 Version de composants: 1.0.823 Version de pack de mise à jour: 1.0.21452 Licence: Gratuit -Résumé de l'analyse- Type d'analyse: Analyse personnalisée Analyse lancée par: Manuel Résultat: Terminé Objets analysés: 610725 Menaces détectées: 2 Menaces mises en quarantaine: 2 Temps écoulé: 1 h, 53 min, 3 s -Options d'analyse- Mémoire: Activé Démarrage: Activé Système de fichiers: Activé Archives: Activé Rootkits: Activé Heuristique: Activé PUP: Détection PUM: Détection -Détails de l'analyse- Processus: 0 (Aucun élément malveillant détecté) Module: 0 (Aucun élément malveillant détecté) Clé du registre: 0 (Aucun élément malveillant détecté) Valeur du registre: 0 (Aucun élément malveillant détecté) Données du registre: 0 (Aucun élément malveillant détecté) Flux de données: 0 (Aucun élément malveillant détecté) Dossier: 0 (Aucun élément malveillant détecté) Fichier: 2 Adware.FusionCore, C:\$WINDOWS.~BT\NEWOS\USERS\UTILISATEUR\DOWNLOADS\FILEZILLA_3.47.2.1_WIN64_SPONSORED-SETUP.EXE, En quarantaine, 7449, 801535, 1.0.21452, , ame, Backdoor.Remcos, C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\ICLS\LIBCRYPTO-1_1.DLL, En quarantaine, 2105, 796212, 1.0.21452, , ame, Secteur physique: 0 (Aucun élément malveillant détecté) WMI: 0 (Aucun élément malveillant détecté) (end)
  3. Hi. So I have this problem that i notice when i visit Fancentro.com (NSFW) i get redirected to patriarchia.ru Fancentro.com is the only webpage that I have noticed this redirect. There is no other page that is effected. I have scan my computer with Malwarebytes Premium Trial manytimes with no luck. So I downloaded windows on another computer and made a USB Windows installer. Then i formatted my windows drive and installed a clean copy from the flash drive. When the new windows is installed the problem goes away for a day or so. Then I notice that my computer freeze up or act strange. Then when I go to fancentro.com again the problem is back. So this virus, malware or what it is manage to comeback everytime. On my last reset I did not visit any unknown trusted webpages so could not have gotten it again from the same location. Please help me solve this. Cheers. Addition.txt FRST.txt Malewarebytes.txt
  4. I am using the premium trial of malwarebytes for android. It found this trojan during a full scan and "successfully" removed it. However, this trojan constantly returns, as the real-time protection detects it every now and then. I have been running full scans over and over. Sometimes, it is clean; other times, I see android/backdoor.triada.n. I have located the folders, where the scanner detects the malware, and manually delete the folders; but whenever android/backdoor.triada.n resurfaces, those folder also comes back. Is this really malware? I do not even use the fire hd after a clean scan, but the malware eventually returns in detection.
  5. I've been recently infected by downloading a sketchy application. As soon as I felt something was off I stopped it and ran Malwarebytes which deleted most of the viruses. There is two backdoor malware I cannot delete. I've also noticed after this event my computer has been freezing a little every 10sec or so... I believe this might be the cause of it. I came onto the forums to see if there was a solution to deleting the two unwanted malware. Addition.txt FRST.txt MalwareLog.txt
  6. It appears I've acquired an unwanted guest. Is there any hope for avoiding reformat? Thank you in advance for any and all assistance. Farbar reports attached. -k Addition.txt FRST.txt
  7. Hi. Today I discovered that my laptop was infected by a backdoor.bot. I've been using this laptop for 5 years. I use it to access my emails and buy things online occasionally. I've run approximately 7 scans today(3 in the morning and 4 this evening) and I've picked up 1 or 2 backdoor.bots every single time. In addition, I've been picking up many pup.conduits, pup.ASK and pup.trovi in my scans. In the scan I just finished running(currently 12:30pm) did not pick up the backdoor.bots. I'm at a loss of knowing what to do. Please help. This is a copy of the scan log that was recorded at approximately 9pm. -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 386309 Threats Detected: 6 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 2 hr, 29 min, 55 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 6 Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-K.MBAM, No Action By User, [48], [456339],0.0.0 Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-U.MBAM, No Action By User, [48], [456339],1.0.3226 PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [4983], [454808],1.0.3226 PUP.Optional.ASK, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [527], [454829],1.0.3226 PUP.Optional.Conduit, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [579], [454835],1.0.3226 PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [4983], [454808],1.0.3226 Physical Sector: 0 (No malicious items detected) (end)
  8. I have a friend who says that their PC was hacked and subsequently infected. Their firewall doesn't work, their PC is running incredibly slow, their antivirus is gone, and they can't download or install anything. They also run Windows 7 Ultimate if that helps with anything. They did tell me that, if nothing else works, they have no problem with formatting (however I'd prefer that to be a last resort if possible). Despite not being able to download anything I had them attempt to download Farbar to see if that would work at all. They were able to download FRST using a download manager so we're getting somewhere. They're still unable to install any programs, but they can at least use the download manager to download things. I also wanted to note that my friend and I can only communicate online at the moment, though we can still send files to each other just fine. I'm only mentioning this in case it's of any importance. Here are the Farbar logs: FRST.txt Addition.txt
  9. Hello! Need help asap, riskware slowing down my PC. - Bitdefender alert keeps popping up every few seconds (Backdoor.Generic item blocked in windows temp) - Constantly replicates tmp files in Windows Temp folder - Productivity loss. Windows Antimalware Service Executable takes up to 90% RAM. - Malwarebytes detected Hacktool.Agent threat, deleted in Safe Mode but keeps coming back TFC didn't work. ReasonCore didn't work. Please help! Attaching logs and screenshots. Hacktool.Agent.txt Addition.txt FRST.txt
  10. Hi, I recently installed Malwarebytes and am using premium trial version, when I scanned I got a "Backdoor.Trace" from a registry key, I was told since it was just a trace I shouldn´t worry about it. But later I got a website blocked warning without trying to access any website, the threat was "Outbound Connection". When I scan Malwarebytes doesn't find anything. Should I be worried?
  11. I have been having trouble with backdoors for the last year now and I have tried alot of programs for fixing it. I need some help with removing it. I have already reset my computer factory mode 6 times now in the last 6 months and its been bothering me to figure out how to get rid of it, I need to figure out what is causing it to come back on each save. If anybody can give me suggestions or advice on this it would be greatly appreciated it seems every time you try to remove them or get to the original folder its empty and it replaces itself if its removed.
  12. Malwarebytes keep finding backdoor.agent.wd in my temp folder
  13. I know people here typically talk about Windows or Mac threats I but just discovered a new Linux exploit/backdoor called Fysbis. The thing thats scary about this Trojan is that it doesn't even need to run from an admin account to infect a system. Find out more about it hear: http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/ Since Linux is a growing platform and attacks like Fysbis will only become more common, and it concerns me that most Linux users have false sense of security and many Linux users could eventually fall victim to such exploits.
  14. Hello, I recently purchased a bitcoin miner so me and my friends can mine. The next day I woke up in the morning and turned on my PC and started a steam download for a game so it would download when I was at school. When I returned from school I saw chrome open with a fake adobe flash player website and at the bottom of chrome, the download bar was full of stuff I didn't download. I've done endless scans with Malware bytes (yes I have premium) and nothing has been detected. Also my PC crashes a lot, not from overheating because I have 4 case fans and a water cooler and the temperature never goes past 70•F. I don't know what other programs this one virus has downloaded but I'm afraid I might also have a keylogger so I haven't been signing into my steam account or my emails. Any help would be greatly appreciated. Also I have about 4 different MBAM services running. Thank you
  15. Hi, I recently have been getting constant notifications from my Windows Defender. It keeps saying that it has detected malware and it is removing it. The problem is that it is constant, about every 15 minutes or so and it is the same malware that keeps reappearing. It is Backdoor.Win32.Fynloski. I have scanned multiple times with Malwarebytes and I have also tried HitManPro to remove it. Nothing seems to catch it and it really doesn't bother me if the program is there because it seems to be doing me no harm. It is just I keep having my Windows Defender bugging me about and I can't do much about it. Any help would be gladly appreciated! Thank you in advance! -RedSynth
  16. Ever since I migrated to Windows 10 I have had a virus. I've tried everything to remove it, including full scans with AVG and Malwarebytes but it keeps coming back. AVG detects it as Trojan Horse php/Backdoor.cz and HTML/Framer Would be great if anyone can help me? Its driving me crazy. Many thanks! The Farbar logs are: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015Ran by Mike (administrator) on MIKE-HP (18-11-2015 20:38:18)Running from G:\Mike\DownloadsLoaded Profiles: Mike (Available Profiles: Mike & Eli & Mcx1-MIKE-HP & DefaultAppPool)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe(Microsoft Corporation) C:\Windows\System32\browser_broker.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe==================== Registry (Whitelisted) ===========================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-27] (Easybits)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)HKLM-x32\...\Run: [HP Remote Solution] => %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exeHKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518496 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231776 2015-06-24] (Citrix Systems, Inc.)HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [GoogleChromeAutoLaunch_A9A28D217F0AF6C0AE66A9006030A09A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-07] (Google Inc.)HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-722469699-1757417711-2172558454-1001\...\MountPoints2: {0cf0d44f-6b0c-11e0-b704-806e6f6e6963} - "E:\Install Navigator.exe" HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No FileShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-08]ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-07-12]ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-15]ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)BootExecute: autocheck autochk * sdnclean64.exe==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{18b82321-0b0c-4748-a585-cb06f8448ee8}: [DhcpNameServer] 192.168.0.1Internet Explorer:==================HKU\S-1-5-21-722469699-1757417711-2172558454-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.goldstart.co.uk/adv/goldAndSilver.htmSearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDFSearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDFSearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=DesktopsSearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-06] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)Toolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-722469699-1757417711-2172558454-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileDPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cabDPF: HKLM-x32 {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} hxxps://remote-uk-tc.rbc.com/nortel_cacheable/iewiper.cabDPF: HKLM-x32 {ACDB1787-986D-434D-9857-2172CDB2108D} hxxps://remote-uk-th.rbc.com/nortel_cacheable/punblock.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)FireFox:========FF ProfilePath: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.defaultFF Homepage: hxxp://www.evertonlatest.co.uk/wp-admin/index.phphxxp://www.investorwords.co.uk/wp-admin/hxxp://www.cutthedebt.co.uk/wp-admin/index.phphxxp://www.blackburnlatest.co.uk/wp-admin/index.phphxxp://www.stokelatest.co.uk/wp-admin/hxxp://www.swansealatest.co.uk/wp-admin/hxxp://www.wolveslatest.co.uk/wp-admin/index.phphxxp://www.wiganlatest.co.uk/wp-admin/index.phphxxp://www.qprlatest.co.uk/wp-admin/hxxp://www.englandfootballlatest.co.uk/wp-admin/index.phphxxp://www.norwichlatest.co.uk/wp-admin/index.phphxxp://www.westbromlatest.co.uk/wp-admin/index.phphxxp://www.sunderlandlatest.co.uk/wp-admin/index.phpFF Session Restore: -> is enabled.FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-04-25] ()FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2011-04-25] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2011-04-25] (Citrix Systems, Inc.)FF Extension: Page Speed - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012-09-23] [not signed]FF Extension: Property Bee - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi [2013-05-12] [not signed]FF Extension: Greasemonkey - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-05] [not signed]FF Extension: YSlow - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\yslow@yahoo-inc.com.xpi [2014-12-22] [not signed]FF Extension: Flash and Video Download - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-22] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\firebug@software.joehewitt.com.xpi [2015-07-04] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\wagerlogic.xpi [2010-02-02] [not signed]FF Extension: Microsoft .NET Framework Assistant - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-21] [not signed]FF Extension: Google Toolbar for Firefox - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-08-21] [not signed]FF Extension: No Name - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2011-08-21] [not signed]FF Extension: DownThemAll! - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-04]FF Extension: OnlyWire - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\stkwv5cl.default\Extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2} [2011-08-21] [not signed]FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExtFF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-11-29] [not signed]Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.gumtree.com/search?property_type=house&seller_type=private&min_beds=3&max_beds=&min_price=370%2C000&max_price=600%2C000&q=&search_location=South+East+London&category=local-property-for-sale&search_scope=title","hxxps://www.google.co.uk/webhp?source=search_app&gws_rd=cr","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2015-10-17]CHR Extension: (Gmail Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-17]CHR Extension: (Chrome Remote Desktop) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-11-08]CHR Extension: (Financial News) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcekbbpdkhlfomdhopicfopkkedfcam [2015-10-17]CHR Extension: (Google Docs Offline) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]CHR Extension: (Pin It Button) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-17]CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]CHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-722469699-1757417711-2172558454-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [289256 2015-10-30] (McAfee, Inc.)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-09-21] (Microsoft Corporation)R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) [File not signed]R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-26] (IBM Corp.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-09-21] (Microsoft Corporation)S3 w3logsvc; C:\Windows\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-09-21] (Microsoft Corporation)R2 W3SVC; C:\Windows\SysWOW64\inetsrv\iisw3adm.dll [504832 2015-09-21] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)===================== Drivers (Whitelisted) ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]R3 hcwD3bda; C:\Windows\system32\DRIVERS\hcwD3bda64.sys [121344 2011-10-26] (Mirics)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-09-21] (Microsoft Corporation)R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-11-16] (IBM Corp.)R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-26] (IBM Corp.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-10-26] (IBM Corp.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-10-26] (IBM Corp.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-26] (IBM Corp.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)U3 idsvc; no ImagePathS3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]U3 wpcsvc; no ImagePath==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:37 - 2015-11-18 20:38 - 00000000 ____D C:\FRST2015-11-18 20:21 - 2015-11-18 20:21 - 00016148 _____ C:\Windows\system32\MIKE-HP_Mike_HistoryPrediction.bin2015-11-18 20:02 - 2015-11-18 20:02 - 00003184 _____ C:\Windows\System32\Tasks\{BC444172-5895-4D29-9FAE-38C92D256289}2015-11-17 18:30 - 2015-11-17 18:30 - 00016148 _____ C:\Windows\system32\MIKE-HP_Eli_HistoryPrediction.bin2015-11-17 18:20 - 2015-11-17 18:21 - 23493437 _____ C:\Users\Eli\Downloads\fwdboda.zip2015-11-17 17:13 - 2015-11-17 17:13 - 00000000 ____D C:\Users\Eli\AppData\Local\CEF2015-11-17 17:12 - 2015-11-17 17:12 - 02756350 _____ C:\Users\Eli\Downloads\Archivos adjuntos_20151117.zip2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 ____D C:\Program Files (x86)\Trusteer2015-11-16 22:24 - 2015-10-26 00:01 - 00394584 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys2015-11-16 22:24 - 2015-10-26 00:01 - 00139896 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys2015-11-16 22:22 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (3).exe2015-11-16 22:16 - 2015-11-16 22:16 - 00000000 ____D C:\Windows\LastGood.Tmp2015-11-16 22:15 - 2015-11-16 22:15 - 01083880 _____ (Gemalto) C:\Windows\SysWOW64\axaltocm.dll2015-11-16 22:13 - 2015-11-16 22:23 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (1).exe2015-11-16 22:13 - 2015-11-16 22:14 - 00436504 _____ (IBM Corp.) C:\Users\Eli\Downloads\RapportSetup (2).exe2015-11-15 12:34 - 2015-11-15 12:34 - 00000000 ___HD C:\OneDriveTemp2015-11-15 11:17 - 2015-11-15 11:17 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-11-11 22:53 - 2015-11-15 12:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-11-11 22:53 - 2015-11-11 22:53 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-11-11 22:53 - 2015-11-11 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes2015-11-11 22:52 - 2015-11-11 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-11-11 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-11-11 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2015-11-10 21:14 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2015-11-10 21:14 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-11-10 21:14 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-11-10 21:14 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll2015-11-10 21:14 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll2015-11-10 21:14 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll2015-11-10 21:14 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll2015-11-10 21:14 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll2015-11-10 21:14 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-11-10 21:14 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll2015-11-10 21:14 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll2015-11-10 21:14 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll2015-11-10 21:14 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll2015-11-10 21:13 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-11-10 21:13 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll2015-11-10 21:13 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2015-11-10 21:13 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-11-10 21:13 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2015-11-10 21:13 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2015-11-10 21:13 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll2015-11-10 21:13 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll2015-11-10 21:13 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe2015-11-10 21:13 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll2015-11-10 21:13 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll2015-11-10 21:13 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-11-10 21:13 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2015-11-10 21:13 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-11-10 21:13 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-11-10 21:13 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll2015-11-10 21:13 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-11-10 21:13 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys2015-11-10 21:13 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys2015-11-10 21:13 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll2015-11-10 21:13 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll2015-11-10 21:13 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2015-11-10 21:13 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll2015-11-10 21:13 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-11-10 21:13 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-11-10 21:13 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2015-11-10 21:13 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-11-10 21:13 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll2015-11-10 21:13 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll2015-11-08 11:48 - 2015-11-08 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus2015-11-02 22:07 - 2015-11-02 22:07 - 00000000 ____D C:\Users\Mike\AppData\Roaming\KompoZer2015-11-02 22:06 - 2015-11-02 22:07 - 00000000 ____D C:\Program Files\KompoZer 0.7.102015-11-02 19:41 - 2015-11-02 19:41 - 00000000 ____D C:\Users\Eli\AppData\Roaming\WinRAR2015-11-02 19:40 - 2015-11-02 19:41 - 34633425 _____ C:\Users\Eli\Downloads\wetransfer-6956a2.zip2015-11-01 13:23 - 2015-11-02 19:46 - 16545096 _____ C:\Users\Eli\Desktop\Matrimonio Frailejones.odt2015-11-01 13:05 - 2015-11-01 13:05 - 00000162 ____H C:\Users\Eli\Desktop\~$mples fonts.odt2015-11-01 13:04 - 2015-11-01 13:05 - 00005122 _____ C:\Users\Eli\Desktop\samples fonts.odt2015-10-28 07:33 - 2015-10-28 07:33 - 00000085 _____ C:\Windows\wininit.ini2015-10-28 06:57 - 2015-10-28 06:57 - 00000000 ____D C:\Users\Eli\AppData\Roaming\AVG2015-10-27 23:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe2015-10-27 23:04 - 2015-10-27 23:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking2015-10-27 23:03 - 2015-10-28 07:34 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 22015-10-27 09:37 - 2015-11-08 07:22 - 00001011 _____ C:\Users\Public\Desktop\AVG Protection.lnk2015-10-27 09:32 - 2015-10-27 09:34 - 00000000 ____D C:\Users\Mike\AppData\Local\AvgSetupLog2015-10-26 19:36 - 2015-10-26 19:36 - 00504447 _____ C:\Users\Eli\Desktop\http.odt2015-10-26 14:27 - 2015-10-26 14:27 - 00000000 ____D C:\ProgramData\ATI2015-10-22 21:41 - 2015-10-22 21:41 - 00061917 _____ C:\Windows\SysWOW64\CCCInstall_201510222241121730.log2015-10-22 21:41 - 2015-10-22 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center2015-10-22 21:40 - 2015-10-22 21:40 - 00000000 ____D C:\Program Files\ATI Technologies2015-10-22 21:38 - 2015-10-22 21:38 - 00066655 _____ C:\Windows\SysWOW64\CCCInstall_201510222238562063.log2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default\AppData\Local\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI2015-10-22 21:38 - 2015-10-22 21:38 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI2015-10-22 21:36 - 2015-10-22 21:36 - 47794160 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 27544560 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 22327280 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 15725552 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 14310896 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2015-10-22 21:36 - 2015-10-22 21:36 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 07482552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap2015-10-22 21:36 - 2015-10-22 21:36 - 03437632 _____ C:\Windows\system32\atiumd6a.cap2015-10-22 21:36 - 2015-10-22 21:36 - 01196032 _____ C:\Windows\system32\amdocl_as64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01070592 _____ C:\Windows\system32\amdocl_ld64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 01004032 _____ C:\Windows\SysWOW64\amdocl_as32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00833800 _____ C:\Windows\system32\amdicdxx.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00807424 _____ C:\Windows\SysWOW64\amdocl_ld32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\SysWOW64\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00662392 _____ C:\Windows\system32\atiapfxx.blb2015-10-22 21:36 - 2015-10-22 21:36 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00471312 _____ C:\Windows\system32\amdmiracast.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00243696 _____ C:\Windows\system32\clinfo.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00213488 _____ C:\Windows\system32\amdgfxinfo64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00199664 _____ (AMD) C:\Windows\system32\atitmm64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00198640 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00177344 _____ C:\Windows\system32\ativce03.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00175648 _____ C:\Windows\system32\amde31a.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00168944 _____ C:\Windows\system32\atieah64.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00152560 _____ C:\Windows\SysWOW64\atieah32.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00143344 _____ C:\Windows\system32\amdhdl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00132080 _____ C:\Windows\SysWOW64\amdhdl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111600 _____ C:\Windows\system32\hsa-thunk64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00111088 _____ C:\Windows\SysWOW64\hsa-thunk.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00100816 _____ C:\Windows\system32\ativce02.dat2015-10-22 21:36 - 2015-10-22 21:36 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00087992 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00073712 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00071152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00068080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00064496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00060912 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe2015-10-22 21:36 - 2015-10-22 21:36 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00057840 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00038384 _____ (AMD) C:\Windows\system32\atimuixx.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll2015-10-22 21:36 - 2015-10-22 21:36 - 00012784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-11-18 20:39 - 2011-08-22 21:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-11-18 20:36 - 2011-08-23 20:48 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype2015-11-18 20:29 - 2015-06-19 23:11 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001UA.job2015-11-18 20:29 - 2015-06-19 23:11 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-722469699-1757417711-2172558454-1001Core.job2015-11-18 20:26 - 2015-09-20 17:27 - 01009666 _____ C:\Windows\system32\PerfStringBackup.INI2015-11-18 20:23 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Eli2015-11-18 20:22 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\AppReadiness2015-11-18 20:22 - 2012-07-07 12:24 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox2015-11-18 20:21 - 2015-09-20 18:47 - 00000000 ___RD C:\Users\Mike\OneDrive2015-11-18 20:21 - 2012-05-31 21:21 - 00000000 ___RD C:\Users\Mike\Google Drive2015-11-18 20:21 - 2011-08-22 21:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-11-18 20:21 - 2011-04-20 02:53 - 00000275 _____ C:\Windows\WindowsUpdate.log2015-11-18 20:20 - 2015-09-22 21:57 - 00144840 ____N C:\Windows\Minidump\111815-18906-01.dmp2015-11-18 20:20 - 2015-09-21 21:01 - 00000000 ____D C:\Windows\Minidump2015-11-18 20:20 - 2015-09-10 05:32 - 00055788 _____ C:\Windows\PFRO.log2015-11-18 20:20 - 2015-07-30 21:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-11-18 20:20 - 2014-11-10 21:07 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMike.job2015-11-18 20:06 - 2015-09-22 21:50 - 00004148 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F0ED98D-7354-4A01-B294-54AB7450A24E}2015-11-18 20:06 - 2015-04-01 21:26 - 00004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4026B517-26E7-4767-8E9D-E443C9569FB9}2015-11-18 20:03 - 2011-08-22 17:26 - 00000000 ____D C:\ProgramData\MFAData2015-11-18 20:01 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\sru2015-11-17 17:44 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Roaming\Adobe2015-11-17 17:13 - 2011-08-24 06:50 - 00000000 ____D C:\Users\Eli\AppData\Local\Adobe2015-11-16 23:11 - 2014-11-10 21:07 - 00003232 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMike2015-11-16 23:11 - 2011-08-22 16:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log2015-11-16 22:15 - 2015-04-07 07:15 - 01432040 _____ (Gemalto) C:\Windows\system32\axaltocm.dll2015-11-15 15:59 - 2011-08-22 20:55 - 00000000 ____D C:\Users\Mike\AppData\Local\AMD2015-11-15 12:33 - 2015-09-22 21:57 - 00154760 ____N C:\Windows\Minidump\111515-11875-01.dmp2015-11-15 12:31 - 2015-09-20 17:28 - 00000000 ____D C:\Users\Mike2015-11-15 12:30 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\Speech2015-11-15 12:30 - 2015-07-10 09:05 - 00786432 ___SH C:\Windows\system32\config\BBI2015-11-15 12:11 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\rescache2015-11-11 22:09 - 2015-09-17 23:29 - 00000000 ____D C:\Program Files (x86)\Belarc2015-11-11 22:06 - 2011-12-01 23:21 - 00000000 ____D C:\Users\Mike\AppData\Roaming\SoundSpectrum2015-11-11 22:06 - 2011-12-01 23:20 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum2015-11-11 22:06 - 2011-08-23 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE2015-11-11 21:19 - 2015-06-28 10:18 - 00000000 ____D C:\Program Files\Common Files\AV2015-11-11 20:50 - 2015-07-10 09:05 - 00032768 ___SH C:\Windows\system32\config\ELAM2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\SysWOW64\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\en-GB2015-11-11 08:44 - 2015-07-30 22:42 - 00000000 ____D C:\Windows\system32\appraiser2015-11-10 22:44 - 2011-08-23 20:37 - 00000000 ____D C:\ProgramData\Microsoft Help2015-11-10 22:42 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\CbsTemp2015-11-10 22:28 - 2013-08-19 17:16 - 00000000 ____D C:\Windows\system32\MRT2015-11-10 22:19 - 2011-08-22 18:48 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-11-10 20:40 - 2015-10-17 17:18 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-11-08 12:05 - 2011-04-20 03:01 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard2015-11-08 12:05 - 2011-04-20 02:52 - 00000000 ____D C:\ProgramData\Hewlett-Packard2015-11-08 12:04 - 2015-09-20 21:18 - 00000000 ____D C:\Users\Mike\AppData\Local\Comms2015-11-08 12:03 - 2015-09-20 18:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Packages2015-11-08 11:50 - 2011-08-23 20:47 - 00000000 ____D C:\ProgramData\Skype2015-11-08 11:48 - 2015-10-18 18:35 - 00001981 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk2015-11-08 11:48 - 2015-10-18 18:35 - 00000000 ____D C:\Program Files\McAfee Security Scan2015-11-08 11:25 - 2011-09-12 09:18 - 00005912 _____ C:\Windows\mozy.blk2015-11-08 11:25 - 2011-09-12 09:18 - 00000178 _____ C:\Windows\mozy.flt2015-11-08 07:22 - 2015-08-16 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-11-08 07:21 - 2015-08-16 11:59 - 00000000 ___HD C:\$AVG2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Mike\AppData\Local\Avg2015-11-08 07:20 - 2015-05-25 09:32 - 00000000 ____D C:\Users\Eli\AppData\Local\Avg2015-11-04 20:54 - 2015-09-20 20:41 - 00002369 _____ C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-11-04 20:54 - 2015-09-20 20:41 - 00000000 ___RD C:\Users\Eli\OneDrive2015-11-03 18:20 - 2015-07-30 22:43 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-11-03 18:20 - 2015-07-30 22:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-11-02 19:59 - 2015-09-20 18:47 - 00002372 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-10-31 16:59 - 2011-10-23 18:45 - 00000000 ____D C:\Users\Eli\AppData\Local\Hewlett-Packard2015-10-31 16:58 - 2015-08-18 21:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2015-10-31 16:56 - 2015-08-18 21:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task2015-10-28 07:33 - 2012-05-20 21:01 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2015-10-28 07:01 - 2015-08-19 21:54 - 15736252 _____ C:\Users\Eli\Desktop\39 Dale Road.pptx2015-10-27 09:40 - 2015-08-16 11:57 - 00000000 ____D C:\Program Files (x86)\AVG2015-10-27 09:40 - 2014-10-19 12:51 - 00000000 ____D C:\ProgramData\AVG20152015-10-27 09:39 - 2015-08-30 12:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\AVG2015-10-27 09:37 - 2015-07-30 22:42 - 00000000 ___HD C:\Windows\ELAMBKUP2015-10-27 09:36 - 2015-08-30 12:26 - 00000000 ____D C:\ProgramData\AVG2015-10-22 21:40 - 2015-09-20 17:26 - 00000000 ____D C:\ProgramData\AMD2015-10-22 21:40 - 2015-09-20 17:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies2015-10-22 21:37 - 2015-09-20 17:25 - 00000000 ____D C:\AMD2015-10-22 21:36 - 2015-08-20 20:51 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 10211008 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2015-10-22 21:36 - 2015-08-20 20:51 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2015-10-22 21:36 - 2015-08-20 20:51 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2015-10-22 21:36 - 2015-08-20 20:46 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00874480 _____ (AMD) C:\Windows\system32\coinst_15.20.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00683504 _____ (AMD) C:\Windows\system32\atieclxx.exe2015-10-22 21:36 - 2015-08-20 20:46 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2015-10-22 21:36 - 2015-08-20 20:46 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2015-10-22 21:36 - 2015-08-20 20:46 - 00255472 _____ (AMD) C:\Windows\system32\atiesrxx.exe2015-10-19 23:40 - 2012-05-31 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-10-19 19:07 - 2011-11-17 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 32015-10-19 19:06 - 2011-11-17 20:25 - 00001181 _____ C:\Users\Public\Desktop\Picasa 3.lnk2015-10-19 08:03 - 2015-09-11 15:59 - 00313776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys==================== Files in the root of some directories =======2015-02-06 10:56 - 2015-02-06 10:56 - 0000093 _____ () C:\Users\Mike\AppData\Roaming\ARCompanion.log2015-10-11 15:07 - 2015-10-11 15:07 - 0037837 _____ () C:\Users\Mike\AppData\Roaming\Comma Separated Values (Windows).ADR2011-09-12 09:20 - 2011-09-12 09:20 - 0001854 _____ () C:\Users\Mike\AppData\Roaming\GhostObjGAFix.xml2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.Exception.log2011-08-22 16:32 - 2015-08-08 13:41 - 0002021 _____ () C:\Users\Mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log2011-08-24 22:14 - 2015-02-10 20:28 - 0005159 _____ () C:\Users\Mike\AppData\Roaming\Rim.DesktopHelper.Exception.log2011-08-24 22:15 - 2014-11-28 14:48 - 0059904 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-12-30 19:25 - 2015-08-04 19:27 - 0000600 _____ () C:\Users\Mike\AppData\Local\PUTTY.RND2013-01-29 14:38 - 2013-01-29 14:38 - 0000008 ___SH () C:\Users\Mike\AppData\Local\systemCurUses2013-01-29 14:38 - 2013-01-29 14:38 - 0000006 ___SH () C:\Users\Mike\AppData\Local\systemHdIDSome files in TEMP:====================C:\Users\Eli\AppData\Local\Temp\avguirn_0861469464.exeC:\Users\Mike\AppData\Local\Temp\avguirn_081216781173.exeC:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1mtwow.dll==================== Bamital & volsnap =================(There is no automatic fix for files that do not pass verification.)C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-11-10 20:30==================== End of FRST.txt ============================
  17. Hi So last night i was an idiot and trusted someone on my friends list on steam and so I clicked a scam link he sent me thinking it was legit. I immediately realised my mistake but it was too late as he had already had access to my account and i was kicked out of steam and couldn't log on again. I then panicked and checked my e-mail address linked to my account, only to find that all my emails had gone and the only thing left was 1 folder from years ago. I then went onto my McAfee and completed a full scan only to find that nothing was detected. Anyway I then shut my pc off because I was worried more info would be leaked to the hacker, I then went onto a different pc and changed my passwords of my E-mail address and did some research. After hearing about malwarebytes I booted up my pc and ran a scan and malwarebytes found two files and one was called Backdoor.bug and was made out to be a legit file from valve. So I was just wondering if anyone could tell me if I need to do anything else to ensure my pc is safe, I suppose I could re-install windows but is there a better option? or am I fine after using malwarebytes? P.S. I am really impressed with malwarebytes and will be purchasing premium as it saved my ass
  18. Hello, So, today I went to see what my quarantine looked like, and I notice that there were 7 new files there, all of them under the name of Backdoor.Andromeda, which were caught 2 days ago. I don't recall a pop-up showing up when Malwarebytes detected it, and 2 of them are MBAM files. I haven't downloaded anything suspicious, as I always pass all my downloads through VirusTotal, but I did get a new keyboard 2 days ago. I did a quick scan and a scan with HitmanPro, but they all came clean. I'm currently doing a full system scan with Malwarebytes. However, my pc did bluescreen yesterday, but it seems to be due to my hard drive starting to bite the dust. Is this some kind of bug, or did I really get infected? Thanks in advance for the help
  19. I should begin by saying I'm paranoid about security, going so far as to use a separate user account in Win 7 from the administrator account, keeping everything up to date, occasionally going through and just poking around the system to see if anything's amiss, etc. I'd like to think I know what I'm doing when it comes to being cautious about malware, so this one was pretty sneaky. I started getting backdoor.bot warnings in the MB dialog box, so I started looking into this. I ran both MBAM and MBAR and they both come up clean. Avast never warned me of anything. So I rebooted, and there were no more MB warnings. However, I then found out that there was a program running called SearchIndexer.exe, but instead of saying "Windows search provider" or whatever, it was showing up with a description of "klkjzvjkawetoinkbf" (not that, but something similar, with all random letters). So then I ran AdwCleaner and it found an extension in Chrome with that same name, plus a registry key that may have also been related, and let it remove those. I still have Windows Update access, Windows Firewall was still on, and I never lost internet access. But I decided to install ZoneAlarm because it alerts you to PUP trying to get outbound, and WF doesn't. So I have a few questions... 1) I don't remember allowing this extension to be installed. Is there some way it might have installed itself without my approval? i2) If #1 is "yes", Is there something else besides MBAM resident that I an install to prevent this from infecting me in the first place? 3) What else should I run to ensure I'm infection-free? Thanks in advance.
  20. I APOLOGIZE: THIS IS A LONG WINDED SYNOPSIS, but I need some kind of advice before I absolutely lose it! Everything I seem to do is somehow blocked, hidden, corrupted, etc (INCLUDING MBAM Premium and MBAE Premium & MBAR!) by this - virus? /malware? /identity theft?/ CYBER TERRORISM?? I don't know. THANK YOU to ANYONE who can steer me in the right direction. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I discovered some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy over again and there goes another $120 just to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am using now is my desktop. I did a system restore on it (although I was only allowed to go a few weeks back), about a week ago - this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. I am terrified to even put the battery back in my laptop. Before this whole nightmare, my desktop was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they are just patiently waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I will be checking for any responses continuously throughout the night and days. Sincerely, Stephen
  21. I have always been careful online and never thought Cyber Terrorism could ever happen to me, but the past few months have been a living hell and the stress level in my family is absolutely overwhelming all due to this hidden digital horror and I NEED my life back! Sorry for the introduction, but I am desperate here. Anyway, a little over two months ago I had some kind of virus on my computer, a very visible, lost administrative access, etc. At that time I was only secured by my ISP "Comcasts Norton 360." I contacted them immediately and they remotely went into my computer and just deleted a bunch of files and God knows what else they did (apparently Symantec has a special "department" for Comcast Norton customers?!?). Not less than a day after I'm noticing all kinds of stuff again. So, I called the local "PC Repair Man" whom I've now come to believe is a joke, and he did his thing installing some Spyware Program from a USB stick, claimed everything was all fixed and left me with the $120 bill. I went on vacation for 2 weeks and came back to ALL KINDS of problems and on my Laptop AND my desktop!.. Programs I didn't install, updates from Microsoft that were years old, revoked administrative access, webpage redirecting, running in 32bit instead of my 8.1 64bit, EVERYTHING! So, in a panic I did the Windows 8.1 "Refresh" of both desktop and laptop. Called Comcast Norton again, they come on my Laptop this time and see I "wiped" (refreshed) everything, so they just run Norton Power Eraser for good measure, of course it comes up clean. BUT, just to be sure I was totally in the clear I had doofus "reapair" guy out and there goes another $120 to say I fixed it myself.... Things seemed fine for a week or so and I started doing lots of research on the hacking culture. I bought MBAM Premium and MBAE Premium and decided to change my ISP to Verizon Fios. THE DAY AFTER Verizon internet was installed I again became locked out of key features and some even simple ones of my computer. I kept being redirected, kicked out of my accounts out of nowhere, my Microsoft account was stolen and I had to jump through hoops to recover it by phone. But what is REALLY weird, as well as beyond frustrating is that this thing starts spreading across EVERY device in my name. Two tablets, my two computers and MY PHONE! I had an LG and it was showing it connecting with other LG's and turning on and off, battery draining, and ALL my devices are constantly working their butt off at something! CPU and RAM usage so high, it was rendering them useless. So, here I stand. I can no longer try to keep chasing this down and self diagnosing. My $3K Laptop lies without it's battery attached for 2 weeks, I broke down and got a brand new phone and my Nook HD tablets have been wiped twice and still CM Security continues to list virus after virus attached to them, so they're permanently off for now. So, all I have am usingnow is my desktop. I did a system restore (and was only allowed a few weeks back), about a week ago, this then activated a free trial of Norton Antivirus, NOT the Comcast one. I run MBAM Premium and Norton scans daily. MBAE Premium is always on screen, yet my computer is STILL as slow as molasses and I get warnings and crash reports from Google Chrome and IE 11 every time I use them. I can't even run a few small computer games for my 5 year old, they just slow to a freeze. Before this whole nightmare I was running heavy photo software along with large 'Minecraft" worlds (all closed games, just my son and I) at lighting speed! So, I believe there are some serious lingering Rootkits and/or Backdoors somewhere deep in the system. And clearly all my attempts at wiping them with "refreshes" does nothing but leave them undetectable by antivirus and anti malware software so they're just waiting again for that one accidental click to open the flood gates once again. I'm sorry I wrote an essay and if you got this far you are awesome! I need some kind of sound advice, anything from anyone with true knowledge on how to see into the depths of my computer and clean it up and keep it that way. Thanks again. Everyone at Malwarebytes is a true hero. I am off to bed, but will be checking for responses around 7-8am Eastern Standard Time and throughout the day. Sincerely, Stephen Kelly (Spkelly9807)
  22. Some advice on further checks I can make to find any remaining infections would be much appreciated. I have added the log below. Scan Date: 19/11/2014 Scan Time: 20:24:12 Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.19.07 Rootkit Database: v2014.11.18.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Alex Scan Type: Custom Scan Result: Completed Objects Scanned: 492987 Time Elapsed: 25 min, 53 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Backdoor.Bot, C:\Users\Alex\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\caae4b001253909f\120712-0049\Att\20001624\IMG00009778.zip, Quarantined, [b689003d0c7012240074493a18e916ea], Physical Sectors: 0 (No malicious items detected) (end)
  23. Hello! When I start my computer malwarebytes always finds trojan.agent in svchost.exe and deletes it. This repeats everytime I start up computer so I did digging around internet and now it seems I have backdoor virus. I have run full scan on malwarebytes with rootkits enabled and full scan with MSE. Both found nothing. I runned this Farbar Recovery. Here are the logs: Addition.txt FRST.txt
  24. Hello! So let me explain what is happening on Wednesday I downloaded WMP x256, I don't have any anti virus software since I do alot of stuff on my pc that is sometimes detected as a trojan. Anyways, what happens is when I start up my PC it starts loading the operating system and it says "Loading Windows" and then instantly almost restarts my PC. This has never happened before and only started when I downloaded that WMP x256. The only way to access my computer it seems is to run Memory Diagnostic from the advance repair settings. It then loads up windows fine. I would be ok with this if I could actually use and save folders to my desktop but I can't. It always resets and I have tried pretty much everything I can. I tried using mbam but this happened: http://gyazo.com/2fbd9a0b05a91f3a8e76041f426f29a9 So yes, could I please have some help? This is my first time doing this (going on a forum and asking help) If this does work I will be very grateful. Here is the Farbar scan: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014Ran by Callum (administrator) on CALLUM-PC on 30-05-2014 20:01:15Running from C:\Users\TEMP\DesktopPlatform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe() C:\Program Files (x86)\LPT\srpts.exe() C:\Program Files\003\nuttkoqiez64.exe() C:\Windows\SysWOW64\PnkBstrA.exe() C:\Program Files (x86)\LPT\srptm.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Beepa P/L) C:\Fraps\fraps.exe(Beepa P/L) C:\Fraps\fraps64.dat(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not FoundIFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exeStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dual Package.lnkShortcutTarget: Dual Package.lnk -> C:\Program Files (x86)\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnkShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBooster.lnkShortcutTarget: ImageBooster.lnk -> C:\Program Files (x86)\LG Soft India\ImageBooster\bin\ImageBooster.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnkShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfyNLr7DhTm04hMTPEi061Yng7zqU332Ilxl0qawy-TUoEyNWCcmbrK5tlSV5E-wPgCLGAcy_urGFG5hbFkjotcXwofYHBjJtP_Su9MWFxgpWVC2Tb8sbP7ReMWFczg9tQ,,&q={searchTerms}SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOyg7Rm9iQKjCfyNLr7DhTm04hMTPEi061Yng7zqU332Ilxl0qawy-TUoEyNWCcmbrK5tlSV5E-wPgCLGAcy_urGFG5hbFkjotcXwofYHBjJtP_Su9MWFxgpWVC2Tb8sbP7ReMWFczg9tQ,,&q={searchTerms}BHO: HDvid-Codec V9.0 - {11111111-1111-1111-1111-110511131156} - C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho64.dll (installdaddy)BHO: VEEHD Plugin V9.0 - {11111111-1111-1111-1111-110511131184} - C:\Program Files (x86)\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho64.dll (installdaddy)BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: FreeFLVConverter - {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll (Free FLV Converter)BHO-x32: HDvid-Codec V9.0 - {11111111-1111-1111-1111-110511131156} - C:\Program Files (x86)\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll (installdaddy)BHO-x32: VEEHD Plugin V9.0 - {11111111-1111-1111-1111-110511131184} - C:\Program Files (x86)\VEEHD Plugin V9.0\VEEHD Plugin V9.0-bho.dll (installdaddy)BHO-x32: Bubble Dock SurfMatch - {23AF19F7-1D5B-442c-B14C-3D1081953C94} - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\axSurfMatch.dll (Nosibay)BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No FileBHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: FreeFLVConverter - {DC7CE5D0-3608-4FD0-8853-D5822E02135D} - C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll (Free FLV Converter)BHO-x32: FlowSurf - {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} - C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.)Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-05-14]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-14]FF HKLM-x32\...\Firefox\Extensions: [bubbledock@nosibay.com] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\FFSurfMatchFF Extension: Bubble Dock - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\FFSurfMatch [2014-04-18] Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Extension: (Google Docs) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-30]CHR Extension: (Google Drive) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-30]CHR Extension: (YouTube) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-30]CHR Extension: (Google Search) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-30]CHR Extension: (Google Wallet) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-30]CHR Extension: (Gmail) - C:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-30]CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" [2014-05-30]CHR HKLM-x32\...\Chrome\Extension: [kbjlipmgfoamgjaogmbihaffnpkpjajp] - C:\Program Files (x86)\Nosibay\Bubble Dock\extensions\GCSurfMatch.crx [2014-01-16] ==================== Services (Whitelisted) ================= R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-04-27] ()R2 FreeFLVConverterUpdt; C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [252928 2014-02-25] ()R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [395536 2014-02-11] (Hauppauge Computer Works, Inc.)R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37920 2014-04-08] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-05-14] (Mozilla Foundation)R2 nuttkoqiez64; C:\Program Files\003\nuttkoqiez64.exe [706560 2014-04-20] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-19] ()S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)S2 Update Surftastic; "C:\Program Files (x86)\Surftastic\updateSurftastic.exe" [X]S2 Util Surftastic; "C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 hcwE5bda; C:\Windows\System32\drivers\hcwE5bda.sys [968792 2014-01-07] (Hauppauge Computer Work, Inc.)S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2010-08-04] (LG Soft India)S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19968 2010-08-04] (LG Soft India)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-30] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [30336 2003-04-04] (Politecnico di Torino)R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2010-12-14] (Windows ® Codename Longhorn DDK provider)R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-04-18] (StdLib)R1 {01531192-f7ef-415f-a549-cfdb11836731}w64; C:\Windows\System32\drivers\{01531192-f7ef-415f-a549-cfdb11836731}w64.sys [61120 2014-04-24] (StdLib)S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-30 20:01 - 2014-05-30 20:01 - 00016881 _____ () C:\Users\TEMP\Desktop\FRST.txt2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Gyazo2014-05-30 19:52 - 2014-05-30 20:01 - 00000000 ____D () C:\FRST2014-05-30 19:52 - 2014-05-30 19:52 - 02066944 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe2014-05-30 19:52 - 2014-05-30 19:52 - 02066944 _____ (Farbar) C:\Users\TEMP\Desktop\FRST64.exe2014-05-30 19:51 - 2014-05-30 19:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-30 19:51 - 2014-05-30 19:51 - 00000000 ____D () C:\Users\TEMP\AppData\Local\CrashDumps2014-05-30 19:50 - 2014-05-30 19:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP\Downloads\mbam-setup-2.0.2.1012.exe2014-05-30 19:50 - 2014-05-30 19:50 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-30 19:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-30 19:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-30 19:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-30 19:48 - 2014-05-30 19:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple2014-05-30 19:48 - 2014-05-30 19:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple Computer2014-05-30 19:39 - 2014-05-30 19:39 - 00000000 ____D () C:\ProgramData\RogueKiller2014-05-30 19:38 - 2014-05-30 19:38 - 05201408 _____ () C:\Users\TEMP\Downloads\RogueKillerX64.exe2014-05-30 19:30 - 2014-05-30 19:30 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\NVIDIA2014-05-30 19:30 - 2014-05-30 19:30 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\DivX2014-05-30 19:30 - 2014-05-30 19:29 - 05203398 _____ (Swearware) C:\Users\TEMP\Desktop\ComboFix.exe2014-05-30 19:29 - 2014-05-30 19:29 - 05203398 _____ (Swearware) C:\Users\TEMP\Downloads\ComboFix.exe2014-05-30 19:26 - 2014-05-30 19:49 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Apple Computer2014-05-30 19:26 - 2014-05-30 19:26 - 00002259 _____ () C:\Users\TEMP\Desktop\Google Chrome.lnk2014-05-30 19:26 - 2014-05-30 19:26 - 00001417 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\Documents\LOLReplay2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Adobe2014-05-30 19:25 - 2014-05-30 20:01 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Temp2014-05-30 19:25 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP2014-05-30 19:25 - 2014-05-30 19:25 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini2014-05-30 19:25 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-05-30 19:25 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-05-29 16:59 - 2014-05-29 16:59 - 00006120 _____ () C:\Windows\system32\PerfStringBackup.TMP2014-05-29 00:30 - 2014-05-29 00:30 - 00000000 ____D () C:\Windows\system32\config\mybackup2014-05-28 16:50 - 2014-05-28 16:50 - 00059640 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-05-28 15:13 - 2014-05-28 15:13 - 00000000 ____D () C:\Users\Splurtle\Documents\bu2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Macromedia2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\LolClient2014-05-28 14:56 - 2014-05-28 15:15 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Temp2014-05-28 14:56 - 2014-05-28 14:59 - 00002259 _____ () C:\Users\Splurtle\Desktop\Google Chrome.lnk2014-05-28 14:56 - 2014-05-28 14:56 - 00001417 _____ () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-05-28 14:56 - 2014-05-28 14:56 - 00000020 ___SH () C:\Users\Splurtle\ntuser.ini2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\Documents\LOLReplay2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Apple Computer2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Adobe2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\NVIDIA2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Google2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Adobe2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle2014-05-28 14:56 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-05-28 14:56 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-05-28 14:34 - 2014-05-29 17:11 - 00000000 ____D () C:\Documenterinos2014-05-28 14:23 - 2014-05-28 15:49 - 00059640 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT2014-05-27 21:28 - 2014-05-28 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack2014-05-27 21:22 - 2014-05-27 21:22 - 00000000 ____D () C:\adobeTemp2014-05-27 21:04 - 2014-05-28 22:47 - 00000000 ____D () C:\deeff789ef251c466ba7bd88bb12bc2014-05-27 21:03 - 2014-05-28 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets2014-05-27 21:03 - 2014-05-28 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater2014-05-27 21:03 - 2014-05-28 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam2014-05-27 21:03 - 2014-05-28 22:47 - 00000000 ____D () C:\Program Files (x86)\Zapp2014-05-27 21:03 - 2014-05-28 22:47 - 00000000 ____D () C:\Program Files (x86)\Wajam2014-05-27 21:03 - 2014-05-28 22:46 - 00000000 ____D () C:\Program Files\Zapp2014-05-27 21:03 - 2014-04-09 07:55 - 00034376 _____ () C:\Windows\Launcher.exe2014-05-27 20:49 - 2014-05-27 20:49 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk2014-05-27 17:20 - 2014-05-28 22:47 - 00000000 ____D () C:\Program Files (x86)\save ona2014-05-27 17:20 - 2014-05-28 22:46 - 00000000 ____D () C:\ProgramData\TopApp soft2014-05-27 17:20 - 2014-05-28 14:56 - 00000452 ____H () C:\Windows\Tasks\SO.Booster-S-5078429478.job2014-05-27 17:20 - 2014-05-27 17:20 - 04210176 _____ () C:\Program Files (x86)\SO_x64.Booster2014-05-27 17:20 - 2014-05-27 17:20 - 00174928 _____ () C:\Program Files (x86)\SOSvc.dll2014-05-27 17:20 - 2014-05-27 17:20 - 00002698 _____ () C:\Windows\System32\Tasks\SO.Booster-S-50784294782014-05-27 17:20 - 2014-05-27 17:20 - 00000000 ____D () C:\ProgramData\save ona2014-05-27 08:11 - 2014-05-27 08:11 - 00291048 _____ () C:\Windows\Minidump\052714-26691-01.dmp2014-05-26 14:02 - 2014-05-26 14:03 - 00295416 _____ () C:\Windows\Minidump\052614-55754-01.dmp2014-05-25 14:03 - 2014-05-28 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader2014-05-25 14:03 - 2014-05-27 17:22 - 00000000 ____D () C:\Program Files (x86)\EZDownloader2014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Windows\SysWOW64\X862014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Windows\SysWOW64\AMD642014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\ProgramData\SNT2014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Program Files (x86)\SNT2014-05-25 14:02 - 2014-05-28 22:47 - 00000000 ____D () C:\ProgramData\1617bd31039115702014-05-25 14:02 - 2014-05-28 22:46 - 00000000 ____D () C:\ProgramData\InstallMate2014-05-25 14:02 - 2014-05-28 14:56 - 00000468 ____H () C:\Windows\Tasks\SW-Booster-S-5808190755.job2014-05-25 14:02 - 2014-05-27 17:20 - 00000000 ____D () C:\Program Files (x86)\SW-Booster2014-05-25 14:02 - 2014-05-25 14:03 - 00000000 ____D () C:\ProgramData\TopApp software2014-05-25 14:02 - 2014-05-25 14:02 - 00002714 _____ () C:\Windows\System32\Tasks\SW-Booster-S-58081907552014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\saVee on2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\Program Files (x86)\saVee on2014-05-25 12:29 - 2014-05-28 14:49 - 00000000 ____D () C:\Users\GFX2014-05-25 12:16 - 2014-05-25 12:17 - 00291024 _____ () C:\Windows\Minidump\052514-23805-01.dmp2014-05-25 12:04 - 2014-05-25 12:05 - 00291016 _____ () C:\Windows\Minidump\052514-37721-01.dmp2014-05-25 08:14 - 2014-05-25 08:14 - 00291048 _____ () C:\Windows\Minidump\052514-25630-01.dmp2014-05-24 19:56 - 2014-05-24 19:57 - 00291048 _____ () C:\Windows\Minidump\052414-14180-01.dmp2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-05-24 07:20 - 2014-05-24 07:20 - 00291048 _____ () C:\Windows\Minidump\052414-15412-01.dmp2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Program Files (x86)\SiteLookup2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Program Files (x86)\SiteFinder2014-05-19 21:22 - 2014-05-19 21:22 - 00001024 _____ () C:\.rnd2014-05-19 21:22 - 2014-05-19 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware2014-05-19 21:22 - 2011-08-22 17:07 - 00942192 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll2014-05-19 21:22 - 2011-08-22 17:07 - 00354416 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe2014-05-19 21:22 - 2011-08-22 17:07 - 00062064 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys2014-05-19 21:22 - 2011-08-22 17:07 - 00031344 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys2014-05-19 21:22 - 2011-08-22 17:06 - 00432752 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe2014-05-19 21:22 - 2011-08-22 17:06 - 00030320 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys2014-05-19 21:22 - 2011-08-21 23:11 - 00039024 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys2014-05-19 21:21 - 2014-05-28 14:23 - 00000000 ____D () C:\ProgramData\VMware2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Program Files\Common Files\VMware2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Program Files (x86)\VMware2014-05-19 19:12 - 2014-05-19 19:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-17 07:30 - 2014-05-17 07:29 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-05-17 07:30 - 2014-05-17 07:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-05-17 07:30 - 2014-05-17 07:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-05-17 07:30 - 2014-05-17 07:29 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-05-17 07:29 - 2014-05-17 07:29 - 00000000 ____D () C:\Program Files\Java2014-05-16 08:23 - 2014-05-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack2014-05-15 08:18 - 2014-05-15 08:18 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Windows\System32\Tasks\Apple2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\ProgramData\Apple Computer2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files\iPod2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-05-15 08:18 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\ProgramData\Apple2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files\Bonjour2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-05-15 06:59 - 2014-05-15 06:59 - 00000000 ____D () C:\ProgramData\Mozilla2014-05-14 22:33 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-14 22:33 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-14 22:33 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-14 22:33 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-14 22:33 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-14 22:33 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-14 21:12 - 2014-05-14 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-14 15:27 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-14 15:27 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-14 15:27 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-05-14 15:27 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2014-05-14 15:27 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-05-14 15:27 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2014-05-14 15:27 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2014-05-14 15:27 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2014-05-14 15:27 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2014-05-14 15:27 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-05-14 15:27 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-05-14 15:27 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-05-14 15:27 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-05-14 15:27 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2014-05-14 15:27 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-05-14 15:27 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-05-14 15:27 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll2014-05-14 15:27 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-05-14 15:27 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2014-05-14 15:27 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2014-05-14 15:27 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll2014-05-14 15:27 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-05-14 15:27 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-05-13 21:03 - 2014-05-13 21:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-05-13 21:03 - 2014-05-13 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-05-12 22:00 - 2011-06-01 04:16 - 00535656 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys2014-05-12 22:00 - 2011-06-01 04:16 - 00107624 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll2014-05-12 22:00 - 2011-06-01 04:16 - 00074344 _____ () C:\Windows\system32\RtNicProp64.dll2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek2014-05-12 21:58 - 2010-12-14 04:54 - 00058472 ____R (Realtek Corporation) C:\Windows\system32\Drivers\RtTeam60.sys2014-05-12 21:58 - 2010-12-14 04:54 - 00027136 ____R (Realtek ) C:\Windows\system32\Drivers\RtNdPt60.sys2014-05-12 21:58 - 2010-12-14 04:54 - 00024064 ____R (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\RtVlan60.sys2014-05-12 21:56 - 2014-05-12 21:56 - 00000010 _____ () C:\Windows\GSetup.ini2014-05-12 18:39 - 2014-05-12 18:40 - 00000000 ____D () C:\ProgramData\Splashtop2014-05-12 18:38 - 2014-05-12 18:39 - 00000000 ____D () C:\Program Files\GIGABYTE2014-05-12 18:38 - 2014-05-12 18:39 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE2014-05-12 18:38 - 2014-05-12 18:38 - 00000000 ____D () C:\Program Files (x86)\AMD2014-05-12 18:35 - 2014-05-12 22:00 - 00000000 ____D () C:\Program Files (x86)\Realtek2014-05-12 18:35 - 2014-05-12 21:35 - 00000086 _____ () C:\csb.log2014-05-12 18:35 - 2014-05-12 21:35 - 00000000 ___HD () C:\Program Files (x86)\Temp2014-05-12 18:35 - 2014-05-12 21:35 - 00000000 ____D () C:\Program Files (x86)\Intel2014-05-12 18:34 - 2014-05-12 21:49 - 00000000 ____D () C:\Program Files (x86)\Splashtop2014-05-11 13:34 - 2014-05-11 13:34 - 00000000 ____D () C:\Windows\Options2014-05-11 13:28 - 2014-05-12 21:49 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro2014-05-11 13:28 - 2014-05-12 21:49 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft2014-05-10 10:54 - 2014-05-13 21:03 - 00000000 ____D () C:\ProgramData\Oracle2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\ProgramData\Sun2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\Program Files (x86)\Java2014-05-10 09:04 - 2014-05-10 09:06 - 01404416 _____ () C:\Windows\Minidump\051014-23306-01.dmp2014-05-08 19:43 - 2014-05-08 19:43 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-05-08 16:33 - 2014-05-08 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps2014-05-04 20:33 - 2014-05-04 20:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf2014-05-03 14:38 - 2014-05-03 15:49 - 00000000 ____D () C:\Program Files (x86)\LOLReplay2014-05-03 14:38 - 2014-05-03 14:38 - 00001917 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk ==================== One Month Modified Files and Folders ======= 2014-05-30 20:01 - 2014-05-30 20:01 - 00016881 _____ () C:\Users\TEMP\Desktop\FRST.txt2014-05-30 20:01 - 2014-05-30 19:52 - 00000000 ____D () C:\FRST2014-05-30 20:01 - 2014-05-30 19:25 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Temp2014-05-30 19:58 - 2014-05-30 19:58 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Gyazo2014-05-30 19:58 - 2014-05-30 19:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-05-30 19:53 - 2014-04-19 19:28 - 00000000 ____D () C:\Program Files (x86)\HDvid-Codec V9.02014-05-30 19:53 - 2014-04-18 18:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-30 19:52 - 2014-05-30 19:52 - 02066944 _____ (Farbar) C:\Users\TEMP\Downloads\FRST64.exe2014-05-30 19:52 - 2014-05-30 19:52 - 02066944 _____ (Farbar) C:\Users\TEMP\Desktop\FRST64.exe2014-05-30 19:51 - 2014-05-30 19:51 - 00000000 ____D () C:\Users\TEMP\AppData\Local\CrashDumps2014-05-30 19:50 - 2014-05-30 19:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\TEMP\Downloads\mbam-setup-2.0.2.1012.exe2014-05-30 19:50 - 2014-05-30 19:50 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-05-30 19:50 - 2014-05-30 19:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-05-30 19:49 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Apple Computer2014-05-30 19:48 - 2014-05-30 19:48 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple2014-05-30 19:48 - 2014-05-30 19:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-05-30 19:47 - 2014-05-30 19:47 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Apple Computer2014-05-30 19:47 - 2014-04-19 01:18 - 01461132 _____ () C:\Windows\WindowsUpdate.log2014-05-30 19:47 - 2009-07-14 05:51 - 00039357 _____ () C:\Windows\setupact.log2014-05-30 19:39 - 2014-05-30 19:39 - 00000000 ____D () C:\ProgramData\RogueKiller2014-05-30 19:38 - 2014-05-30 19:38 - 05201408 _____ () C:\Users\TEMP\Downloads\RogueKillerX64.exe2014-05-30 19:35 - 2014-04-27 22:39 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job2014-05-30 19:33 - 2014-04-19 19:28 - 00003114 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job2014-05-30 19:32 - 2009-07-14 05:45 - 00017888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-30 19:32 - 2009-07-14 05:45 - 00017888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-30 19:30 - 2014-05-30 19:30 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\NVIDIA2014-05-30 19:30 - 2014-05-30 19:30 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\DivX2014-05-30 19:29 - 2014-05-30 19:30 - 05203398 _____ (Swearware) C:\Users\TEMP\Desktop\ComboFix.exe2014-05-30 19:29 - 2014-05-30 19:29 - 05203398 _____ (Swearware) C:\Users\TEMP\Downloads\ComboFix.exe2014-05-30 19:29 - 2014-04-19 19:29 - 00001538 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-updater.job2014-05-30 19:29 - 2014-04-19 19:29 - 00001482 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job2014-05-30 19:29 - 2014-04-19 19:29 - 00001372 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job2014-05-30 19:28 - 2014-04-19 19:28 - 00002424 _____ () C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job2014-05-30 19:26 - 2014-05-30 19:26 - 00002259 _____ () C:\Users\TEMP\Desktop\Google Chrome.lnk2014-05-30 19:26 - 2014-05-30 19:26 - 00001417 _____ () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\Documents\LOLReplay2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Adobe2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\NVIDIA2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Google2014-05-30 19:26 - 2014-05-30 19:26 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Adobe2014-05-30 19:26 - 2014-05-30 19:25 - 00000000 ____D () C:\Users\TEMP2014-05-30 19:26 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-05-30 19:25 - 2014-05-30 19:25 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini2014-05-30 19:25 - 2014-04-20 21:23 - 00002788 _____ () C:\Windows\Tasks\f5565969-65b9-4d2f-bc36-007702568f6e-3.job2014-05-30 19:25 - 2014-04-20 21:23 - 00002244 _____ () C:\Windows\Tasks\f5565969-65b9-4d2f-bc36-007702568f6e-4.job2014-05-30 19:25 - 2014-04-20 21:23 - 00001450 _____ () C:\Windows\Tasks\f5565969-65b9-4d2f-bc36-007702568f6e-5.job2014-05-30 19:25 - 2014-04-20 21:23 - 00001382 _____ () C:\Windows\Tasks\f5565969-65b9-4d2f-bc36-007702568f6e-1.job2014-05-30 19:25 - 2014-04-20 21:23 - 00001342 _____ () C:\Windows\Tasks\f5565969-65b9-4d2f-bc36-007702568f6e-2.job2014-05-30 19:25 - 2014-04-18 19:06 - 00000000 ____D () C:\ProgramData\NVIDIA2014-05-30 19:25 - 2014-04-18 18:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-30 19:25 - 2014-04-18 17:55 - 00000342 _____ () C:\Windows\Tasks\AmiUpdXp.job2014-05-30 19:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-05-30 17:05 - 2014-04-21 21:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-05-30 14:39 - 2014-04-23 17:19 - 00000346 _____ () C:\Windows\Tasks\bench-sys.job2014-05-29 21:35 - 2014-04-26 20:04 - 00000000 ____D () C:\Program Files (x86)\Steam2014-05-29 17:11 - 2014-05-28 14:34 - 00000000 ____D () C:\Documenterinos2014-05-29 16:59 - 2014-05-29 16:59 - 00006120 _____ () C:\Windows\system32\PerfStringBackup.TMP2014-05-29 00:30 - 2014-05-29 00:30 - 00000000 ____D () C:\Windows\system32\config\mybackup2014-05-28 22:47 - 2014-05-27 21:04 - 00000000 ____D () C:\deeff789ef251c466ba7bd88bb12bc2014-05-28 22:47 - 2014-05-27 21:03 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets2014-05-28 22:47 - 2014-05-27 21:03 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater2014-05-28 22:47 - 2014-05-27 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam2014-05-28 22:47 - 2014-05-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Zapp2014-05-28 22:47 - 2014-05-27 21:03 - 00000000 ____D () C:\Program Files (x86)\Wajam2014-05-28 22:47 - 2014-05-27 17:20 - 00000000 ____D () C:\Program Files (x86)\save ona2014-05-28 22:47 - 2014-05-25 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader2014-05-28 22:47 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\1617bd31039115702014-05-28 22:47 - 2014-04-28 16:53 - 00000000 ____D () C:\Windows\Minidump2014-05-28 22:47 - 2014-04-21 12:53 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-05-28 22:47 - 2014-04-21 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-05-28 22:47 - 2011-04-12 09:28 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-05-28 22:47 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries2014-05-28 22:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration2014-05-28 22:46 - 2014-05-27 21:03 - 00000000 ____D () C:\Program Files\Zapp2014-05-28 22:46 - 2014-05-27 17:20 - 00000000 ____D () C:\ProgramData\TopApp soft2014-05-28 22:46 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\InstallMate2014-05-28 22:46 - 2014-04-18 22:27 - 00000000 ____D () C:\Program Files\Common Files\Adobe2014-05-28 22:45 - 2013-12-07 22:52 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-05-28 16:50 - 2014-05-28 16:50 - 00059640 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-05-28 16:24 - 2014-05-27 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack2014-05-28 15:49 - 2014-05-28 14:23 - 00059640 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT2014-05-28 15:49 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-05-28 15:49 - 2009-07-14 05:45 - 04940304 _____ () C:\Windows\system32\FNTCACHE.DAT2014-05-28 15:15 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Temp2014-05-28 15:13 - 2014-05-28 15:13 - 00000000 ____D () C:\Users\Splurtle\Documents\bu2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Macromedia2014-05-28 15:00 - 2014-05-28 15:00 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\LolClient2014-05-28 14:59 - 2014-05-28 14:56 - 00002259 _____ () C:\Users\Splurtle\Desktop\Google Chrome.lnk2014-05-28 14:58 - 2014-04-18 17:35 - 00000000 ____D () C:\Users\Callum2014-05-28 14:56 - 2014-05-28 14:56 - 00001417 _____ () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-05-28 14:56 - 2014-05-28 14:56 - 00000020 ___SH () C:\Users\Splurtle\ntuser.ini2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ___RD () C:\Users\Splurtle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\Documents\LOLReplay2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Apple Computer2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Roaming\Adobe2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\NVIDIA2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Google2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle\AppData\Local\Adobe2014-05-28 14:56 - 2014-05-28 14:56 - 00000000 ____D () C:\Users\Splurtle2014-05-28 14:56 - 2014-05-27 17:20 - 00000452 ____H () C:\Windows\Tasks\SO.Booster-S-5078429478.job2014-05-28 14:56 - 2014-05-25 14:02 - 00000468 ____H () C:\Windows\Tasks\SW-Booster-S-5808190755.job2014-05-28 14:56 - 2014-04-18 19:20 - 00000000 ____D () C:\ProgramData\Origin2014-05-28 14:49 - 2014-05-25 12:29 - 00000000 ____D () C:\Users\GFX2014-05-28 14:45 - 2014-04-27 22:17 - 00000000 ____D () C:\Users\calzo2014-05-28 14:38 - 2014-02-22 15:59 - 00000000 ____D () C:\Users\Abarated.censoredED\AppData\Roaming\Spotify2014-05-28 14:38 - 2014-02-22 13:33 - 00000000 ____D () C:\Users\Abarated.censoredED2014-05-28 14:28 - 2014-04-23 17:15 - 00003864 _____ () C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl2014-05-28 14:23 - 2014-05-19 21:21 - 00000000 ____D () C:\ProgramData\VMware2014-05-28 14:22 - 2014-04-18 19:20 - 00000000 ____D () C:\Program Files (x86)\Origin2014-05-27 21:22 - 2014-05-27 21:22 - 00000000 ____D () C:\adobeTemp2014-05-27 21:02 - 2013-12-28 16:59 - 00000000 _____ () C:\END2014-05-27 20:49 - 2014-05-27 20:49 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk2014-05-27 18:43 - 2010-11-21 04:47 - 00008048 _____ () C:\Windows\PFRO.log2014-05-27 17:22 - 2014-05-25 14:03 - 00000000 ____D () C:\Program Files (x86)\EZDownloader2014-05-27 17:20 - 2014-05-27 17:20 - 04210176 _____ () C:\Program Files (x86)\SO_x64.Booster2014-05-27 17:20 - 2014-05-27 17:20 - 00174928 _____ () C:\Program Files (x86)\SOSvc.dll2014-05-27 17:20 - 2014-05-27 17:20 - 00002698 _____ () C:\Windows\System32\Tasks\SO.Booster-S-50784294782014-05-27 17:20 - 2014-05-27 17:20 - 00000000 ____D () C:\ProgramData\save ona2014-05-27 17:20 - 2014-05-25 14:02 - 00000000 ____D () C:\Program Files (x86)\SW-Booster2014-05-27 08:15 - 2014-04-21 12:53 - 00000000 ____D () C:\ProgramData\Skype2014-05-27 08:11 - 2014-05-27 08:11 - 00291048 _____ () C:\Windows\Minidump\052714-26691-01.dmp2014-05-27 08:11 - 2014-04-28 16:52 - 856701932 _____ () C:\Windows\MEMORY.DMP2014-05-26 14:03 - 2014-05-26 14:02 - 00295416 _____ () C:\Windows\Minidump\052614-55754-01.dmp2014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Windows\SysWOW64\X862014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Windows\SysWOW64\AMD642014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\ProgramData\SNT2014-05-25 14:03 - 2014-05-25 14:03 - 00000000 ____D () C:\Program Files (x86)\SNT2014-05-25 14:03 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\TopApp software2014-05-25 14:02 - 2014-05-25 14:02 - 00002714 _____ () C:\Windows\System32\Tasks\SW-Booster-S-58081907552014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\ProgramData\saVee on2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker2014-05-25 14:02 - 2014-05-25 14:02 - 00000000 ____D () C:\Program Files (x86)\saVee on2014-05-25 12:17 - 2014-05-25 12:16 - 00291024 _____ () C:\Windows\Minidump\052514-23805-01.dmp2014-05-25 12:05 - 2014-05-25 12:04 - 00291016 _____ () C:\Windows\Minidump\052514-37721-01.dmp2014-05-25 08:14 - 2014-05-25 08:14 - 00291048 _____ () C:\Windows\Minidump\052514-25630-01.dmp2014-05-24 20:53 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini2014-05-24 19:57 - 2014-05-24 19:56 - 00291048 _____ () C:\Windows\Minidump\052414-14180-01.dmp2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++2014-05-24 13:23 - 2014-05-24 13:23 - 00000000 ____D () C:\Program Files (x86)\Notepad++2014-05-24 07:20 - 2014-05-24 07:20 - 00291048 _____ () C:\Windows\Minidump\052414-15412-01.dmp2014-05-22 17:14 - 2014-04-19 01:59 - 00027923 _____ () C:\Windows\DirectX.log2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios2014-05-22 16:37 - 2014-05-22 16:37 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios2014-05-22 16:37 - 2014-04-18 17:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Program Files (x86)\SiteLookup2014-05-19 21:24 - 2014-05-19 21:24 - 00000000 ____D () C:\Program Files (x86)\SiteFinder2014-05-19 21:22 - 2014-05-19 21:22 - 00001024 _____ () C:\.rnd2014-05-19 21:22 - 2014-05-19 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware2014-05-19 21:22 - 2014-04-19 03:48 - 00798048 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Program Files\Common Files\VMware2014-05-19 21:21 - 2014-05-19 21:21 - 00000000 ____D () C:\Program Files (x86)\VMware2014-05-19 19:13 - 2014-04-18 22:00 - 00000000 ____D () C:\ProgramData\Adobe2014-05-19 19:12 - 2014-05-19 19:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-05-17 07:29 - 2014-05-17 07:30 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-05-17 07:29 - 2014-05-17 07:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-05-17 07:29 - 2014-05-17 07:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-05-17 07:29 - 2014-05-17 07:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll2014-05-17 07:29 - 2014-05-17 07:29 - 00000000 ____D () C:\Program Files\Java2014-05-16 19:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache2014-05-16 08:23 - 2014-05-16 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack2014-05-16 08:20 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2014-05-15 08:18 - 2014-05-15 08:18 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Windows\System32\Tasks\Apple2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\ProgramData\Apple Computer2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files\iPod2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-05-15 08:18 - 2014-05-15 08:18 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\ProgramData\Apple2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files\Bonjour2014-05-15 08:17 - 2014-05-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-05-15 06:59 - 2014-05-15 06:59 - 00000000 ____D () C:\ProgramData\Mozilla2014-05-15 06:59 - 2013-12-07 21:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-05-15 06:54 - 2014-04-26 13:21 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-05-14 22:32 - 2014-04-19 03:04 - 00000000 ____D () C:\Windows\system32\MRT2014-05-14 22:31 - 2014-04-19 03:04 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-05-14 21:12 - 2014-05-14 21:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-05-14 08:05 - 2014-04-21 21:10 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-05-14 08:05 - 2014-04-21 21:10 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-05-14 08:05 - 2014-04-21 21:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-05-13 21:03 - 2014-05-13 21:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2014-05-13 21:03 - 2014-05-13 21:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2014-05-13 21:03 - 2014-05-13 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-05-13 21:03 - 2014-05-10 10:54 - 00000000 ____D () C:\ProgramData\Oracle2014-05-12 22:00 - 2014-05-12 18:35 - 00000000 ____D () C:\Program Files (x86)\Realtek2014-05-12 21:58 - 2014-05-12 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek2014-05-12 21:56 - 2014-05-12 21:56 - 00000010 _____ () C:\Windows\GSetup.ini2014-05-12 21:49 - 2014-05-12 18:34 - 00000000 ____D () C:\Program Files (x86)\Splashtop2014-05-12 21:49 - 2014-05-11 13:28 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro2014-05-12 21:49 - 2014-05-11 13:28 - 00000000 ____D () C:\Program Files (x86)\PassShow-soft2014-05-12 21:49 - 2014-04-26 13:14 - 00000000 ____D () C:\Program Files (x86)\Cain2014-05-12 21:49 - 2014-04-23 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain2014-05-12 21:49 - 2014-04-18 17:47 - 00000000 ____D () C:\ProgramData\InstallShield2014-05-12 21:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF2014-05-12 21:35 - 2014-05-12 18:35 - 00000086 _____ () C:\csb.log2014-05-12 21:35 - 2014-05-12 18:35 - 00000000 ___HD () C:\Program Files (x86)\Temp2014-05-12 21:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Program Files (x86)\Intel2014-05-12 21:35 - 2012-10-09 03:31 - 00003246 _____ () C:\RHDSetup.log2014-05-12 18:40 - 2014-05-12 18:39 - 00000000 ____D () C:\ProgramData\Splashtop2014-05-12 18:39 - 2014-05-12 18:38 - 00000000 ____D () C:\Program Files\GIGABYTE2014-05-12 18:39 - 2014-05-12 18:38 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE2014-05-12 18:38 - 2014-05-12 18:38 - 00000000 ____D () C:\Program Files (x86)\AMD2014-05-12 18:37 - 2014-04-20 17:22 - 00000000 ____D () C:\Users\Public\Hauppauge Capture2014-05-12 07:26 - 2014-05-30 19:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-05-12 07:26 - 2014-05-30 19:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-05-12 07:25 - 2014-05-30 19:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-05-11 13:34 - 2014-05-11 13:34 - 00000000 ____D () C:\Windows\Options2014-05-11 13:34 - 2013-05-04 23:16 - 00000000 ____D () C:\Temp2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\ProgramData\Sun2014-05-10 10:54 - 2014-05-10 10:54 - 00000000 ____D () C:\Program Files (x86)\Java2014-05-10 09:06 - 2014-05-10 09:04 - 01404416 _____ () C:\Windows\Minidump\051014-23306-01.dmp2014-05-09 07:14 - 2014-05-14 15:27 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-05-09 07:11 - 2014-05-14 15:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-05-08 19:43 - 2014-05-08 19:43 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe2014-05-08 19:42 - 2014-02-23 13:01 - 00000000 ____D () C:\Program Files\Adobe2014-05-08 16:33 - 2014-05-08 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps2014-05-06 05:40 - 2014-05-14 22:33 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-05-06 05:17 - 2014-05-14 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-05-06 04:25 - 2014-05-14 22:33 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-05-06 04:07 - 2014-05-14 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-05-06 04:00 - 2014-05-14 22:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-05-06 03:10 - 2014-05-14 22:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-05-05 23:48 - 2014-04-18 18:23 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-05-05 23:48 - 2014-04-18 18:23 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-05-04 20:33 - 2014-05-04 20:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf2014-05-03 15:49 - 2014-05-03 14:38 - 00000000 ____D () C:\Program Files (x86)\LOLReplay2014-05-03 14:38 - 2014-05-03 14:38 - 00001917 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk2014-05-03 14:38 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup2014-04-30 15:45 - 2014-04-18 17:56 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-30 07:58 ==================== End Of Log ============================Addition.txt
  25. Hi. So I recently acquired a virus that, now, as soon as it connects to the internet, starts playing ads in my background. So I mute it. After a while, it then forces my computer to shut down. I read on a recent post that using the RogueKiller app would help. Can someone help me from this point on? All i did was scan. Ill Post the report. RKreport0_S_01102014_114047.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.