DesertDogg Posted September 11, 2013 ID:728164 Share Posted September 11, 2013 Ive run maleware bytes full scan, it doesn't find anything. Here are the logs:DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2Run by Gabe at 19:37:55 on 2013-09-10Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.12167.9897 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkc:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\BtwRSupportService.exeC:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exeC:\Windows\system32\dashost.exeC:\Program Files (x86)\Hotspot Shield\bin\hsswd.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\WUDFHost.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files\Common Files\microsoft shared\ink\TabTip.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exeC:\Program Files (x86)\Glary Utilities 3\Integrator.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exeC:\Windows\System32\StikyNot.exeC:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files (x86)\AntiLogger\AntiLogger.exeC:\Program Files (x86)\Hotspot Shield\bin\hsscp.exeC:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exeC:\Program Files (x86)\Hotspot Shield\bin\openvpn.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exec:\PROGRA~2\mcafee\SITEAD~1\saui.exeC:\Windows\system32\vssvc.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankmStart Page = about:blankuProxyServer = 127.0.0.1:48627uProxyOverride = p.upsideout.com;<local>mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dlluRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exemRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [AntiLogger] "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimizedStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WHOISO~1.LNK - C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exemPolicies-Explorer: NoDriveTypeAutoRun = dword:60IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>TCP: NameServer = 8.8.8.8TCP: Interfaces\{2E8296B2-7445-46A8-B318-7A410BA00DC9} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11TCP: Interfaces\{2E8296B2-7445-46A8-B318-7A410BA00DC9}\458656020516373707F6274716C6 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11TCP: Interfaces\{A739EF69-FC9B-4BA5-95C3-B5716728161F} : DHCPNameServer = 8.8.8.8Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllAppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL,C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\Windows\SysWOW64\Rundll32.exe" "c:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettingsx64-mStart Page = about:blankx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Run: [RtHDVBg] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SONYAPOx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.default\FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym&.intl=us|https://mail.google.com/mail/u/0/?shva=1#inbox|https://www.facebook.com/|https://weblogin.asu.edu/cas/login?service=https%3A%2F%2Fweblogin.asu.edu%2Fcgi-bin%2Fcas-login%3Fcallapp%3Dhttps%253A%252F%252Fmy.asu.eduFF - prefs.js: keyword.URL -FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dllFF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-08-09 11:31; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}FF - ExtSQL: 2013-09-03 21:30; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisorFF - ExtSQL: 2013-09-10 08:03; afext@anchorfree.com; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-8-3 647736]R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2013-2-19 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2013-2-19 340216]R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-8-3 30496]R1 AntiLog32;AntiLog32;C:\Windows\System32\Drivers\AntiLog64.sys [2013-9-10 49240]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\Drivers\hssdrv6.sys [2013-9-10 46792]R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\Windows\System32\BtwRSupportService.exe [2013-8-8 2228440]R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-16 852264]R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-16 555304]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-8-3 2468496]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-3 129824]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-3 166688]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-18 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-18 701512]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-9-3 201304]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-9-3 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-9-3 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-9-3 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-9-3 241456]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-9-3 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-9-3 182752]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-2-6 483864]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-3 365344]R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\Drivers\bcbtums.sys [2013-8-3 170200]R3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-8-8 117632]R3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-8-3 30720]R3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2013-8-3 29696]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2013-9-3 70112]R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-3 169752]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-3-14 342528]R3 keycrypt;keycrypt;C:\Windows\System32\Drivers\KeyCrypt64.sys [2013-9-10 25056]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-8-18 25928]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2013-9-3 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2013-9-3 515968]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2013-8-3 354016]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-3 760032]R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\Drivers\SFEP.sys [2012-7-16 14336]R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-3-14 33008]R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-8-12 42184]R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]R4 KProcessHacker2;KProcessHacker2;C:\Program Files\Process Hacker 2\kprocesshacker.sys [2013-8-18 39320]S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2013-9-3 69168]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\Drivers\e1y60x64.sys [2012-6-2 283136]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-9-3 196440]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2013-9-3 106552]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2013-09-10 15:24:01 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys2013-09-10 15:24:01 -------- dc-h--w- C:\ProgramData\{CA95831E-3AC5-45E6-8D18-9834518EB414}2013-09-10 15:24:00 -------- d-----w- C:\Program Files (x86)\AntiLogger2013-09-10 15:23:53 25056 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys2013-09-10 15:23:52 6525952 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll2013-09-10 15:23:52 -------- d-----w- C:\Windows\SysWow64\ZALSDK_uninst2013-09-10 15:23:52 -------- d-----w- C:\Users\Gabe\AppData\Local\Zemana2013-09-10 15:20:18 -------- d-----w- C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 15:20:18 -------- d-----w- C:\Program Files (x86)\KeyCryptSDK2013-09-10 15:03:54 -------- d-----w- C:\ProgramData\Hotspot Shield2013-09-10 15:03:42 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys2013-09-10 15:03:41 -------- d-----w- C:\Program Files (x86)\Hotspot Shield2013-09-10 15:03:40 -------- d-----w- C:\Users\Gabe\AppData\Roaming\Hotspot Shield2013-09-10 14:08:37 -------- d-----w- C:\Program Files (x86)\IO3O LLC2013-09-08 15:24:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-09-08 15:24:00 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-09-08 15:22:49 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll2013-09-08 15:22:49 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll2013-09-08 15:22:42 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 10:25:12 -------- d-----w- C:\Users\Gabe\AppData\Local\Apps2013-09-04 21:59:14 -------- d-----w- C:\Users\Gabe\AppData\Local\Programs2013-09-04 21:39:23 737280 ----a-w- C:\Windows\iun6002.exe2013-09-04 21:39:22 -------- d-----w- C:\Program Files (x86)\JGS-Scan2013-09-04 21:38:19 -------- d--h--w- C:\ProgramData\Common Files2013-09-04 02:07:32 -------- d-----w- C:\Stinger_Quarantine2013-09-04 02:07:30 -------- d-----w- C:\Program Files\stinger2013-09-04 02:06:46 182752 ----a-w- C:\Windows\System32\mfevtps.exe2013-09-04 01:57:59 -------- d-----w- C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-25 21:03:21 -------- d-----w- C:\Users\Gabe\AppData\Local\Apple Computer2013-08-23 04:38:44 -------- d-----w- C:\Users\Gabe\AppData\Roaming\Absolute Uninstaller2013-08-22 16:08:07 -------- d-----w- C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 15:01:03 -------- d-----w- C:\ProgramData\GlarySoft2013-08-22 14:55:02 117024 ----a-w- C:\Windows\System32\BootDefrag.exe2013-08-22 14:54:59 -------- d-----w- C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 14:54:53 -------- d-----w- C:\Program Files (x86)\Glary Utilities 32013-08-22 13:52:49 -------- d-----w- C:\Program Files (x86)\WinAce2013-08-20 22:09:56 -------- d-----w- C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-20 20:14:54 -------- d-----w- C:\ProgramData\SmartSound Software Inc2013-08-20 20:14:53 -------- d-----w- C:\ProgramData\eSellerate2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-08-20 20:14:26 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-08-20 14:02:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2013-08-20 14:02:12 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2013-08-19 06:44:59 -------- d-----w- C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-19 06:44:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-08-19 06:44:53 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-19 06:44:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 14:07:35 0 ----a-w- C:\Windows\SysWow64\FAPB4C8.tmp2013-08-18 14:07:34 0 ----a-w- C:\Windows\SysWow64\FAPB080.tmp2013-08-18 14:07:20 0 ----a-w- C:\Windows\SysWow64\FAP79BE.tmp2013-08-18 14:05:28 -------- d-----w- C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-18 14:03:42 -------- d-----w- C:\Program Files\Process Hacker 22013-08-18 05:52:23 -------- d-----w- C:\Program Files (x86)\Audacity2013-08-18 03:15:43 -------- d-----w- C:\Program Files (x86)\Proxify Tray Application2013-08-17 10:38:40 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-08-13 08:44:25 -------- d-----w- C:\Program Files (x86)\Yahoo!2013-08-13 08:43:02 -------- d-----w- C:\Users\Gabe\AppData\Local\Diagnostics2013-08-12 23:10:24 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys.==================== Find3M ====================.2013-08-17 10:38:37 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-08-17 10:38:37 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-08-08 00:14:29 35344 ----a-w- C:\Windows\System32\drivers\npf.sys2013-08-08 00:14:28 1212928 ----a-w- C:\Windows\System32\BCMLogon.dll2013-08-03 12:32:57 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll2013-08-03 12:22:01 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll2013-08-03 11:53:18 30720 ----a-w- C:\Windows\System32\drivers\BthHfAud.sys2013-08-03 11:53:18 29952 ----a-w- C:\Windows\System32\drivers\BthhfHid.sys2013-08-03 11:53:18 18432 ----a-w- C:\Windows\System32\drivers\BtaMPM.sys2013-08-03 11:45:12 963488 ----a-w- C:\Windows\System32\deployJava1.dll2013-08-03 11:45:12 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll2013-07-02 23:51:03 4039680 ----a-w- C:\Windows\System32\win32k.sys2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll2013-06-19 05:36:21 183808 ----a-w- C:\Windows\System32\winmmbase.dll2013-06-19 05:36:21 115712 ----a-w- C:\Windows\System32\winmm.dll2013-06-18 22:38:00 160256 ----a-w- C:\Windows\SysWow64\winmmbase.dll2013-06-18 22:38:00 125440 ----a-w- C:\Windows\SysWow64\winmm.dll2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys.============= FINISH: 19:38:17.79 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume3Install Date: 8/7/2013 4:07:04 PMSystem Uptime: 9/10/2013 6:33:40 PM (1 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core i7-3537U CPU @ 2.00GHz | N/A | 2001/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 900 GiB total, 478.423 GiB free.D: is CDROM (UDF)F: is FIXED (NTFS) - 466 GiB total, 0.003 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Bluetooth Device (RFCOMM Protocol TDI)Device ID: BTH\MS_RFCOMM\7&120DC90B&0&0Manufacturer: MicrosoftName: Bluetooth Device (RFCOMM Protocol TDI)PNP Device ID: BTH\MS_RFCOMM\7&120DC90B&0&0Service: RFCOMM.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Bluetooth Device (Personal Area Network)Device ID: BTH\MS_BTHPAN\7&120DC90B&0&2Manufacturer: MicrosoftName: Bluetooth Device (Personal Area Network)PNP Device ID: BTH\MS_BTHPAN\7&120DC90B&0&2Service: BthPan.==== System Restore Points ===================.RP7: 8/22/2013 9:40:49 PM - Removed VAIO First Logon Setup ToolRP8: 9/3/2013 10:55:15 PM - Scheduled CheckpointRP9: 9/8/2013 7:17:26 AM - Removed VAIO Easy Connect..==== Installed Programs ======================.Adobe Flash Player 11 PluginAdobe Reader XI (11.0.03) MUIAntiLoggerApple Application SupportAudacity 2.0.3Glary Utilities 3.9Harmony Browser Plug-inHotspot Shield 3.13Intel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless NFC SoftwareIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Trusted Connect Service ClientJava 7 Update 25Java Auto UpdaterKeyCrypt SDK version 1.6.1.246Malwarebytes Anti-Malware version 1.75.0.1300McAfee SecurityCenterMicrosoft OfficeMicrosoft Report Viewer Redistributable 2005Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106Movie Studio Platinum 12.0 (64-bit)Mozilla Firefox 23.0.1 (x86 en-US)MSVCRT RedistsNetworkx64NVIDIA Control Panel 311.46NVIDIA Graphics Driver 311.46NVIDIA Install ApplicationNVIDIA Optimus 1.11.3NVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Update ComponentsPlayMemories HomeProcess Hacker 2.31 (r5355)Proxify Tray Application version 1.0.8.0QuickTimeRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderShared C Run-time for x64Synaptics Pointing Device DriverThe KMPlayer (remove only)VAIO Movie CreatorWho Is On My Wifi version 2.1.7WinAce ArchiverWinampWinamp Detector Plug-inWinamp Essentials PackYahoo! MessengerYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.9/8/2013 9:39:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.9/8/2013 9:39:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.9/8/2013 9:39:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.9/8/2013 9:39:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.9/8/2013 9:38:18 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.9/8/2013 9:37:18 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 9:37:18 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.9/8/2013 7:26:01 AM, Error: Service Control Manager [7034] - The VCService service terminated unexpectedly. It has done this 1 time(s).9/8/2013 7:26:00 AM, Error: Service Control Manager [7034] - The VAIO Care Performance Service service terminated unexpectedly. It has done this 1 time(s).9/8/2013 7:02:27 AM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).9/8/2013 2:33:03 AM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 2:33:03 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.9/8/2013 10:34:50 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.9/8/2013 10:34:16 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.9/8/2013 10:29:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BcmBtRSupport service.9/7/2013 6:59:40 AM, Error: Intel® PROSet/Wireless NFC Software [274] - Stack Initialization is failed.9/7/2013 1:11:08 AM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.9/4/2013 6:01:12 PM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.9/4/2013 4:05:22 PM, Error: Virtual Disk Service [9] - Unexpected provider failure. Restarting the service may fix the problem. Error code: 8007001F@020000149/3/2013 7:17:28 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.9/10/2013 7:36:25 PM, Error: Service Control Manager [7000] - The Process creation detector. service failed to start due to the following error: This driver has been blocked from loading9/10/2013 7:36:25 PM, Error: Application Popup [1060] -9/10/2013 6:35:57 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The system cannot find the file specified..==== End Of File =========================== Please help! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728166 Share Posted September 11, 2013 Hello and I found it. It's listed there at the top of the log. McAfee Just kidding... Please run the following for me and we'll take a look at what's going on. P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728174 Share Posted September 11, 2013 Thanks for the quick reply. Here is the Rkill log. Rkill 2.6.1 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2013 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 09/10/2013 08:05:51 PM in x64 mode.Windows Version: Windows 8Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]Backup Registry file created at: C:\Users\Gabe\Desktop\rkill\rkill-09-10-2013-08-05-55.regResetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001Checking Windows Service Integrity: * No issues found.Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * No issues found.Program finished at: 09/10/2013 08:06:18 PMExecution time: 0 hours(s), 0 minute(s), and 26 seconds(s) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728175 Share Posted September 11, 2013 Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 05Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer.Press the Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728176 Share Posted September 11, 2013 Oops here is the rogue killer log RogueKiller V8.6.10 _x64_ [sep 9 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : Gabe [Admin rights]Mode : Scan -- Date : 09/10/2013 20:12:28| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:48627) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABD100H +++++--- User ---[MBR] 9959bd93611f7c098b27d2de8dc5991f[bSP] b77c0d7f027343f9ea412c2e3d2d0eac : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: TOSHIBA MQ01ABD100H +++++--- User ---[MBR] 2b317a9fd872258a41a06050196a648c[bSP] 076f8e0250f5ccbfdd567210c9014517 : Windows Vista MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[0]_S_09102013_201228.txt >> Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728189 Share Posted September 11, 2013 Malwarebytes Anti-Rootkit BETA 1.07.0.1005www.malwarebytes.orgDatabase version: v2013.09.11.01Windows 8 x64 NTFSInternet Explorer 10.0.9200.16660Gabe :: SYSADMIN [administrator]9/10/2013 8:30:17 PMmbar-log-2013-09-10 (20-30-17).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 287027Time elapsed: 15 minute(s), 13 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Delete on reboot.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 12757811200, free: 10194030592Downloaded database version: v2013.09.11.01Downloaded database version: v2013.08.06.01=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 12757811200, free: 10237689856=======================================------------ Kernel report ------------ 09/10/2013 20:23:27------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kd.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\System32\drivers\CLFS.SYS\SystemRoot\System32\drivers\tm.sys\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\acpiex.sys\SystemRoot\System32\Drivers\WppRecorder.sys\SystemRoot\System32\drivers\ACPI.sys\SystemRoot\System32\drivers\WMILIB.SYS\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\msisadrv.sys\SystemRoot\System32\drivers\pci.sys\SystemRoot\System32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pdc.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\System32\drivers\spaceport.sys\SystemRoot\System32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\System32\drivers\iaStorA.sys\SystemRoot\System32\drivers\storport.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\System32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\wfplwfs.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\System32\drivers\wd.sys\SystemRoot\System32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\disk.sys\SystemRoot\System32\drivers\CLASSPNP.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\BasicRender.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\System32\drivers\BasicDisplay.sys\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\hssdrv6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\drivers\npsvctrig.sys\SystemRoot\System32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\??\C:\Windows\system32\drivers\AntiLog64.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\taphss6.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\System32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\kdnic.sys\SystemRoot\System32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\USBXHCI.SYS\SystemRoot\System32\drivers\ucx01000.sys\SystemRoot\System32\drivers\HECIx64.sys\SystemRoot\System32\drivers\usbehci.sys\SystemRoot\System32\drivers\USBPORT.SYS\SystemRoot\System32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl63a.sys\SystemRoot\System32\drivers\vwifibus.sys\SystemRoot\system32\DRIVERS\RtsPStor.sys\SystemRoot\system32\DRIVERS\Rt630x64.sys\SystemRoot\System32\drivers\SFEP.sys\SystemRoot\System32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\KeyCrypt64.sys\SystemRoot\System32\drivers\kbdclass.sys\SystemRoot\System32\drivers\mouclass.sys\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys\SystemRoot\System32\drivers\CmBatt.sys\SystemRoot\System32\drivers\BATTC.SYS\SystemRoot\System32\drivers\intelppm.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\System32\drivers\swenum.sys\SystemRoot\System32\drivers\ks.sys\SystemRoot\System32\drivers\rdpbus.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\drivers\usbhub.sys\SystemRoot\System32\drivers\UsbHub3.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\System32\drivers\USBSTOR.SYS\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\HIDPARSE.SYS\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\System32\drivers\monitor.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\System32\drivers\usbccgp.sys\SystemRoot\System32\drivers\hidusb.sys\SystemRoot\System32\drivers\HIDCLASS.SYS\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_iaStorA.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\bcbtums.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\drivers\condrv.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\BthLEEnum.sys\SystemRoot\System32\drivers\BthEnum.sys\SystemRoot\system32\drivers\BthA2DP.sys\SystemRoot\system32\drivers\btampm.sys\SystemRoot\System32\drivers\BthAvrcpTg.sys\SystemRoot\System32\drivers\bthhfenum.sys\SystemRoot\system32\DRIVERS\BthHfAud.sys\SystemRoot\System32\drivers\BthHFHid.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\drivers\Ndu.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\System32\drivers\WUDFRd.sys\SystemRoot\System32\drivers\WpdUpFltr.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\System32\drivers\mouhid.sys\??\C:\Program Files\Process Hacker 2\kprocesshacker.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa800f1d0740Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000046\Lower Device Object: 0xfffffa800f1cd650Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800c976060Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000038\Lower Device Object: 0xfffffa800af24060Lower Device Driver Name: \Driver\iaStorA\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800c976060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xfffffa800c976b10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800c976060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xfffffa800af25c00, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa800af24060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:This drive is a GPT Drive.MBR Signature: 55AADisk Signature: 6AD751D9GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2160474830 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid ba5f9427-ca4e-4b1d-abb5-4afcb8cded GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 890022109 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 90ffade2-d4fe-4d1f-baaf-5ce747118b71 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type f4019732-66e-4e12-8273-346c5641494f Partition ID 9ee4681a-b4b0-4013-8fb9-c883483d96da FirstLBA 2048 Last LBA 534527 Attributes 1 Partition Name EFI system partition Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 7ce4513f-27cd-46b0-8d35-11fd8bd4ffd FirstLBA 534528 Last LBA 3553279 Attributes 1 Partition Name Basic data partition Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e2f16338-f560-4cc4-b3e4-e09a26655cd8 FirstLBA 3553280 Last LBA 4085759 Attributes 0 Partition Name EFI system partition GPT Partition 2 is bootable Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 68010a40-e61f-4372-ba93-a47189aefedc FirstLBA 4085760 Last LBA 4347903 Attributes 0 Partition Name Microsoft reserved partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 2f7736cc-b96b-4644-83e2-0c89a23e595 FirstLBA 4347904 Last LBA 1890877439 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID ce4717dd-bf12-4def-a7cb-4643f942caf5 FirstLBA 1890877440 Last LBA 1953523711 Attributes 1 Partition Name Basic data partitionDisk Size: 1000204886016 bytesSector size: 512 bytesDone!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa800f1d0740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xfffffa800f1ca040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800f1d0740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\DevicePointer: 0xfffffa800f1cd650, DeviceName: \Device\00000046\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1CE7A4E9Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 976769072 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesDone!Scan InterruptedScan was aborted.=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 12757811200, free: 10134528000---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1005© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16660File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 12757811200, free: 10145017856Downloaded database version: v2013.09.11.01Downloaded database version: v2013.08.06.01Initializing...======================------------ Kernel report ------------ 09/10/2013 20:30:14------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kd.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\System32\drivers\CLFS.SYS\SystemRoot\System32\drivers\tm.sys\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\acpiex.sys\SystemRoot\System32\Drivers\WppRecorder.sys\SystemRoot\System32\drivers\ACPI.sys\SystemRoot\System32\drivers\WMILIB.SYS\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\msisadrv.sys\SystemRoot\System32\drivers\pci.sys\SystemRoot\System32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pdc.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\System32\drivers\spaceport.sys\SystemRoot\System32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\System32\drivers\iaStorA.sys\SystemRoot\System32\drivers\storport.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\System32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\wfplwfs.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\System32\drivers\wd.sys\SystemRoot\System32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\disk.sys\SystemRoot\System32\drivers\CLASSPNP.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\drivers\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\BasicRender.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\System32\drivers\BasicDisplay.sys\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\hssdrv6.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\drivers\npsvctrig.sys\SystemRoot\System32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\??\C:\Windows\system32\drivers\AntiLog64.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\taphss6.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\System32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\kdnic.sys\SystemRoot\System32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\USBXHCI.SYS\SystemRoot\System32\drivers\ucx01000.sys\SystemRoot\System32\drivers\HECIx64.sys\SystemRoot\System32\drivers\usbehci.sys\SystemRoot\System32\drivers\USBPORT.SYS\SystemRoot\System32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl63a.sys\SystemRoot\System32\drivers\vwifibus.sys\SystemRoot\system32\DRIVERS\RtsPStor.sys\SystemRoot\system32\DRIVERS\Rt630x64.sys\SystemRoot\System32\drivers\SFEP.sys\SystemRoot\System32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\KeyCrypt64.sys\SystemRoot\System32\drivers\kbdclass.sys\SystemRoot\System32\drivers\mouclass.sys\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys\SystemRoot\System32\drivers\CmBatt.sys\SystemRoot\System32\drivers\BATTC.SYS\SystemRoot\System32\drivers\intelppm.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\System32\drivers\swenum.sys\SystemRoot\System32\drivers\ks.sys\SystemRoot\System32\drivers\rdpbus.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\drivers\usbhub.sys\SystemRoot\System32\drivers\UsbHub3.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\System32\drivers\USBSTOR.SYS\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\HIDPARSE.SYS\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\System32\drivers\monitor.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\System32\drivers\usbccgp.sys\SystemRoot\System32\drivers\hidusb.sys\SystemRoot\System32\drivers\HIDCLASS.SYS\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_iaStorA.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\bcbtums.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\drivers\condrv.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\BthLEEnum.sys\SystemRoot\System32\drivers\BthEnum.sys\SystemRoot\system32\drivers\BthA2DP.sys\SystemRoot\system32\drivers\btampm.sys\SystemRoot\System32\drivers\BthAvrcpTg.sys\SystemRoot\System32\drivers\bthhfenum.sys\SystemRoot\system32\DRIVERS\BthHfAud.sys\SystemRoot\System32\drivers\BthHFHid.sys\SystemRoot\System32\drivers\mshidkmdf.sys\SystemRoot\system32\drivers\Ndu.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\System32\drivers\WUDFRd.sys\SystemRoot\System32\drivers\WpdUpFltr.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\System32\drivers\mouhid.sys\??\C:\Program Files\Process Hacker 2\kprocesshacker.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xfffffa800f1d0740Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000046\Lower Device Object: 0xfffffa800f1cd650Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800c976060Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000038\Lower Device Object: 0xfffffa800af24060Lower Device Driver Name: \Driver\iaStorA\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800c976060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xfffffa800c976b10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800c976060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xfffffa800af25c00, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa800af24060, DeviceName: \Device\00000038\, DriverName: \Driver\iaStorA\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:This drive is a GPT Drive.MBR Signature: 55AADisk Signature: 6AD751D9GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2160474830 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid ba5f9427-ca4e-4b1d-abb5-4afcb8cded GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 890022109 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 90ffade2-d4fe-4d1f-baaf-5ce747118b71 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type f4019732-66e-4e12-8273-346c5641494f Partition ID 9ee4681a-b4b0-4013-8fb9-c883483d96da FirstLBA 2048 Last LBA 534527 Attributes 1 Partition Name EFI system partition Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 7ce4513f-27cd-46b0-8d35-11fd8bd4ffd FirstLBA 534528 Last LBA 3553279 Attributes 1 Partition Name Basic data partition Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e2f16338-f560-4cc4-b3e4-e09a26655cd8 FirstLBA 3553280 Last LBA 4085759 Attributes 0 Partition Name EFI system partition GPT Partition 2 is bootable Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 68010a40-e61f-4372-ba93-a47189aefedc FirstLBA 4085760 Last LBA 4347903 Attributes 0 Partition Name Microsoft reserved partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 2f7736cc-b96b-4644-83e2-0c89a23e595 FirstLBA 4347904 Last LBA 1890877439 Attributes 0 Partition Name Basic data partition Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID ce4717dd-bf12-4def-a7cb-4643f942caf5 FirstLBA 1890877440 Last LBA 1953523711 Attributes 1 Partition Name Basic data partitionDisk Size: 1000204886016 bytesSector size: 512 bytesDone!Physical Sector Size: 512Drive: 1, DevicePointer: 0xfffffa800f1d0740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xfffffa800f1ca040, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800f1d0740, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\DevicePointer: 0xfffffa800f1cd650, DeviceName: \Device\00000046\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1CE7A4E9Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 976769072 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 500107862016 bytesSector size: 512 bytesDone!Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]Scan finishedCreating System Restore point...Cleaning up...Removal successful. No system shutdown is required.======================================= Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728190 Share Posted September 11, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.9 (09.07.2013:1)OS: Windows 8 x64Ran by Gabe on Tue 09/10/2013 at 20:51:07.30~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ServicesSuccessfully stopped: [service] hshldFailed to delete: [service] hshldSuccessfully stopped: [service] hsstrayserviceSuccessfully deleted: [service] hsstrayserviceSuccessfully stopped: [service] hsswdSuccessfully deleted: [service] hsswd~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfreeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield~~~ FilesSuccessfully deleted: [File] "C:\end"~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\hotspot shield"Successfully deleted: [Folder] "C:\Users\Gabe\AppData\Roaming\hotspot shield"Failed to delete: [Folder] "C:\Program Files (x86)\hotspot shield"~~~ FireFoxEmptied folder: C:\Users\Gabe\AppData\Roaming\mozilla\firefox\profiles\jeur3bn4.default\minidumps [1 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 09/10/2013 at 21:01:31.67End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728197 Share Posted September 11, 2013 # AdwCleaner v3.003 - Report created 10/09/2013 at 21:16:38# Updated 07/09/2013 by Xplode# Operating System : Windows 8 (64 bits)# Username : Gabe - SYSADMIN# Running from : C:\Users\Gabe\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}File Deleted : C:\Users\Gabe\AppData\Local\Temp\Uninstall.exe***** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16660-\\ Mozilla Firefox v23.0.1 (en-US)[ File : C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.default\prefs.js ]*************************AdwCleaner[R0].txt - [1164 octets] - [10/09/2013 21:05:35]AdwCleaner[s0].txt - [1091 octets] - [10/09/2013 21:16:38]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1151 octets] ########## Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728199 Share Posted September 11, 2013 Please reboot the computer and run the MBAR scanner again Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728230 Share Posted September 11, 2013 no cleanup needed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728239 Share Posted September 11, 2013 I'm not sure what you mean by that statement. Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728240 Share Posted September 11, 2013 thats what it said after the scan,. doing eset now, will post log when complete. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728241 Share Posted September 11, 2013 Okay, I assume you mean the 2nd run of MBAR found nothing else this time. Go ahead and post the other logs when ready. Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728259 Share Posted September 11, 2013 Yes, the 2nds MBAR scan. Here is the ESET log. C:\Users\Gabe\AppData\Local\Temp\dlm5D8C.tmp\AdvancedScantoPDFFree.exe Win32/OpenCandy potentially unsafe application No actionC:\Users\Gabe\Downloads\cbsidlm-cbsi127-KMPlayer-SEO-10659939.exe probably a variant of Win32/CNETInstaller.A potentially unwanted application No actionC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe probably a variant of Win32/CNETInstaller.A potentially unwanted application No actionC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe probably a variant of Win32/CNETInstaller.A potentially unwanted application No actionC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe probably a variant of Win32/CNETInstaller.A potentially unwanted application No actionC:\Users\Gabe\Downloads\cbsidlm-tr1_14-3GP_Player-SEO-10881638.exe Win32/DownloadAdmin.G potentially unwanted application No actionC:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe Win32/DownloadAdmin.G potentially unwanted application No actionC:\Users\Gabe\Downloads\KMPlayer_3.6.0.87.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application No action Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728275 Share Posted September 11, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013Ran by Gabe (administrator) on SYSADMIN on 10-09-2013 23:45:32Running from C:\Users\Gabe\DesktopWindows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe() C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe(wj32) C:\Program Files\Process Hacker 2\ProcessHacker.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-05-06] (Realtek Semiconductor)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)HKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)MountPoints2: {03119575-fc2b-11e2-be6a-806e6f6e6963} - "D:\SETUP.EXE"HKLM-x32\...\Run: [AntiLogger] - C:\Program Files (x86)\AntiLogger\AntiLogger.exe [17780136 2013-09-09] (Zemana Ltd.)BootExecute: autocheck autochk * BootDefrag.exe==================== Internet (Whitelisted) ====================ProxyServer: 127.0.0.1:48627HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {4372E590-7695-4EC2-97A9-962BD3B31DC6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJSBHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11FireFox:========FF ProfilePath: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.defaultFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.comFF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSKFF Extension: No Name - C:\Program Files\McAfee\MSKFF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird==================== Services (Whitelisted) =================S2 0222411378878482mcinstcleanup; C:\Users\Gabe\AppData\Local\Temp\022241~1.EXE [834664 2013-07-30] (McAfee, Inc.)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-15] (Broadcom Corporation.)R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-25] (Microsoft Corporation)R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]S2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [x]==================== Drivers (Whitelisted) ====================R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-10] (Zemana Ltd.)R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-10] (Zemana Ltd.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-15] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-05-31] (Microsoft Corporation)R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-08-03] (Microsoft Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-08-12] (AnchorFree Inc.)R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-22] (Zemana Ltd.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-13] (Synaptics Incorporated)R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [x]S3 btwavdt; \SystemRoot\System32\drivers\btwavdt.sys [x]S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [x]S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [x]S0 cfwids; system32\drivers\cfwids.sys [x]S0 mfeapfk; system32\drivers\mfeapfk.sys [x]R0 mfeavfk; system32\drivers\mfeavfk.sys [x]U3 mfeavfk01; No ImagePathS0 mfeelamk; system32\drivers\mfeelamk.sys [x]S0 mfefirek; system32\drivers\mfefirek.sys [x]R0 mfehidk; system32\drivers\mfehidk.sys [x]S0 mferkdet; \SystemRoot\system32\drivers\mferkdet.sys [x]R0 mfewfpk; system32\drivers\mfewfpk.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-10 23:44 - 2013-09-10 23:45 - 01949408 _____ (Farbar) C:\Users\Gabe\Desktop\FRST64.exe2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Program Files\ESET2013-09-10 22:41 - 2013-09-10 22:41 - 01415824 _____ (ESET) C:\Users\Gabe\Desktop\eset_nod32_antivirus_live_installer.exe2013-09-10 21:23 - 2013-09-10 21:23 - 02347384 _____ (ESET) C:\Users\Gabe\Desktop\esetsmartinstaller_enu.exe2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-10 21:05 - 2013-09-10 21:16 - 00000000 ____D C:\AdwCleaner2013-09-10 21:04 - 2013-09-10 21:04 - 01037278 _____ C:\Users\Gabe\Desktop\AdwCleaner.exe2013-09-10 21:01 - 2013-09-10 21:01 - 00002162 _____ C:\Users\Gabe\Desktop\JRT.txt2013-09-10 20:51 - 2013-09-10 20:51 - 00000000 ____D C:\Windows\ERUNT2013-09-10 20:50 - 2013-09-10 20:50 - 01029490 _____ (Thisisu) C:\Users\Gabe\Desktop\JRT.exe2013-09-10 20:20 - 2013-09-10 22:39 - 00000000 ____D C:\Users\Gabe\Desktop\mbar2013-09-10 20:20 - 2013-09-10 20:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Gabe\Desktop\mbar-1.07.0.1005.exe2013-09-10 20:17 - 2013-09-10 20:17 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64(1).exe2013-09-10 20:12 - 2013-09-10 20:12 - 00001771 _____ C:\Users\Gabe\Desktop\RKreport[0]_S_09102013_201228.txt2013-09-10 20:09 - 2013-09-10 20:59 - 00000000 ____D C:\Users\Gabe\Desktop\RK_Quarantine2013-09-10 20:07 - 2013-09-10 20:07 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64.exe2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Tiffany\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Gabe\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Tiffany\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Gabe\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000000 ____D C:\Windows\ERDNT2013-09-10 20:06 - 2013-09-10 20:07 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-10 20:06 - 2013-09-10 20:06 - 00791393 _____ (Lars Hederer ) C:\Users\Gabe\Desktop\erunt-setup.exe2013-09-10 20:05 - 2013-09-10 20:46 - 00002424 _____ C:\Users\Gabe\Desktop\Rkill.txt2013-09-10 20:05 - 2013-09-10 20:05 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Gabe\Desktop\rkill.exe2013-09-10 20:05 - 2013-09-10 20:05 - 00000000 ____D C:\Users\Gabe\Desktop\rkill2013-09-10 19:40 - 2013-09-10 19:40 - 00024917 _____ C:\Users\Gabe\Desktop\DDS 10 Sep 13.txt2013-09-10 19:35 - 2013-09-10 19:38 - 00024917 _____ C:\Users\Gabe\Desktop\dds.txt2013-09-10 19:35 - 2013-09-10 19:38 - 00012515 _____ C:\Users\Gabe\Desktop\attach.txt2013-09-10 19:34 - 2013-09-10 19:34 - 00688992 ____R (Swearware) C:\Users\Gabe\Desktop\dds.scr2013-09-10 09:11 - 2013-09-10 09:11 - 05312512 _____ C:\Users\Gabe\Documents\proof.evtx2013-09-10 09:11 - 2013-09-10 09:11 - 00000000 ____D C:\Users\Gabe\Documents\LocaleMetaData2013-09-10 08:29 - 2013-09-10 08:29 - 00312280 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-10 08:24 - 2013-09-10 08:24 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2013-09-10 08:24 - 2013-09-10 08:24 - 00000913 _____ C:\Users\Public\Desktop\AntiLogger.lnk2013-09-10 08:24 - 2013-09-10 08:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger2013-09-10 08:23 - 2013-09-10 08:24 - 00000000 ____D C:\Users\Gabe\AppData\Local\Zemana2013-09-10 08:23 - 2013-09-10 08:23 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst2013-09-10 08:23 - 2013-07-22 18:23 - 00025056 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys2013-09-10 08:23 - 2013-07-22 18:22 - 06525952 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll2013-09-10 08:21 - 2013-09-10 08:22 - 21264112 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\Zemana_AntiLogger_1.9.3.502.exe2013-09-10 08:20 - 2013-09-10 08:29 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-09-10 08:20 - 2013-09-10 08:20 - 00000000 ____D C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 08:19 - 2013-09-10 08:19 - 04322816 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe2013-09-10 08:04 - 2013-09-10 08:04 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-09-10 08:03 - 2013-09-10 20:53 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield2013-09-10 08:03 - 2013-09-10 08:03 - 00583584 _____ C:\Users\Gabe\Downloads\hotspotshield-setup.exe2013-09-10 08:03 - 2013-09-10 08:03 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini2013-09-10 08:03 - 2013-08-12 16:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-09-10 07:08 - 2013-09-10 07:08 - 00002107 _____ C:\Users\Public\Desktop\Who Is On My Wifi.lnk2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Program Files (x86)\IO3O LLC2013-09-08 16:28 - 2013-09-08 16:32 - 767623168 ____R C:\Users\Gabe\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso2013-09-08 16:04 - 2013-09-08 16:04 - 00000000 ____H C:\Users\Gabe\Documents\Default.rdp2013-09-08 09:41 - 2013-09-08 09:41 - 16243768 _____ C:\Users\Gabe\Downloads\Glary_Utilities_v3.9.1.exe2013-09-08 08:24 - 2013-07-25 22:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2013-09-08 08:24 - 2013-07-25 22:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2013-09-08 08:23 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-09-08 08:23 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-09-08 08:23 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-09-08 08:23 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-09-08 08:23 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-09-08 08:23 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-09-08 08:23 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-09-08 08:23 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-09-08 08:23 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-08 08:23 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-08 08:23 - 2013-07-25 20:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2013-09-08 08:23 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-08 08:23 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-08 08:23 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-08 08:23 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-08 08:23 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-08 08:23 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-08 08:23 - 2013-07-25 17:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2013-09-08 08:23 - 2013-07-12 23:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-09-08 08:23 - 2013-07-12 23:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-09-08 08:23 - 2013-07-12 23:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-09-08 08:23 - 2013-07-12 23:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll2013-09-08 08:23 - 2013-07-12 23:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll2013-09-08 08:23 - 2013-07-12 21:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-09-08 08:23 - 2013-07-12 21:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-09-08 08:23 - 2013-07-12 21:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll2013-09-08 08:23 - 2013-07-12 21:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll2013-09-08 08:23 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys2013-09-08 08:23 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe2013-09-08 08:23 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe2013-09-08 08:23 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll2013-09-08 08:23 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll2013-09-08 08:23 - 2013-07-05 17:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2013-09-08 08:23 - 2013-07-02 17:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2013-09-08 08:23 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll2013-09-08 08:23 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2013-09-08 08:23 - 2013-07-02 17:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-09-08 08:23 - 2013-07-02 17:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2013-09-08 08:23 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll2013-09-08 08:23 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2013-09-08 08:23 - 2013-07-02 16:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-09-08 08:23 - 2013-07-01 17:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2013-09-08 08:23 - 2013-07-01 15:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml2013-09-08 08:23 - 2013-07-01 15:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2013-09-08 08:23 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe2013-09-08 08:23 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe2013-09-08 08:23 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys2013-09-08 08:23 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys2013-09-08 08:23 - 2013-06-28 22:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys2013-09-08 08:23 - 2013-06-28 18:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2013-09-08 08:23 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys2013-09-08 08:23 - 2013-06-25 19:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys2013-09-08 08:23 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2013-09-08 08:23 - 2013-06-24 15:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll2013-09-08 08:23 - 2013-06-24 15:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll2013-09-08 08:23 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll2013-09-08 08:23 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll2013-09-08 08:23 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll2013-09-08 08:23 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll2013-09-08 08:23 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll2013-09-08 08:23 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll2013-09-08 08:23 - 2013-06-10 14:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys2013-09-08 08:23 - 2013-06-10 12:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll2013-09-08 08:23 - 2013-06-10 12:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-09-08 08:23 - 2013-06-10 12:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL2013-09-08 08:23 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-09-08 08:23 - 2013-06-10 12:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll2013-09-08 08:23 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL2013-09-08 08:23 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS2013-09-08 08:22 - 2013-07-08 23:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-09-08 08:22 - 2013-05-23 16:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-09-08 08:22 - 2013-05-23 15:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-09-08 07:58 - 2013-09-10 08:29 - 00002960 _____ C:\Windows\PFRO.log2013-09-08 03:25 - 2013-09-08 03:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02013-09-07 09:18 - 2013-09-07 09:18 - 01448299 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130820164851.3gp2013-09-07 09:15 - 2013-09-07 09:15 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130821123433.3gp2013-09-07 09:14 - 2013-09-07 09:15 - 00475112 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822103012.3gp2013-09-07 09:12 - 2013-09-07 09:12 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822123215.3gp2013-09-07 08:43 - 2013-09-07 08:43 - 00356352 _____ C:\Users\Gabe\Downloads\log.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00064000 _____ C:\Users\Gabe\Downloads\contact.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00040448 _____ C:\Users\Gabe\Downloads\logcall.xls2013-09-04 14:58 - 2013-09-04 14:58 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe2013-09-04 14:39 - 2013-09-04 14:49 - 00000000 ____D C:\Program Files (x86)\JGS-Scan2013-09-04 14:39 - 2013-09-04 14:38 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe2013-09-04 14:38 - 2013-09-04 14:38 - 04907960 _____ () C:\Users\Gabe\Downloads\JGS-Scan3.exe2013-09-04 14:37 - 2013-09-04 14:37 - 00584600 _____ C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe2013-09-03 19:16 - 2013-09-10 22:48 - 00000000 ____D C:\Program Files\McAfee2013-09-03 19:16 - 2013-09-04 15:05 - 00000000 ____D C:\Program Files (x86)\McAfee2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files\McAfee.com2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files\Common Files\McAfee2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files (x86)\McAfee.com2013-09-03 19:07 - 2013-09-03 19:08 - 00000000 ____D C:\Program Files\stinger2013-09-03 19:07 - 2013-09-03 19:07 - 00000000 ____D C:\Stinger_Quarantine2013-09-03 19:06 - 2013-09-03 19:06 - 04900592 _____ (McAfee, Inc.) C:\Users\Gabe\Downloads\McAfeeSetup-Serial.exe2013-09-03 19:06 - 2013-02-19 13:56 - 00182752 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.d0c0.deleteme2013-09-03 18:57 - 2013-09-03 18:57 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-26 06:13 - 2013-08-26 06:15 - 116778590 _____ C:\Users\Gabe\Downloads\GET A LIFE 1627.mp42013-08-26 06:10 - 2013-08-26 06:11 - 78900943 _____ C:\Users\Gabe\Downloads\SACKCHASING COUGAR.mp42013-08-26 06:09 - 2013-08-26 06:10 - 89449556 _____ C:\Users\Gabe\Downloads\PL1300.mp42013-08-26 06:09 - 2013-08-26 06:10 - 60828557 _____ C:\Users\Gabe\Downloads\WORTHLESS LOSER.mp42013-08-26 06:09 - 2013-08-26 06:09 - 76704889 _____ C:\Users\Gabe\Downloads\LIVING WITH PARENTS AT 40.mp42013-08-26 06:03 - 2013-08-26 06:04 - 53457437 _____ C:\Users\Gabe\Downloads\FD1902.mp42013-08-26 06:03 - 2013-08-26 06:04 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750WW.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FFFF.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD175022.mp42013-08-26 06:02 - 2013-08-26 06:03 - 20270529 _____ C:\Users\Gabe\Downloads\FD2000-FINISH.mp42013-08-26 05:58 - 2013-08-26 05:58 - 44342458 _____ C:\Users\Gabe\Downloads\11.mp42013-08-26 05:58 - 2013-08-26 05:58 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750.mp42013-08-26 05:58 - 2013-08-26 05:58 - 34018519 _____ C:\Users\Gabe\Downloads\FD1705.mp42013-08-26 05:57 - 2013-08-26 05:58 - 40459964 _____ C:\Users\Gabe\Downloads\1.mp42013-08-26 05:52 - 2013-08-26 05:53 - 40459964 _____ C:\Users\Gabe\Downloads\FD21AUG1530.mp42013-08-26 05:52 - 2013-08-26 05:52 - 39933685 _____ C:\Users\Gabe\Downloads\FD21AUG1430.mp42013-08-26 05:51 - 2013-08-26 05:52 - 54647286 _____ C:\Users\Gabe\Downloads\My New Clip33.mp42013-08-26 05:49 - 2013-08-26 05:49 - 39940067 _____ C:\Users\Gabe\Downloads\FD21AUG1310.mp42013-08-26 05:48 - 2013-08-26 05:49 - 39142968 _____ C:\Users\Gabe\Downloads\FrontDoor21Aug1215.mp42013-08-26 05:31 - 2013-08-26 05:32 - 54647286 _____ C:\Users\Gabe\Downloads\Front Door 21August.mp42013-08-26 05:30 - 2013-08-26 05:31 - 58247011 _____ C:\Users\Gabe\Downloads\BR13AUG1510.mp42013-08-26 05:30 - 2013-08-26 05:30 - 40918583 _____ C:\Users\Gabe\Downloads\BR13AUG1415.mp42013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apple Computer2013-08-25 13:39 - 2013-08-26 05:15 - 00000000 ____D C:\Users\Gabe\Documents\NACI_data2013-08-25 13:39 - 2013-08-25 22:21 - 00072588 _____ C:\Users\Gabe\Documents\NACI.aup2013-08-25 13:16 - 2013-08-25 13:18 - 236588638 _____ C:\Users\Gabe\Documents\NACI.wav2013-08-25 11:10 - 2013-08-25 11:10 - 00000000 ____D C:\Users\Gabe\Downloads\MP_ROOT2013-08-23 12:34 - 2013-08-23 12:34 - 00461312 _____ C:\Users\Gabe\Downloads\1.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00461312 _____ C:\Users\Gabe\Downloads\213991775063143SMS.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00047616 _____ C:\Users\Gabe\Downloads\213991775063143CALL.xls2013-08-23 11:49 - 2013-08-23 12:30 - 00191488 _____ C:\Users\Gabe\Downloads\213991775063143LOCATION.xls2013-08-22 22:12 - 2013-08-22 22:12 - 00685123 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130819081157-6029782496.3gp2013-08-22 22:12 - 2013-08-22 22:12 - 00087795 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130814211449-6025732886.3gp2013-08-22 09:21 - 2013-08-22 09:22 - 00000000 ____D C:\Users\Gabe\Documents\Cinematic_Music_Group-Big_K.R.I.T-King_Remembered_In_Time2013-08-22 09:08 - 2013-08-22 09:08 - 00000000 ____D C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 07:55 - 2013-08-24 05:36 - 00000075 _____ C:\DiskDefrag.log2013-08-22 07:55 - 2013-08-22 07:55 - 00002622 _____ C:\Windows\System32\Tasks\GlaryInitialize 32013-08-22 07:55 - 2013-08-22 07:55 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk2013-08-22 07:55 - 2013-08-20 02:21 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2013-08-22 07:54 - 2013-09-10 22:15 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 32013-08-22 07:54 - 2013-09-10 21:19 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 3.job2013-08-22 07:54 - 2013-08-22 07:54 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 07:47 - 2013-08-22 07:47 - 16136496 _____ C:\Users\Gabe\Downloads\gu3setup.exe2013-08-22 06:52 - 2013-08-22 08:44 - 00000000 ____D C:\Program Files (x86)\WinAce2013-08-22 06:52 - 2013-08-22 06:52 - 04042444 _____ (e-merge GmbH) C:\Users\Gabe\Downloads\wace269i.exe2013-08-22 06:52 - 2013-08-22 06:52 - 00000951 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk2013-08-22 06:49 - 2013-08-22 06:49 - 00862521 _____ C:\Users\Gabe\Downloads\videosnarf-0.63.tar.gz2013-08-22 04:44 - 2013-08-22 04:44 - 00582605 _____ C:\Users\Gabe\Downloads\Winamp_Essentials_6_7_8_9_10_11_12_13_14.exe2013-08-21 01:47 - 2013-08-21 01:47 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Apple Computer2013-08-20 15:10 - 2013-08-24 12:52 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-20 15:09 - 2013-08-24 12:52 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-20 15:09 - 2013-08-20 15:09 - 00502848 _____ (NCH Software) C:\Users\Gabe\Downloads\switchsetup.exe2013-08-20 15:04 - 2013-08-20 15:11 - 00000000 ____D C:\Users\Gabe\Documents\Audio from Tim Mcgraw Burglary2013-08-20 14:53 - 2013-08-20 14:56 - 470418208 _____ C:\Users\Gabe\Downloads\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.exe2013-08-20 14:45 - 2013-08-20 14:45 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe2013-08-20 14:18 - 2013-08-20 14:18 - 00979928 _____ (CyberLink) C:\Users\Gabe\Downloads\CyberLink_PowerDirector_Downloader.exe2013-08-20 13:22 - 2013-08-25 13:11 - 00000000 ____D C:\Users\Public\CyberLink2013-08-20 13:22 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Gabe\Documents\CyberLink2013-08-20 13:20 - 2013-08-20 13:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\CyberLink2013-08-20 13:14 - 2013-08-22 08:44 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-08-20 13:14 - 2013-08-20 13:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-08-20 12:40 - 2013-08-23 02:06 - 00000000 ____D C:\Users\Gabe\Downloads\CyberLink Power Director 11 Ultra DeLtA Sn1p3r2013-08-20 12:35 - 2013-08-20 12:37 - 00838896 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp4.sfk2013-08-20 12:32 - 2013-08-20 12:37 - 00886196 _____ C:\Users\Gabe\Downloads\10aug1921.mp4.sfk2013-08-20 12:20 - 2013-08-26 05:30 - 63503421 _____ C:\Users\Gabe\Downloads\BR13AUG1330.mp42013-08-20 12:17 - 2013-08-20 12:18 - 52289079 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 1 of 2).mp42013-08-20 12:17 - 2013-08-20 12:18 - 31723429 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 2 of 2).mp42013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys2013-08-20 02:05 - 2013-08-20 02:08 - 43723137 _____ C:\Users\Gabe\Downloads\LR13AUG0515.mp42013-08-20 01:58 - 2013-08-20 02:05 - 44618151 _____ C:\Users\Gabe\Downloads\LR13AUG0420.mp42013-08-20 01:56 - 2013-08-20 02:05 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0325.mp42013-08-20 01:52 - 2013-08-20 02:02 - 75121062 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp42013-08-20 01:51 - 2013-08-20 01:58 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0235.mp42013-08-20 01:42 - 2013-08-20 01:49 - 90665926 _____ C:\Users\Gabe\Downloads\LR13AUG0146.mp42013-08-20 01:35 - 2013-08-20 01:37 - 28597549 _____ C:\Users\Gabe\Downloads\BR13AUG0132 (Part 1 of 2).mp42013-08-20 01:35 - 2013-08-20 01:35 - 00000000 _____ C:\Users\Gabe\Downloads\BR13AUG1332 (Part 2 of 2).mp42013-08-19 17:40 - 2013-08-20 07:11 - 00000032 _____ C:\Users\Gabe\AppData\Roaming\mbam.context.scan2013-08-19 13:50 - 2013-08-19 13:50 - 00685123 _____ C:\Users\Gabe\Downloads\CC.3gp2013-08-19 13:49 - 2013-08-19 13:49 - 00650639 _____ C:\Users\Gabe\Downloads\DAD.3gp2013-08-19 13:47 - 2013-08-19 13:47 - 01457652 _____ (Repair Video, Inc. ) C:\Users\Gabe\Desktop\asf_avi_rm_wmv_repair.exe2013-08-18 23:44 - 2013-08-18 23:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-18 23:44 - 2013-08-18 23:44 - 00000291 _____ C:\AdwCleaner[s2].txt2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 23:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-08-18 23:43 - 2013-08-18 23:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabe\Downloads\mbam-setup-1.75.0.1300.exe2013-08-18 10:45 - 2013-08-18 10:46 - 52273262 _____ C:\Users\Gabe\Downloads\10aug2155.mp42013-08-18 10:45 - 2013-08-18 10:45 - 05730942 _____ C:\Users\Gabe\Downloads\item.mp42013-08-18 07:11 - 2013-08-18 07:11 - 00002006 _____ C:\AdwCleaner[s1].txt2013-08-18 07:09 - 2013-08-18 07:09 - 00891115 _____ C:\Users\Gabe\Downloads\SecurityCheck.exe2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB4C8.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB080.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAP79BE.tmp2013-08-18 07:05 - 2013-08-20 07:46 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-18 07:03 - 2013-08-18 07:03 - 00001841 _____ C:\Users\Gabe\Desktop\Process Hacker 2.lnk2013-08-18 07:03 - 2013-08-18 07:03 - 00000000 ____D C:\Program Files\Process Hacker 22013-08-17 22:56 - 2013-08-17 23:04 - 96836088 _____ C:\Users\Gabe\Downloads\10aug2004.avi2013-08-17 22:55 - 2013-08-17 22:55 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe2013-08-17 22:52 - 2013-08-26 08:14 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Audacity2013-08-17 22:52 - 2013-08-17 22:52 - 00001007 _____ C:\Users\Gabe\Desktop\Audacity.lnk2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Audacity2013-08-17 22:51 - 2013-08-17 22:52 - 21281052 _____ (Audacity Team ) C:\Users\Gabe\Downloads\audacity-win-2.0.3.exe2013-08-17 22:50 - 2013-08-17 22:50 - 01856092 _____ (wj32 ) C:\Users\Gabe\Downloads\processhacker-2.31-setup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 01618718 _____ (UpsideOut, Inc. ) C:\Users\Gabe\Downloads\ProxifySetup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 00001199 _____ C:\Users\Public\Desktop\Proxify Tray Application.lnk2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files (x86)\Proxify Tray Application2013-08-17 19:37 - 2013-08-17 19:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2013-08-17 15:13 - 2013-08-17 15:14 - 68162708 _____ C:\Users\Gabe\Downloads\10aug2133.mp42013-08-17 15:13 - 2013-08-17 15:13 - 68174687 _____ C:\Users\Gabe\Downloads\10aug1921.mp42013-08-17 15:12 - 2013-08-17 15:13 - 52554458 _____ C:\Users\Gabe\Downloads\10aug2112.mp42013-08-17 15:08 - 2013-08-17 15:09 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20041.mp42013-08-17 15:07 - 2013-08-17 15:08 - 47703588 _____ C:\Users\Gabe\Downloads\10aug2006.mp42013-08-17 15:06 - 2013-08-17 15:07 - 68020484 _____ C:\Users\Gabe\Downloads\10aug2004.mp42013-08-17 14:15 - 2013-08-17 14:15 - 68020484 _____ C:\Users\Gabe\Downloads\22222.mp42013-08-17 14:14 - 2013-08-17 14:14 - 47703588 _____ C:\Users\Gabe\Downloads\10Augbedroom.mp42013-08-17 14:11 - 2013-08-17 14:11 - 68020484 _____ C:\Users\Gabe\Downloads\My New Clipjjj.mp42013-08-17 13:57 - 2013-08-17 13:58 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20101.mp42013-08-17 13:56 - 2013-08-17 13:56 - 35517108 _____ C:\Users\Gabe\Downloads\19aug7pm.mp42013-08-17 06:46 - 2013-08-17 06:46 - 08163216 _____ C:\Users\Gabe\Downloads\12AUG2149.mp42013-08-17 06:45 - 2013-08-17 06:45 - 07722827 _____ C:\Users\Gabe\Downloads\15AUG1717.mp42013-08-17 06:44 - 2013-08-17 06:45 - 144556875 _____ C:\Users\Gabe\Downloads\7AUG1133.mp42013-08-17 06:43 - 2013-08-17 06:43 - 10074467 _____ C:\Users\Gabe\Downloads\7AUG1852.mp42013-08-17 06:42 - 2013-08-17 06:42 - 07572170 _____ C:\Users\Gabe\Downloads\3AUG.mp42013-08-17 06:36 - 2013-08-17 06:37 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010(2).mp42013-08-17 06:35 - 2013-08-17 06:36 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010.mp42013-08-17 06:35 - 2013-08-17 06:35 - 06246836 _____ C:\Users\Gabe\Downloads\12AUG0615.mp42013-08-17 06:34 - 2013-08-17 06:34 - 08811349 _____ C:\Users\Gabe\Downloads\10AUG1923.mp42013-08-17 06:33 - 2013-08-17 06:35 - 57246322 _____ C:\Users\Gabe\Downloads\46.mp42013-08-17 05:45 - 2013-08-17 05:45 - 24192489 _____ C:\Users\Gabe\Downloads\45.mp42013-08-17 05:37 - 2013-08-17 05:37 - 08811349 _____ C:\Users\Gabe\Downloads\44.mp42013-08-17 04:33 - 2013-08-03 05:40 - 00000836 _____ C:\Users\Gabe\Documents\kp[.cer2013-08-17 03:38 - 2013-08-17 03:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-17 03:38 - 2013-08-17 03:38 - 00000000 ____D C:\Program Files (x86)\Java2013-08-17 01:37 - 2013-08-17 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-15 17:25 - 2013-08-15 17:26 - 07722827 _____ C:\Users\Gabe\Downloads\3333.mp42013-08-15 10:49 - 2013-08-15 10:49 - 00567391 _____ C:\Users\Gabe\Documents\334.3gp2013-08-14 23:02 - 2013-08-14 23:02 - 08163216 _____ C:\Users\Gabe\Downloads\My Ne.mp42013-08-13 03:16 - 2013-08-13 03:17 - 144556875 _____ C:\Users\Gabe\Downloads\22.mp42013-08-13 01:46 - 2013-08-22 08:45 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Yahoo!2013-08-13 01:45 - 2013-08-13 01:45 - 00001137 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk2013-08-13 01:44 - 2013-08-20 10:41 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-13 01:44 - 2013-08-13 01:44 - 00442040 _____ (Yahoo! Inc.) C:\Users\Gabe\Downloads\msgr11us.exe2013-08-13 00:47 - 2013-08-13 10:30 - 00000000 ____D C:\Users\Gabe\Downloads\Epic (2013)2013-08-13 00:47 - 2013-08-13 00:51 - 00000000 ____D C:\Users\Gabe\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL2013-08-13 00:46 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Oblivion (2013) [1080p]2013-08-12 16:10 - 2013-08-12 16:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys2013-08-12 13:25 - 2013-08-12 13:26 - 06246836 _____ C:\Users\Gabe\Downloads\My New Clip(2).mp42013-08-12 06:41 - 2013-08-12 06:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf==================== One Month Modified Files and Folders =======2013-09-10 23:45 - 2013-09-10 23:44 - 01949408 _____ (Farbar) C:\Users\Gabe\Desktop\FRST64.exe2013-09-10 23:40 - 2013-08-09 11:40 - 00000000 ____D C:\wifidata2013-09-10 23:00 - 2013-08-03 04:00 - 01153861 _____ C:\Windows\WindowsUpdate.log2013-09-10 23:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru2013-09-10 22:48 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files\McAfee2013-09-10 22:48 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Program Files\ESET2013-09-10 22:41 - 2013-09-10 22:41 - 01415824 _____ (ESET) C:\Users\Gabe\Desktop\eset_nod32_antivirus_live_installer.exe2013-09-10 22:39 - 2013-09-10 20:20 - 00000000 ____D C:\Users\Gabe\Desktop\mbar2013-09-10 22:21 - 2012-07-26 00:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-10 22:20 - 2013-08-07 16:14 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3684579750-837988229-3943600733-10022013-09-10 22:15 - 2013-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 32013-09-10 22:14 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-10 22:13 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI2013-09-10 21:23 - 2013-09-10 21:23 - 02347384 _____ (ESET) C:\Users\Gabe\Desktop\esetsmartinstaller_enu.exe2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-10 21:22 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM2013-09-10 21:19 - 2013-08-22 07:54 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 3.job2013-09-10 21:16 - 2013-09-10 21:05 - 00000000 ____D C:\AdwCleaner2013-09-10 21:04 - 2013-09-10 21:04 - 01037278 _____ C:\Users\Gabe\Desktop\AdwCleaner.exe2013-09-10 21:01 - 2013-09-10 21:01 - 00002162 _____ C:\Users\Gabe\Desktop\JRT.txt2013-09-10 20:59 - 2013-09-10 20:09 - 00000000 ____D C:\Users\Gabe\Desktop\RK_Quarantine2013-09-10 20:53 - 2013-09-10 08:03 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield2013-09-10 20:51 - 2013-09-10 20:51 - 00000000 ____D C:\Windows\ERUNT2013-09-10 20:50 - 2013-09-10 20:50 - 01029490 _____ (Thisisu) C:\Users\Gabe\Desktop\JRT.exe2013-09-10 20:46 - 2013-09-10 20:05 - 00002424 _____ C:\Users\Gabe\Desktop\Rkill.txt2013-09-10 20:20 - 2013-09-10 20:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Gabe\Desktop\mbar-1.07.0.1005.exe2013-09-10 20:17 - 2013-09-10 20:17 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64(1).exe2013-09-10 20:12 - 2013-09-10 20:12 - 00001771 _____ C:\Users\Gabe\Desktop\RKreport[0]_S_09102013_201228.txt2013-09-10 20:07 - 2013-09-10 20:07 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64.exe2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Tiffany\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Gabe\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Tiffany\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Gabe\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000000 ____D C:\Windows\ERDNT2013-09-10 20:07 - 2013-09-10 20:06 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-10 20:06 - 2013-09-10 20:06 - 00791393 _____ (Lars Hederer ) C:\Users\Gabe\Desktop\erunt-setup.exe2013-09-10 20:05 - 2013-09-10 20:05 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Gabe\Desktop\rkill.exe2013-09-10 20:05 - 2013-09-10 20:05 - 00000000 ____D C:\Users\Gabe\Desktop\rkill2013-09-10 19:40 - 2013-09-10 19:40 - 00024917 _____ C:\Users\Gabe\Desktop\DDS 10 Sep 13.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00024917 _____ C:\Users\Gabe\Desktop\dds.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00012515 _____ C:\Users\Gabe\Desktop\attach.txt2013-09-10 19:36 - 2013-08-09 12:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\uTorrent2013-09-10 19:34 - 2013-09-10 19:34 - 00688992 ____R (Swearware) C:\Users\Gabe\Desktop\dds.scr2013-09-10 09:11 - 2013-09-10 09:11 - 05312512 _____ C:\Users\Gabe\Documents\proof.evtx2013-09-10 09:11 - 2013-09-10 09:11 - 00000000 ____D C:\Users\Gabe\Documents\LocaleMetaData2013-09-10 08:29 - 2013-09-10 08:29 - 00312280 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-10 08:29 - 2013-09-10 08:20 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-09-10 08:29 - 2013-09-08 07:58 - 00002960 _____ C:\Windows\PFRO.log2013-09-10 08:24 - 2013-09-10 08:24 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2013-09-10 08:24 - 2013-09-10 08:24 - 00000913 _____ C:\Users\Public\Desktop\AntiLogger.lnk2013-09-10 08:24 - 2013-09-10 08:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger2013-09-10 08:24 - 2013-09-10 08:23 - 00000000 ____D C:\Users\Gabe\AppData\Local\Zemana2013-09-10 08:23 - 2013-09-10 08:23 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst2013-09-10 08:22 - 2013-09-10 08:21 - 21264112 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\Zemana_AntiLogger_1.9.3.502.exe2013-09-10 08:20 - 2013-09-10 08:20 - 00000000 ____D C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 08:19 - 2013-09-10 08:19 - 04322816 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe2013-09-10 08:04 - 2013-09-10 08:04 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-09-10 08:03 - 2013-09-10 08:03 - 00583584 _____ C:\Users\Gabe\Downloads\hotspotshield-setup.exe2013-09-10 08:03 - 2013-09-10 08:03 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini2013-09-10 07:08 - 2013-09-10 07:08 - 00002107 _____ C:\Users\Public\Desktop\Who Is On My Wifi.lnk2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Program Files (x86)\IO3O LLC2013-09-10 07:08 - 2013-08-09 11:39 - 05228920 _____ (IO3O LLC ) C:\Users\Gabe\Downloads\mywifi.exe2013-09-08 16:32 - 2013-09-08 16:28 - 767623168 ____R C:\Users\Gabe\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso2013-09-08 16:31 - 2013-08-07 16:12 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony Corporation2013-09-08 16:31 - 2013-08-03 04:47 - 00000000 ____D C:\Program Files (x86)\Sony2013-09-08 16:04 - 2013-09-08 16:04 - 00000000 ____H C:\Users\Gabe\Documents\Default.rdp2013-09-08 11:03 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\WinStore2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Windows Defender2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-09-08 10:36 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe2013-09-08 09:41 - 2013-09-08 09:41 - 16243768 _____ C:\Users\Gabe\Downloads\Glary_Utilities_v3.9.1.exe2013-09-08 08:26 - 2013-08-07 16:53 - 00000000 ____D C:\Windows\system32\MRT2013-09-08 08:25 - 2013-08-07 16:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-08 07:20 - 2013-08-03 05:22 - 00000000 ____D C:\Program Files (x86)\CyberLink2013-09-08 07:20 - 2013-08-03 04:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-09-08 07:08 - 2012-08-02 18:59 - 00000000 ____D C:\Windows\Panther2013-09-08 06:54 - 2013-08-07 17:13 - 00000022 _____ C:\Windows\Model.txt2013-09-08 03:25 - 2013-09-08 03:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02013-09-07 09:18 - 2013-09-07 09:18 - 01448299 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130820164851.3gp2013-09-07 09:15 - 2013-09-07 09:15 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130821123433.3gp2013-09-07 09:15 - 2013-09-07 09:14 - 00475112 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822103012.3gp2013-09-07 09:12 - 2013-09-07 09:12 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822123215.3gp2013-09-07 08:43 - 2013-09-07 08:43 - 00356352 _____ C:\Users\Gabe\Downloads\log.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00064000 _____ C:\Users\Gabe\Downloads\contact.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00040448 _____ C:\Users\Gabe\Downloads\logcall.xls2013-09-05 17:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-09-04 15:05 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files (x86)\McAfee2013-09-04 14:58 - 2013-09-04 14:58 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe2013-09-04 14:49 - 2013-09-04 14:39 - 00000000 ____D C:\Program Files (x86)\JGS-Scan2013-09-04 14:38 - 2013-09-04 14:39 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe2013-09-04 14:38 - 2013-09-04 14:38 - 04907960 _____ () C:\Users\Gabe\Downloads\JGS-Scan3.exe2013-09-04 14:37 - 2013-09-04 14:37 - 00584600 _____ C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe2013-09-04 14:35 - 2013-08-07 16:08 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Adobe2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files\McAfee.com2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files\Common Files\McAfee2013-09-03 19:16 - 2013-09-03 19:16 - 00000000 ____D C:\Program Files (x86)\McAfee.com2013-09-03 19:08 - 2013-09-03 19:07 - 00000000 ____D C:\Program Files\stinger2013-09-03 19:07 - 2013-09-03 19:07 - 00000000 ____D C:\Stinger_Quarantine2013-09-03 19:06 - 2013-09-03 19:06 - 04900592 _____ (McAfee, Inc.) C:\Users\Gabe\Downloads\McAfeeSetup-Serial.exe2013-09-03 18:57 - 2013-09-03 18:57 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-26 08:14 - 2013-08-17 22:52 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Audacity2013-08-26 06:15 - 2013-08-26 06:13 - 116778590 _____ C:\Users\Gabe\Downloads\GET A LIFE 1627.mp42013-08-26 06:11 - 2013-08-26 06:10 - 78900943 _____ C:\Users\Gabe\Downloads\SACKCHASING COUGAR.mp42013-08-26 06:10 - 2013-08-26 06:09 - 89449556 _____ C:\Users\Gabe\Downloads\PL1300.mp42013-08-26 06:10 - 2013-08-26 06:09 - 60828557 _____ C:\Users\Gabe\Downloads\WORTHLESS LOSER.mp42013-08-26 06:09 - 2013-08-26 06:09 - 76704889 _____ C:\Users\Gabe\Downloads\LIVING WITH PARENTS AT 40.mp42013-08-26 06:04 - 2013-08-26 06:03 - 53457437 _____ C:\Users\Gabe\Downloads\FD1902.mp42013-08-26 06:04 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750WW.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FFFF.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD175022.mp42013-08-26 06:03 - 2013-08-26 06:02 - 20270529 _____ C:\Users\Gabe\Downloads\FD2000-FINISH.mp42013-08-26 05:58 - 2013-08-26 05:58 - 44342458 _____ C:\Users\Gabe\Downloads\11.mp42013-08-26 05:58 - 2013-08-26 05:58 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750.mp42013-08-26 05:58 - 2013-08-26 05:58 - 34018519 _____ C:\Users\Gabe\Downloads\FD1705.mp42013-08-26 05:58 - 2013-08-26 05:57 - 40459964 _____ C:\Users\Gabe\Downloads\1.mp42013-08-26 05:53 - 2013-08-26 05:52 - 40459964 _____ C:\Users\Gabe\Downloads\FD21AUG1530.mp42013-08-26 05:52 - 2013-08-26 05:52 - 39933685 _____ C:\Users\Gabe\Downloads\FD21AUG1430.mp42013-08-26 05:52 - 2013-08-26 05:51 - 54647286 _____ C:\Users\Gabe\Downloads\My New Clip33.mp42013-08-26 05:49 - 2013-08-26 05:49 - 39940067 _____ C:\Users\Gabe\Downloads\FD21AUG1310.mp42013-08-26 05:49 - 2013-08-26 05:48 - 39142968 _____ C:\Users\Gabe\Downloads\FrontDoor21Aug1215.mp42013-08-26 05:32 - 2013-08-26 05:31 - 54647286 _____ C:\Users\Gabe\Downloads\Front Door 21August.mp42013-08-26 05:31 - 2013-08-26 05:30 - 58247011 _____ C:\Users\Gabe\Downloads\BR13AUG1510.mp42013-08-26 05:30 - 2013-08-26 05:30 - 40918583 _____ C:\Users\Gabe\Downloads\BR13AUG1415.mp42013-08-26 05:30 - 2013-08-20 12:20 - 63503421 _____ C:\Users\Gabe\Downloads\BR13AUG1330.mp42013-08-26 05:15 - 2013-08-25 13:39 - 00000000 ____D C:\Users\Gabe\Documents\NACI_data2013-08-25 22:21 - 2013-08-25 13:39 - 00072588 _____ C:\Users\Gabe\Documents\NACI.aup2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apple Computer2013-08-25 13:18 - 2013-08-25 13:16 - 236588638 _____ C:\Users\Gabe\Documents\NACI.wav2013-08-25 13:11 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Public\CyberLink2013-08-25 11:10 - 2013-08-25 11:10 - 00000000 ____D C:\Users\Gabe\Downloads\MP_ROOT2013-08-24 12:52 - 2013-08-20 15:10 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-24 12:52 - 2013-08-20 15:09 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-24 05:36 - 2013-08-22 07:55 - 00000075 _____ C:\DiskDefrag.log2013-08-24 02:04 - 2013-08-03 04:53 - 00000000 ____D C:\Program Files\Sony2013-08-23 12:34 - 2013-08-23 12:34 - 00461312 _____ C:\Users\Gabe\Downloads\1.xls2013-08-23 12:30 - 2013-08-23 11:49 - 00191488 _____ C:\Users\Gabe\Downloads\213991775063143LOCATION.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00461312 _____ C:\Users\Gabe\Downloads\213991775063143SMS.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00047616 _____ C:\Users\Gabe\Downloads\213991775063143CALL.xls2013-08-23 02:06 - 2013-08-20 12:40 - 00000000 ____D C:\Users\Gabe\Downloads\CyberLink Power Director 11 Ultra DeLtA Sn1p3r2013-08-22 22:12 - 2013-08-22 22:12 - 00685123 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130819081157-6029782496.3gp2013-08-22 22:12 - 2013-08-22 22:12 - 00087795 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130814211449-6025732886.3gp2013-08-22 21:47 - 2013-08-08 01:25 - 00000000 ____D C:\Users\Tiffany\AppData\Local\Sony Corporation2013-08-22 21:47 - 2013-08-03 04:47 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation2013-08-22 09:34 - 2013-08-08 01:36 - 00007616 _____ C:\Users\Gabe\AppData\Local\resmon.resmoncfg2013-08-22 09:22 - 2013-08-22 09:21 - 00000000 ____D C:\Users\Gabe\Documents\Cinematic_Music_Group-Big_K.R.I.T-King_Remembered_In_Time2013-08-22 09:08 - 2013-08-22 09:08 - 00000000 ____D C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 09:08 - 2013-08-07 21:28 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Mozilla2013-08-22 08:45 - 2013-08-13 01:46 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Yahoo!2013-08-22 08:45 - 2013-08-10 23:59 - 00000000 ____D C:\Users\Gabe\Documents\Sony PMB2013-08-22 08:45 - 2013-08-08 01:20 - 00000000 ____D C:\Users\Tiffany2013-08-22 08:45 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Sony2013-08-22 08:45 - 2013-08-07 16:07 - 00000000 ____D C:\Users\Gabe2013-08-22 08:44 - 2013-08-22 06:52 - 00000000 ____D C:\Program Files (x86)\WinAce2013-08-22 08:44 - 2013-08-20 13:14 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-08-22 08:44 - 2013-08-08 08:32 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-08-22 08:44 - 2012-07-26 01:12 - 00000000 __SHD C:\Program Files\Windows Sidebar2013-08-22 08:44 - 2012-07-25 22:37 - 00000000 __RHD C:\Users\Default2013-08-22 08:43 - 2013-08-03 04:22 - 00000000 ____D C:\Intel2013-08-22 08:00 - 2013-08-09 03:48 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Winamp2013-08-22 07:55 - 2013-08-22 07:55 - 00002622 _____ C:\Windows\System32\Tasks\GlaryInitialize 32013-08-22 07:55 - 2013-08-22 07:55 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk2013-08-22 07:54 - 2013-08-22 07:54 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 07:47 - 2013-08-22 07:47 - 16136496 _____ C:\Users\Gabe\Downloads\gu3setup.exe2013-08-22 06:52 - 2013-08-22 06:52 - 04042444 _____ (e-merge GmbH) C:\Users\Gabe\Downloads\wace269i.exe2013-08-22 06:52 - 2013-08-22 06:52 - 00000951 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk2013-08-22 06:49 - 2013-08-22 06:49 - 00862521 _____ C:\Users\Gabe\Downloads\videosnarf-0.63.tar.gz2013-08-22 04:44 - 2013-08-22 04:44 - 00582605 _____ C:\Users\Gabe\Downloads\Winamp_Essentials_6_7_8_9_10_11_12_13_14.exe2013-08-22 04:44 - 2013-08-09 03:48 - 00000000 ____D C:\Program Files (x86)\Winamp2013-08-21 01:47 - 2013-08-21 01:47 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Apple Computer2013-08-20 15:11 - 2013-08-20 15:04 - 00000000 ____D C:\Users\Gabe\Documents\Audio from Tim Mcgraw Burglary2013-08-20 15:09 - 2013-08-20 15:09 - 00502848 _____ (NCH Software) C:\Users\Gabe\Downloads\switchsetup.exe2013-08-20 14:56 - 2013-08-20 14:53 - 470418208 _____ C:\Users\Gabe\Downloads\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.exe2013-08-20 14:45 - 2013-08-20 14:45 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe2013-08-20 14:18 - 2013-08-20 14:18 - 00979928 _____ (CyberLink) C:\Users\Gabe\Downloads\CyberLink_PowerDirector_Downloader.exe2013-08-20 13:22 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Gabe\Documents\CyberLink2013-08-20 13:20 - 2013-08-20 13:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\CyberLink2013-08-20 13:14 - 2013-08-20 13:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-08-20 12:37 - 2013-08-20 12:35 - 00838896 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp4.sfk2013-08-20 12:37 - 2013-08-20 12:32 - 00886196 _____ C:\Users\Gabe\Downloads\10aug1921.mp4.sfk2013-08-20 12:29 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony2013-08-20 12:18 - 2013-08-20 12:17 - 52289079 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 1 of 2).mp42013-08-20 12:18 - 2013-08-20 12:17 - 31723429 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 2 of 2).mp42013-08-20 10:41 - 2013-08-13 01:44 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-20 10:40 - 2013-08-03 04:44 - 00000000 ____D C:\Program Files\Common Files\Sony Shared2013-08-20 07:46 - 2013-08-18 07:05 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-20 07:11 - 2013-08-19 17:40 - 00000032 _____ C:\Users\Gabe\AppData\Roaming\mbam.context.scan2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys2013-08-20 02:21 - 2013-08-22 07:55 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2013-08-20 02:08 - 2013-08-20 02:05 - 43723137 _____ C:\Users\Gabe\Downloads\LR13AUG0515.mp42013-08-20 02:05 - 2013-08-20 01:58 - 44618151 _____ C:\Users\Gabe\Downloads\LR13AUG0420.mp42013-08-20 02:05 - 2013-08-20 01:56 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0325.mp42013-08-20 02:02 - 2013-08-20 01:52 - 75121062 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp42013-08-20 01:58 - 2013-08-20 01:51 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0235.mp42013-08-20 01:49 - 2013-08-20 01:42 - 90665926 _____ C:\Users\Gabe\Downloads\LR13AUG0146.mp42013-08-20 01:37 - 2013-08-20 01:35 - 28597549 _____ C:\Users\Gabe\Downloads\BR13AUG0132 (Part 1 of 2).mp42013-08-20 01:35 - 2013-08-20 01:35 - 00000000 _____ C:\Users\Gabe\Downloads\BR13AUG1332 (Part 2 of 2).mp42013-08-19 13:50 - 2013-08-19 13:50 - 00685123 _____ C:\Users\Gabe\Downloads\CC.3gp2013-08-19 13:49 - 2013-08-19 13:49 - 00650639 _____ C:\Users\Gabe\Downloads\DAD.3gp2013-08-19 13:47 - 2013-08-19 13:47 - 01457652 _____ (Repair Video, Inc. ) C:\Users\Gabe\Desktop\asf_avi_rm_wmv_repair.exe2013-08-18 23:44 - 2013-08-18 23:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-18 23:44 - 2013-08-18 23:44 - 00000291 _____ C:\AdwCleaner[s2].txt2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 23:44 - 2013-08-18 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabe\Downloads\mbam-setup-1.75.0.1300.exe2013-08-18 10:46 - 2013-08-18 10:45 - 52273262 _____ C:\Users\Gabe\Downloads\10aug2155.mp42013-08-18 10:45 - 2013-08-18 10:45 - 05730942 _____ C:\Users\Gabe\Downloads\item.mp42013-08-18 07:11 - 2013-08-18 07:11 - 00002006 _____ C:\AdwCleaner[s1].txt2013-08-18 07:09 - 2013-08-18 07:09 - 00891115 _____ C:\Users\Gabe\Downloads\SecurityCheck.exe2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB4C8.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB080.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAP79BE.tmp2013-08-18 07:03 - 2013-08-18 07:03 - 00001841 _____ C:\Users\Gabe\Desktop\Process Hacker 2.lnk2013-08-18 07:03 - 2013-08-18 07:03 - 00000000 ____D C:\Program Files\Process Hacker 22013-08-17 23:04 - 2013-08-17 22:56 - 96836088 _____ C:\Users\Gabe\Downloads\10aug2004.avi2013-08-17 22:55 - 2013-08-17 22:55 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe2013-08-17 22:52 - 2013-08-17 22:52 - 00001007 _____ C:\Users\Gabe\Desktop\Audacity.lnk2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Audacity2013-08-17 22:52 - 2013-08-17 22:51 - 21281052 _____ (Audacity Team ) C:\Users\Gabe\Downloads\audacity-win-2.0.3.exe2013-08-17 22:50 - 2013-08-17 22:50 - 01856092 _____ (wj32 ) C:\Users\Gabe\Downloads\processhacker-2.31-setup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 01618718 _____ (UpsideOut, Inc. ) C:\Users\Gabe\Downloads\ProxifySetup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 00001199 _____ C:\Users\Public\Desktop\Proxify Tray Application.lnk2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files (x86)\Proxify Tray Application2013-08-17 19:37 - 2013-08-17 19:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2013-08-17 15:14 - 2013-08-17 15:13 - 68162708 _____ C:\Users\Gabe\Downloads\10aug2133.mp42013-08-17 15:13 - 2013-08-17 15:13 - 68174687 _____ C:\Users\Gabe\Downloads\10aug1921.mp42013-08-17 15:13 - 2013-08-17 15:12 - 52554458 _____ C:\Users\Gabe\Downloads\10aug2112.mp42013-08-17 15:09 - 2013-08-17 15:08 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20041.mp42013-08-17 15:08 - 2013-08-17 15:07 - 47703588 _____ C:\Users\Gabe\Downloads\10aug2006.mp42013-08-17 15:07 - 2013-08-17 15:06 - 68020484 _____ C:\Users\Gabe\Downloads\10aug2004.mp42013-08-17 14:15 - 2013-08-17 14:15 - 68020484 _____ C:\Users\Gabe\Downloads\22222.mp42013-08-17 14:14 - 2013-08-17 14:14 - 47703588 _____ C:\Users\Gabe\Downloads\10Augbedroom.mp42013-08-17 14:11 - 2013-08-17 14:11 - 68020484 _____ C:\Users\Gabe\Downloads\My New Clipjjj.mp42013-08-17 13:58 - 2013-08-17 13:57 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20101.mp42013-08-17 13:56 - 2013-08-17 13:56 - 35517108 _____ C:\Users\Gabe\Downloads\19aug7pm.mp42013-08-17 06:46 - 2013-08-17 06:46 - 08163216 _____ C:\Users\Gabe\Downloads\12AUG2149.mp42013-08-17 06:45 - 2013-08-17 06:45 - 07722827 _____ C:\Users\Gabe\Downloads\15AUG1717.mp42013-08-17 06:45 - 2013-08-17 06:44 - 144556875 _____ C:\Users\Gabe\Downloads\7AUG1133.mp42013-08-17 06:43 - 2013-08-17 06:43 - 10074467 _____ C:\Users\Gabe\Downloads\7AUG1852.mp42013-08-17 06:42 - 2013-08-17 06:42 - 07572170 _____ C:\Users\Gabe\Downloads\3AUG.mp42013-08-17 06:37 - 2013-08-17 06:36 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010(2).mp42013-08-17 06:36 - 2013-08-17 06:35 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010.mp42013-08-17 06:35 - 2013-08-17 06:35 - 06246836 _____ C:\Users\Gabe\Downloads\12AUG0615.mp42013-08-17 06:35 - 2013-08-17 06:33 - 57246322 _____ C:\Users\Gabe\Downloads\46.mp42013-08-17 06:34 - 2013-08-17 06:34 - 08811349 _____ C:\Users\Gabe\Downloads\10AUG1923.mp42013-08-17 05:45 - 2013-08-17 05:45 - 24192489 _____ C:\Users\Gabe\Downloads\45.mp42013-08-17 05:37 - 2013-08-17 05:37 - 08811349 _____ C:\Users\Gabe\Downloads\44.mp42013-08-17 03:38 - 2013-08-17 03:38 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-08-17 03:38 - 2013-08-17 03:38 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-08-17 03:38 - 2013-08-17 03:38 - 00000000 ____D C:\Program Files (x86)\Java2013-08-17 03:38 - 2013-08-03 04:46 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-08-17 03:38 - 2013-08-03 04:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-08-17 01:37 - 2013-08-17 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-15 17:26 - 2013-08-15 17:25 - 07722827 _____ C:\Users\Gabe\Downloads\3333.mp42013-08-15 10:49 - 2013-08-15 10:49 - 00567391 _____ C:\Users\Gabe\Documents\334.3gp2013-08-15 01:38 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF2013-08-14 23:02 - 2013-08-14 23:02 - 08163216 _____ C:\Users\Gabe\Downloads\My Ne.mp42013-08-13 10:30 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Epic (2013)2013-08-13 03:17 - 2013-08-13 03:16 - 144556875 _____ C:\Users\Gabe\Downloads\22.mp42013-08-13 01:45 - 2013-08-13 01:45 - 00001137 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk2013-08-13 01:44 - 2013-08-13 01:44 - 00442040 _____ (Yahoo! Inc.) C:\Users\Gabe\Downloads\msgr11us.exe2013-08-13 00:51 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL2013-08-13 00:47 - 2013-08-13 00:46 - 00000000 ____D C:\Users\Gabe\Downloads\Oblivion (2013) [1080p]2013-08-12 16:10 - 2013-08-12 16:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys2013-08-12 16:07 - 2013-09-10 08:03 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-12 13:26 - 2013-08-12 13:25 - 06246836 _____ C:\Users\Gabe\Downloads\My New Clip(2).mp42013-08-12 06:41 - 2013-08-12 06:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.WdfFiles to move or delete:====================C:\Users\Gabe\AppData\Local\Temp\0222411378878482mcinst.exeC:\Users\Gabe\AppData\Local\Temp\fp_pl_pfs_installer.exeC:\Users\Gabe\AppData\Local\Temp\GLFAF29.EXEC:\Users\Gabe\AppData\Local\Temp\GLFC820.EXEC:\Users\Gabe\AppData\Local\Temp\mpsetup.exeC:\Users\Gabe\AppData\Local\Temp\oi_{684560FE-6968-42F9-846C-5B6C16643EF9}.exeC:\Users\Gabe\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-09-09 03:00==================== End Of Log ============================ Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728286 Share Posted September 11, 2013 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013Ran by Gabe at 2013-09-10 23:46:03Running from C:\Users\Gabe\DesktopBoot Mode: Normal============================================================================== Installed Programs =======================Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)Adobe Reader XI (11.0.03) MUI (x32 Version: 11.0.03)AntiLogger (x32 Version: 1.9.3.502)AntiLogger (x32)Apple Application Support (x32 Version: 2.1.7)Audacity 2.0.3 (x32 Version: 2.0.3)ERUNT 1.1j (x32)ESET NOD32 Antivirus (Version: 6.0.316.0)ESET Online Scanner v3 (x32)Glary Utilities 3.9 (x32 Version: 3.9.0.137)Harmony Browser Plug-in (x32 Version: 2.0)Hotspot Shield 3.13 (x32 Version: 3.13)Intel® Management Engine Components (x32 Version: 8.1.0.1281)Intel® Processor Graphics (x32 Version: 9.17.10.2963)Intel® PROSet/Wireless NFC Software (Version: 1.1.1.002)Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)Intel® Trusted Connect Service Client (Version: 1.24.738.1)Java 7 Update 25 (x32 Version: 7.0.250)Java Auto Updater (x32 Version: 2.1.9.5)KeyCrypt SDK version 1.6.1.246 (x32 Version: 1.6.1.246)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft Office (x32 Version: 15.0.4454.1510)Microsoft Report Viewer Redistributable 2005 (x32 Version: 8.0.50727.42)Microsoft Report Viewer Redistributable 2005 (x32)Microsoft Silverlight (Version: 5.1.20125.0)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.756)Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)MSVCRT Redists (Version: 1.0)Networkx64 (Version: 1.0.0)NVIDIA Control Panel 311.46 (Version: 311.46)NVIDIA Graphics Driver 311.46 (Version: 311.46)NVIDIA Install Application (Version: 2.1002.109.706)NVIDIA Optimus 1.11.3 (Version: 1.11.3)NVIDIA PhysX (x32 Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Update Components (Version: 1.11.3)PlayMemories Home (x32 Version: 7.0.02.14060)Process Hacker 2.31 (r5355) (Version: 2.31.0.5355)Proxify Tray Application version 1.0.8.0 (x32 Version: 1.0.8.0)QuickTime (x32 Version: 7.72.80.56)Realtek Ethernet Controller Driver (x32 Version: 8.10.1226.2012)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6895)Realtek PCIE Card Reader (x32 Version: 6.2.9200.28135)Shared C Run-time for x64 (Version: 10.0.0)Synaptics Pointing Device Driver (Version: 16.4.0.1)The KMPlayer (remove only) (x32 Version: 3.6.0.87)VAIO Movie Creator (x32 Version: 4.1.01.15140)Who Is On My Wifi version 2.1.7 (x32 Version: 2.1.7)WinAce Archiver (x32 Version: 2.69)Winamp (x32 Version: 5.65 )Winamp Detector Plug-in (HKCU Version: 1.0.0.1)Winamp Essentials Pack (x32 Version: v5.64)Yahoo! Messenger (x32)Yahoo! Toolbar (x32)==================== Restore Points =========================23-08-2013 04:40:49 Removed VAIO First Logon Setup Tool04-09-2013 05:55:15 Scheduled Checkpoint08-09-2013 14:17:26 Removed VAIO Easy Connect.11-09-2013 03:45:44 Malwarebytes Anti-Rootkit Restore Point==================== Hosts content: ==========================2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 CriticalTask: {1512017D-D898-4D3A-AAD6-BA5ADA05B6BC} - System32\Tasks\VaioRegistrationDesktopTask => C:\Program Files\Sony\VAIO Registration\Sony.VAIO.Desktop.RegistrationTask.exe [2012-08-09] (Sony)Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandlerTask: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-03] (Microsoft Corporation)Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEventsTask: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenanceTask: {22A6F687-35EF-443E-B1BF-8EE7D9B943AF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstallTask: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group PolicyTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-19] (Microsoft Corporation)Task: {24DB440A-2AA6-4B5A-AAC9-080DFDE57700} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanupTask: {263BFA26-C253-4887-B4D5-EFED40F334D1} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-08-20] (Glarysoft Ltd)Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata RefreshTask: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-TasksTask: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge UpdateTask: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance ConfiguratorTask: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTaskTask: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystemTask: {3D5AAA45-F954-4E6A-984D-2181BED5C309} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3684579750-837988229-3943600733-1002Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-MaintenanceTask: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorageTask: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogonTask: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual MaintenanceTask: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot RequiredTask: {61B0D0DE-0EB4-4EDA-A894-A85CF2B01B12} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstallTask: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-19] (Microsoft Corporation)Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-UpdateTask: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular MaintenanceTask: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle MaintenanceTask: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync LicensesTask: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTimeTask: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnosticTask: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-19] (Microsoft Corporation)Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTaskTask: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTaskTask: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTaskTask: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScanTask: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecificTask: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity ScanTask: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data senderTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-25] (Microsoft Corporation)Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetworkTask: {D6A7F05B-63D4-4253-B241-5BDCCA176EC7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauservTask: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 CriticalTask: {DD092B2B-9EE8-4A98-A22C-F1880DB0DF95} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnectTask: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash RecoveryTask: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskTask: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-19] (Microsoft Corporation)Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_startedTask: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-25] (Microsoft Corporation)Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQMTask: {F517077F-AA0A-4CDA-B0D5-B992ADAA4F14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-13] (Synaptics Incorporated)Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe==================== Loaded Modules (whitelisted) =============2013-03-14 14:11 - 2013-03-13 21:33 - 01049840 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll2013-03-14 14:11 - 2013-03-13 21:38 - 00254704 _____ (Synaptics Incorporated) C:\Windows\SYSTEM32\SynTPAPI.dll2013-08-03 04:40 - 2013-05-02 19:45 - 01107440 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvumdshimx.dll2013-08-03 04:40 - 2013-05-02 19:43 - 00245872 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvinitx.dll2013-03-11 15:49 - 2013-03-08 00:04 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2013-08-03 04:36 - 2013-05-06 18:13 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll2013-08-03 04:36 - 2013-05-06 18:13 - 03693640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll2013-03-14 12:21 - 2013-03-13 20:33 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc2013-03-14 12:21 - 2013-03-13 20:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00108032 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00095744 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00111616 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00177152 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00073216 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll2013-08-18 07:03 - 2013-07-28 19:02 - 00095744 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00074240 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll2013-08-18 07:03 - 2013-07-28 22:00 - 00117248 _____ (dmex) C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll2013-08-18 07:03 - 2013-07-28 22:00 - 00092160 _____ (dmex) C:\Program Files\Process Hacker 2\plugins\Updater.dll2013-08-18 07:03 - 2013-07-28 22:00 - 00087552 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\UserNotes.dll2013-08-18 07:03 - 2013-07-20 22:24 - 00111104 _____ (wj32) C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00123776 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ToastNotify.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00254080 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00691288 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00355008 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00123752 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00119144 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01653320 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01010624 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00111416 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll2013-09-10 07:08 - 2012-06-27 07:18 - 00839680 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\System.Data.SQLite.dll2012-07-26 01:14 - 2013-06-27 15:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx2013-09-10 07:08 - 2009-05-04 14:22 - 00151040 _____ (http://sharppcap.sf.net) C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\SharpPcap.dll2013-08-17 01:37 - 2013-08-17 01:37 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) ============================== Faulty Device Manager Devices =============Name: Bluetooth Device (RFCOMM Protocol TDI)Description: Bluetooth Device (RFCOMM Protocol TDI)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RFCOMMProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: SPH-D710Description: SPH-D710Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: SAMSUNG Electronics Co. Ltd.Service: WUDFWpdMtpProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.==================== Event log errors: =========================Application errors:==================Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)Description: 1Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)Description: 0x7eThe specified module could not be found.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.Error: (09/10/2013 10:12:26 PM) (Source: EventSystem) (User: )Description: 800706e5EventSystem.EventSubscription{D2D9D1BD-A036-4BCF-8DA7-ED916C08B2F6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ExplorerError: (09/10/2013 09:23:31 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Error: (09/10/2013 09:23:29 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Error: (09/10/2013 09:23:24 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Error: (09/10/2013 09:23:24 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.Error: (09/10/2013 09:23:01 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.System errors:=============Error: (09/10/2013 10:47:26 PM) (Source: Service Control Manager) (User: )Description: The Process creation detector. service failed to start due to the following error:%%1275Error: (09/10/2013 10:47:26 PM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\Glary Utilities 3\ProcObsrv.sysError: (09/10/2013 10:45:48 PM) (Source: Service Control Manager) (User: )Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (09/10/2013 10:23:01 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRA~2\MCAFEE\SITEAD~1\SAUI.EXEError: (09/10/2013 10:23:01 PM) (Source: mbamchameleon) (User: )Description: \??\c:\PROGRA~2\mcafee\SITEAD~1\saui.exeError: (09/10/2013 10:19:11 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRAM FILES\COMMON FILES\MCAFEE\CORE\MCHOST.EXEError: (09/10/2013 10:19:11 PM) (Source: mbamchameleon) (User: )Description: \??\C:\Program Files\Common Files\McAfee\Core\mchost.exeError: (09/10/2013 10:17:24 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRAM FILES\COMMON FILES\MCAFEE\CORE\MCHOST.EXEError: (09/10/2013 10:17:24 PM) (Source: mbamchameleon) (User: )Description: \??\C:\Program Files\Common Files\McAfee\Core\mchost.exeError: (09/10/2013 10:17:24 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRAM FILES\COMMON FILES\MCAFEE\CORE\MCHOST.EXEMicrosoft Office Sessions:=========================Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)Description: 1Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)Description: 0x7eThe specified module could not be found.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/10/2013 10:12:26 PM) (Source: EventSystem)(User: )Description: 800706e5EventSystem.EventSubscription{D2D9D1BD-A036-4BCF-8DA7-ED916C08B2F6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ExplorerError: (09/10/2013 09:23:31 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeError: (09/10/2013 09:23:29 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeError: (09/10/2013 09:23:24 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeError: (09/10/2013 09:23:24 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeError: (09/10/2013 09:23:01 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeCodeIntegrity Errors:=================================== Date: 2013-09-10 22:47:26.632 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-10 19:36:25.786 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-08 16:29:56.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-08 07:16:03.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-22 21:38:41.484 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 19%Total physical RAM: 12166.8 MBAvailable physical RAM: 9831.09 MBTotal Pagefile: 13062.8 MBAvailable Pagefile: 10549.39 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB==================== Drives ================================Drive c: () (Fixed) (Total:899.57 GB) (Free:476.77 GB) NTFSDrive d: (OFFICE14) (CDROM) (Total:2.35 GB) (Free:0 GB) UDFDrive f: (Gardner's External HDD II) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 6AD751D9)Partition: GPT Partition Type========================================================Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 1CE7A4E9)Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728288 Share Posted September 11, 2013 Please uninstall ALL versions of Java. Which antivirus do you want to run? The logs show you're running both McAfee and ESET NOD32 - you can only have one antivirus installed..Please choose one and fully remove the other one. If you want to remove the McAfee then please uninstall from the Control Panel, Add/Remove and reboot, then run the following tool to remove left over elements of McAfee McAfee MCPR.exe Once you've fully removed one of the antivirus programs please run a new FRST scan - delete the current logs and post back the new ones. Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728300 Share Posted September 11, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013Ran by Gabe (administrator) on SYSADMIN on 11-09-2013 02:02:58Running from C:\Users\Gabe\DesktopWindows 8 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Broadcom Corporation.) C:\Windows\system32\BtwRSupportService.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Integrator.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe() C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\mywifi.exe(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-05-06] (Realtek Semiconductor)HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)HKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)MountPoints2: {03119575-fc2b-11e2-be6a-806e6f6e6963} - "D:\SETUP.EXE"HKLM-x32\...\Run: [AntiLogger] - C:\Program Files (x86)\AntiLogger\AntiLogger.exe [17780136 2013-09-09] (Zemana Ltd.)BootExecute: autocheck autochk * BootDefrag.exe==================== Internet (Whitelisted) ====================ProxyServer: 127.0.0.1:48627HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {4372E590-7695-4EC2-97A9-962BD3B31DC6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJSTcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11FireFox:========FF ProfilePath: C:\Users\Gabe\AppData\Roaming\Mozilla\Firefox\Profiles\jeur3bn4.defaultFF Keyword.URL: user_pref("keyword.URL", "");FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.comFF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla ThunderbirdFF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird==================== Services (Whitelisted) =================R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-15] (Broadcom Corporation.)R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-25] (Microsoft Corporation)R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)S2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [x]==================== Drivers (Whitelisted) ====================R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-10] (Zemana Ltd.)R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-10] (Zemana Ltd.)R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-15] (Broadcom Corporation.)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-05-31] (Microsoft Corporation)R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-08-03] (Microsoft Corporation)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46792 2013-08-12] (AnchorFree Inc.)R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-22] (Zemana Ltd.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-13] (Synaptics Incorporated)R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-08-12] (Anchorfree Inc.)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]S3 btwaudio; \SystemRoot\system32\drivers\btwaudio.sys [x]S3 btwavdt; \SystemRoot\System32\drivers\btwavdt.sys [x]S3 btwl2cap; \SystemRoot\system32\DRIVERS\btwl2cap.sys [x]S3 btwrchid; \SystemRoot\System32\drivers\btwrchid.sys [x]========================== Drivers MD5 =======================C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DBC:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9CC:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130CC:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80FC:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75C:\Windows\system32\drivers\afd.sys 36D6A3201721558A8AFBCC09C2DA4C2CC:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7C:\Windows\system32\drivers\AntiLog64.sys A91B046C4994E50FF068D96B988636C0C:\Windows\system32\drivers\AntiLog64.sys A91B046C4994E50FF068D96B988636C0C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644C:\Windows\system32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6AC:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9C:\Windows\system32\DRIVERS\athrx.sys DECE3E2832F125A41A02FB59F4C54EEAC:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDDC:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606C:\Windows\system32\drivers\bcbtums.sys 455EB0128FD08E07EACE0C6F754A3AADC:\Windows\system32\DRIVERS\bcmwl63a.sys 68B456A065A973B9066DBA5430010A0DC:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840EC:\Windows\system32\drivers\BthA2DP.sys D4FA5A33E345CFB6D635579A8EE02399C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59C:\Windows\System32\drivers\BthEnum.sys A8B20D852B07AE19A13B5D47EC4E4C3BC:\Windows\system32\DRIVERS\BthHfAud.sys E695E706C9E11DD5201605F1F6B4505CC:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1C:\Windows\system32\DRIVERS\BthLEEnum.sys 42201C346F0B8C458E1E9CDE04D68A2CC:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97C:\Windows\system32\DRIVERS\bthpan.sys 091BB978E9504D0AD14586929431A957C:\Windows\System32\Drivers\BTHport.sys 13795CAA34239D97A7211E7F9D96E012C:\Windows\System32\Drivers\BTHUSB.sys 1F715957F5236D30B6020A19A4271F6AC:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EEC:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2EC:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313C:\Windows\System32\Drivers\cng.sys E708BFF0473EC6B271EA46B65B16CA56C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22DC:\Windows\System32\drivers\dam.sys C4D01BD86D6B207275FC143EEA951D75C:\Windows\System32\drivers\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BFC:\Windows\System32\Drivers\dfsc.sys 09D9EB9E7898F8E6561473A20CC808B9C:\Windows\system32\DRIVERS\ssudbus.sys E428DFFA96FAD07D8CA3C9082563A225C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0C:\Windows\System32\drivers\disk.sys 560495FF4CA22E1D9B1972FA18F43B6FC:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567AC:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FFC:\Windows\System32\drivers\dxgkrnl.sys 6D1B8A9A2C0BD4851D8AF1AB43E67AD9C:\Windows\system32\DRIVERS\e1y60x64.sys CFE0E3D5EFBF0649E5900CBFCC2B95F7C:\Windows\System32\DRIVERS\eamonm.sys 398904F1FBF13CEF0FCB822E9CA5F2D5C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4C:\Windows\system32\DRIVERS\ehdrv.sys 9E39134330C18CBAC0F24C1283701D7EC:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2C:\Windows\system32\DRIVERS\epfwwfpr.sys B4E8DC817963B256537B1EC09AF0647EC:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6BC:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1DC:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467DC:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8C:\Windows\System32\DRIVERS\fvevol.sys FA228F4BB10DC7ED7E7D131C034E2331C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28DC:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410EC:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84FC:\Windows\System32\drivers\HDAudBus.sys 7D87B5B6C7188D553E11B59DC7F0B111C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082CC:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06C:\Windows\System32\drivers\hidusb.sys 9E11EE0F2E117B2D5A835B2B91752827C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CFC:\Windows\system32\DRIVERS\hssdrv6.sys 83D5717F961F26B1C221AD8A0FE9C8A0C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603CC:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352CC:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3C:\Windows\System32\drivers\iaStorA.sys 6C91E425ACE29594BD574DE38AC9B76DC:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62C:\Windows\system32\DRIVERS\igdkmd64.sys 0245CD3AE14CACF6E2503C42019431D7C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320C:\Windows\system32\drivers\RTKVHD64.sys 5A51EF46FE265B15203277AD517DE6EAC:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBFC:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0DC:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9C:\Windows\System32\drivers\IPMIDrv.sys 6E98A046A12AA113F8898AA5D612BD6EC:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77CC:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2C:\Windows\System32\drivers\msiscsi.sys 69C8BF0BC2B0EA10F130F4D3104DC2EFC:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87C:\Windows\System32\DRIVERS\KeyCrypt64.sys AF9A30CC359ED62C5BAC4653650451E2C:\Windows\System32\Drivers\ksecdd.sys DFA480F6DED551464F3A5B959F437800C:\Windows\System32\Drivers\ksecpkg.sys 127FB0AAD232BAAD2C9BBACD374F4FC5C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DCC:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34FC:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5ECC:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99FC:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3CC:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0C:\Windows\System32\drivers\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7BC:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48BC:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485EC:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBBC:\Windows\System32\drivers\mountmgr.sys 89D263DBF08119CE16273991C120D6DDC:\Windows\System32\drivers\mpsdrv.sys 0D1609DD82C7440F5D5BF21A9D4D5C0CC:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BCC:\Windows\System32\DRIVERS\mrxsmb.sys 93179D48066918323628CB016D8C94DCC:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3C:\Windows\System32\DRIVERS\mrxsmb20.sys 5C7DD2E5759FFCCD2C7341C1B90F2B26C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05EC:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997CC:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CDC:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1EC:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0AC:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4AC:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0C:\Windows\System32\Drivers\Ntfs.sys 76929F4A69E425911A63B407E26C2589C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398DC:\Windows\system32\DRIVERS\nvlddmkm.sys 27149DEFA430363C3068E5FFDD516E5BC:\Windows\System32\DRIVERS\nvpciflt.sys 6DA2BD7DDC6E8968ED5E416F435229B0C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBFC:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADDC:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6DC:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DFC:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078EC:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5FC:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CAC:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAEC:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DAC:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4C:\Windows\System32\drivers\rfcomm.sys CCBFCABDFE2BC22F0645CEAADDB36004C:\Windows\system32\DRIVERS\RtsPStor.sys D5E76FA33A4109490228F4015564133EC:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBFC:\Windows\system32\DRIVERS\Rt630x64.sys D2768897FCEA8EEFAD3D69BAC9DC4180C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965AC:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9EC:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130CC:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5ADC:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAABC:\Windows\System32\drivers\SFEP.sys 415B1326C40A2E1F251A3845B9C7DF31C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0DC:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 817B64BE830C64FEA9A5FDE2251F8F8BC:\Windows\System32\drivers\spaceport.sys FD3AF5575B99871BADB94E7699DBCE08C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6C:\Windows\System32\DRIVERS\srv2.sys 56218A571ECF8D55E0CDFF8DF2546CF1C:\Windows\System32\DRIVERS\srvnet.sys 14FC338B80CFF7E04215133B568D15C4C:\Windows\system32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9CC:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9C:\Windows\system32\DRIVERS\SynTP.sys AD6575A2637FF1B3C094791D1CFEC0F5C:\Windows\system32\DRIVERS\taphss6.sys 38129B6370998F361BB20E4564B00586C:\Windows\System32\drivers\tcpip.sys 1794C43A000A47D92B3304FC1E3E512AC:\Windows\system32\DRIVERS\tcpip.sys 1794C43A000A47D92B3304FC1E3E512AC:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989C:\Windows\system32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4C:\Windows\system32\drivers\tpm.sys 6F0BFF80EE2A5BC841286A51F893CBADC:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1AC:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026C:\Windows\System32\drivers\ucx01000.sys 4834158B8D06A153FADAB6B85320FBBEC:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7AC:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09C:\Windows\System32\drivers\usbccgp.sys 2AF9F0E16D75B8F783A1ACE74EF51C9BC:\Windows\System32\drivers\usbcir.sys B395B62B62F28106218FA6FB17F4C797C:\Windows\System32\drivers\usbehci.sys 52F267AEE8CA5AA5CEB88C6A71EE1E86C:\Windows\System32\drivers\usbhub.sys ADBF89B8E0BB372FEFE2E4B84E1E20AEC:\Windows\System32\drivers\UsbHub3.sys EA040D4C6C94F315A85F3D0EAA884B37C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422ABC:\Windows\System32\drivers\usbprint.sys BA3ABE0CD1C14B3295BAD0F076B84CACC:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4BC:\Windows\System32\drivers\usbuhci.sys D25EF4A6EC244C5DE85D88A05B7C149DC:\Windows\System32\Drivers\usbvideo.sys 09799E701B4327097E9F63D3FE221083C:\Windows\System32\drivers\USBXHCI.SYS 1ADCF0A490C2845637B334626669CD6FC:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BEC:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1DC:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102DC:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700DC:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCCC:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318FC:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CBC:\Windows\system32\drivers\WdBoot.sys FD47DF026B32969B8A68721A0243E8EEC:\Windows\System32\drivers\wdcsam64.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys 2ADC985B85A71BD7D99712EC0C24358BC:\Windows\system32\drivers\WdFilter.sys 5F425D842DD6ADE9F95A51A0616AFAD7C:\Windows\System32\DRIVERS\wfplwfs.sys 3F1F31883EAC9DDDF836ACC6D1DAC36CC:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60C:\Windows\system32\DRIVERS\WinUsb.sys BB20956C424531003F7FA6CD36F11D5DC:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81C:\Windows\System32\drivers\WSDPrint.sys 74EFDA0526862C3D8D01A776182798EAC:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-10 23:46 - 2013-09-10 23:46 - 00030839 _____ C:\Users\Gabe\Desktop\Addition.txt2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\FRST2013-09-10 23:44 - 2013-09-10 23:45 - 01949408 _____ (Farbar) C:\Users\Gabe\Desktop\FRST64.exe2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Program Files\ESET2013-09-10 22:41 - 2013-09-10 22:41 - 01415824 _____ (ESET) C:\Users\Gabe\Desktop\eset_nod32_antivirus_live_installer.exe2013-09-10 21:23 - 2013-09-10 21:23 - 02347384 _____ (ESET) C:\Users\Gabe\Desktop\esetsmartinstaller_enu.exe2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-10 21:05 - 2013-09-10 21:16 - 00000000 ____D C:\AdwCleaner2013-09-10 21:04 - 2013-09-10 21:04 - 01037278 _____ C:\Users\Gabe\Desktop\AdwCleaner.exe2013-09-10 21:01 - 2013-09-10 21:01 - 00002162 _____ C:\Users\Gabe\Desktop\JRT.txt2013-09-10 20:51 - 2013-09-10 20:51 - 00000000 ____D C:\Windows\ERUNT2013-09-10 20:50 - 2013-09-10 20:50 - 01029490 _____ (Thisisu) C:\Users\Gabe\Desktop\JRT.exe2013-09-10 20:20 - 2013-09-10 22:39 - 00000000 ____D C:\Users\Gabe\Desktop\mbar2013-09-10 20:20 - 2013-09-10 20:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Gabe\Desktop\mbar-1.07.0.1005.exe2013-09-10 20:17 - 2013-09-10 20:17 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64(1).exe2013-09-10 20:12 - 2013-09-10 20:12 - 00001771 _____ C:\Users\Gabe\Desktop\RKreport[0]_S_09102013_201228.txt2013-09-10 20:09 - 2013-09-10 20:59 - 00000000 ____D C:\Users\Gabe\Desktop\RK_Quarantine2013-09-10 20:07 - 2013-09-10 20:07 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64.exe2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Tiffany\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Gabe\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Tiffany\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Gabe\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000000 ____D C:\Windows\ERDNT2013-09-10 20:06 - 2013-09-10 20:07 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-10 20:06 - 2013-09-10 20:06 - 00791393 _____ (Lars Hederer ) C:\Users\Gabe\Desktop\erunt-setup.exe2013-09-10 20:05 - 2013-09-10 20:46 - 00002424 _____ C:\Users\Gabe\Desktop\Rkill.txt2013-09-10 20:05 - 2013-09-10 20:05 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Gabe\Desktop\rkill.exe2013-09-10 20:05 - 2013-09-10 20:05 - 00000000 ____D C:\Users\Gabe\Desktop\rkill2013-09-10 19:40 - 2013-09-10 19:40 - 00024917 _____ C:\Users\Gabe\Desktop\DDS 10 Sep 13.txt2013-09-10 19:35 - 2013-09-10 19:38 - 00024917 _____ C:\Users\Gabe\Desktop\dds.txt2013-09-10 19:35 - 2013-09-10 19:38 - 00012515 _____ C:\Users\Gabe\Desktop\attach.txt2013-09-10 19:34 - 2013-09-10 19:34 - 00688992 ____R (Swearware) C:\Users\Gabe\Desktop\dds.scr2013-09-10 09:11 - 2013-09-10 09:11 - 05312512 _____ C:\Users\Gabe\Documents\proof.evtx2013-09-10 09:11 - 2013-09-10 09:11 - 00000000 ____D C:\Users\Gabe\Documents\LocaleMetaData2013-09-10 08:29 - 2013-09-10 08:29 - 00312280 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-10 08:24 - 2013-09-10 08:24 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2013-09-10 08:24 - 2013-09-10 08:24 - 00000913 _____ C:\Users\Public\Desktop\AntiLogger.lnk2013-09-10 08:24 - 2013-09-10 08:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger2013-09-10 08:23 - 2013-09-10 08:24 - 00000000 ____D C:\Users\Gabe\AppData\Local\Zemana2013-09-10 08:23 - 2013-09-10 08:23 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst2013-09-10 08:23 - 2013-07-22 18:23 - 00025056 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys2013-09-10 08:23 - 2013-07-22 18:22 - 06525952 _____ (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll2013-09-10 08:21 - 2013-09-10 08:22 - 21264112 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\Zemana_AntiLogger_1.9.3.502.exe2013-09-10 08:20 - 2013-09-10 08:29 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-09-10 08:20 - 2013-09-10 08:20 - 00000000 ____D C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 08:19 - 2013-09-10 08:19 - 04322816 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe2013-09-10 08:04 - 2013-09-10 08:04 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-09-10 08:03 - 2013-09-10 20:53 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield2013-09-10 08:03 - 2013-09-10 08:03 - 00583584 _____ C:\Users\Gabe\Downloads\hotspotshield-setup.exe2013-09-10 08:03 - 2013-09-10 08:03 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini2013-09-10 08:03 - 2013-08-12 16:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-09-10 07:08 - 2013-09-10 07:08 - 00002107 _____ C:\Users\Public\Desktop\Who Is On My Wifi.lnk2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Program Files (x86)\IO3O LLC2013-09-08 16:28 - 2013-09-08 16:32 - 767623168 ____R C:\Users\Gabe\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso2013-09-08 16:04 - 2013-09-08 16:04 - 00000000 ____H C:\Users\Gabe\Documents\Default.rdp2013-09-08 09:41 - 2013-09-08 09:41 - 16243768 _____ C:\Users\Gabe\Downloads\Glary_Utilities_v3.9.1.exe2013-09-08 08:24 - 2013-07-25 22:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2013-09-08 08:24 - 2013-07-25 22:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2013-09-08 08:23 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-09-08 08:23 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-09-08 08:23 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-09-08 08:23 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-09-08 08:23 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-09-08 08:23 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-09-08 08:23 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-09-08 08:23 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-09-08 08:23 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-09-08 08:23 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-09-08 08:23 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-09-08 08:23 - 2013-07-25 20:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2013-09-08 08:23 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-09-08 08:23 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-09-08 08:23 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-09-08 08:23 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-09-08 08:23 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-09-08 08:23 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-09-08 08:23 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-09-08 08:23 - 2013-07-25 17:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2013-09-08 08:23 - 2013-07-12 23:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-09-08 08:23 - 2013-07-12 23:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-09-08 08:23 - 2013-07-12 23:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-09-08 08:23 - 2013-07-12 23:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll2013-09-08 08:23 - 2013-07-12 23:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll2013-09-08 08:23 - 2013-07-12 21:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-09-08 08:23 - 2013-07-12 21:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-09-08 08:23 - 2013-07-12 21:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll2013-09-08 08:23 - 2013-07-12 21:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll2013-09-08 08:23 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys2013-09-08 08:23 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe2013-09-08 08:23 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe2013-09-08 08:23 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll2013-09-08 08:23 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll2013-09-08 08:23 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll2013-09-08 08:23 - 2013-07-05 17:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2013-09-08 08:23 - 2013-07-02 17:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2013-09-08 08:23 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll2013-09-08 08:23 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2013-09-08 08:23 - 2013-07-02 17:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2013-09-08 08:23 - 2013-07-02 17:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2013-09-08 08:23 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll2013-09-08 08:23 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2013-09-08 08:23 - 2013-07-02 16:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-09-08 08:23 - 2013-07-01 17:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2013-09-08 08:23 - 2013-07-01 15:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml2013-09-08 08:23 - 2013-07-01 15:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2013-09-08 08:23 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe2013-09-08 08:23 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe2013-09-08 08:23 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys2013-09-08 08:23 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys2013-09-08 08:23 - 2013-06-28 22:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys2013-09-08 08:23 - 2013-06-28 18:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2013-09-08 08:23 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys2013-09-08 08:23 - 2013-06-25 19:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys2013-09-08 08:23 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll2013-09-08 08:23 - 2013-06-24 15:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll2013-09-08 08:23 - 2013-06-24 15:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll2013-09-08 08:23 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll2013-09-08 08:23 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll2013-09-08 08:23 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll2013-09-08 08:23 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll2013-09-08 08:23 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll2013-09-08 08:23 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll2013-09-08 08:23 - 2013-06-10 14:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys2013-09-08 08:23 - 2013-06-10 12:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll2013-09-08 08:23 - 2013-06-10 12:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2013-09-08 08:23 - 2013-06-10 12:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL2013-09-08 08:23 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2013-09-08 08:23 - 2013-06-10 12:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll2013-09-08 08:23 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL2013-09-08 08:23 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS2013-09-08 08:22 - 2013-07-08 23:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-09-08 08:22 - 2013-05-23 16:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-09-08 08:22 - 2013-05-23 15:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-09-08 07:58 - 2013-09-11 01:04 - 00008044 _____ C:\Windows\PFRO.log2013-09-08 03:25 - 2013-09-08 03:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02013-09-07 09:18 - 2013-09-07 09:18 - 01448299 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130820164851.3gp2013-09-07 09:15 - 2013-09-07 09:15 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130821123433.3gp2013-09-07 09:14 - 2013-09-07 09:15 - 00475112 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822103012.3gp2013-09-07 09:12 - 2013-09-07 09:12 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822123215.3gp2013-09-07 08:43 - 2013-09-07 08:43 - 00356352 _____ C:\Users\Gabe\Downloads\log.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00064000 _____ C:\Users\Gabe\Downloads\contact.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00040448 _____ C:\Users\Gabe\Downloads\logcall.xls2013-09-04 14:58 - 2013-09-04 14:58 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe2013-09-04 14:39 - 2013-09-04 14:49 - 00000000 ____D C:\Program Files (x86)\JGS-Scan2013-09-04 14:39 - 2013-09-04 14:38 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe2013-09-04 14:38 - 2013-09-04 14:38 - 04907960 _____ () C:\Users\Gabe\Downloads\JGS-Scan3.exe2013-09-04 14:37 - 2013-09-04 14:37 - 00584600 _____ C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe2013-09-03 19:07 - 2013-09-03 19:08 - 00000000 ____D C:\Program Files\stinger2013-09-03 19:07 - 2013-09-03 19:07 - 00000000 ____D C:\Stinger_Quarantine2013-09-03 19:06 - 2013-09-03 19:06 - 04900592 _____ (McAfee, Inc.) C:\Users\Gabe\Downloads\McAfeeSetup-Serial.exe2013-09-03 18:57 - 2013-09-03 18:57 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-26 06:13 - 2013-08-26 06:15 - 116778590 _____ C:\Users\Gabe\Downloads\GET A LIFE 1627.mp42013-08-26 06:10 - 2013-08-26 06:11 - 78900943 _____ C:\Users\Gabe\Downloads\SACKCHASING COUGAR.mp42013-08-26 06:09 - 2013-08-26 06:10 - 89449556 _____ C:\Users\Gabe\Downloads\PL1300.mp42013-08-26 06:09 - 2013-08-26 06:10 - 60828557 _____ C:\Users\Gabe\Downloads\WORTHLESS LOSER.mp42013-08-26 06:09 - 2013-08-26 06:09 - 76704889 _____ C:\Users\Gabe\Downloads\LIVING WITH PARENTS AT 40.mp42013-08-26 06:03 - 2013-08-26 06:04 - 53457437 _____ C:\Users\Gabe\Downloads\FD1902.mp42013-08-26 06:03 - 2013-08-26 06:04 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750WW.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FFFF.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD175022.mp42013-08-26 06:02 - 2013-08-26 06:03 - 20270529 _____ C:\Users\Gabe\Downloads\FD2000-FINISH.mp42013-08-26 05:58 - 2013-08-26 05:58 - 44342458 _____ C:\Users\Gabe\Downloads\11.mp42013-08-26 05:58 - 2013-08-26 05:58 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750.mp42013-08-26 05:58 - 2013-08-26 05:58 - 34018519 _____ C:\Users\Gabe\Downloads\FD1705.mp42013-08-26 05:57 - 2013-08-26 05:58 - 40459964 _____ C:\Users\Gabe\Downloads\1.mp42013-08-26 05:52 - 2013-08-26 05:53 - 40459964 _____ C:\Users\Gabe\Downloads\FD21AUG1530.mp42013-08-26 05:52 - 2013-08-26 05:52 - 39933685 _____ C:\Users\Gabe\Downloads\FD21AUG1430.mp42013-08-26 05:51 - 2013-08-26 05:52 - 54647286 _____ C:\Users\Gabe\Downloads\My New Clip33.mp42013-08-26 05:49 - 2013-08-26 05:49 - 39940067 _____ C:\Users\Gabe\Downloads\FD21AUG1310.mp42013-08-26 05:48 - 2013-08-26 05:49 - 39142968 _____ C:\Users\Gabe\Downloads\FrontDoor21Aug1215.mp42013-08-26 05:31 - 2013-08-26 05:32 - 54647286 _____ C:\Users\Gabe\Downloads\Front Door 21August.mp42013-08-26 05:30 - 2013-08-26 05:31 - 58247011 _____ C:\Users\Gabe\Downloads\BR13AUG1510.mp42013-08-26 05:30 - 2013-08-26 05:30 - 40918583 _____ C:\Users\Gabe\Downloads\BR13AUG1415.mp42013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apple Computer2013-08-25 13:39 - 2013-08-26 05:15 - 00000000 ____D C:\Users\Gabe\Documents\NACI_data2013-08-25 13:39 - 2013-08-25 22:21 - 00072588 _____ C:\Users\Gabe\Documents\NACI.aup2013-08-25 13:16 - 2013-08-25 13:18 - 236588638 _____ C:\Users\Gabe\Documents\NACI.wav2013-08-25 11:10 - 2013-08-25 11:10 - 00000000 ____D C:\Users\Gabe\Downloads\MP_ROOT2013-08-23 12:34 - 2013-08-23 12:34 - 00461312 _____ C:\Users\Gabe\Downloads\1.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00461312 _____ C:\Users\Gabe\Downloads\213991775063143SMS.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00047616 _____ C:\Users\Gabe\Downloads\213991775063143CALL.xls2013-08-23 11:49 - 2013-08-23 12:30 - 00191488 _____ C:\Users\Gabe\Downloads\213991775063143LOCATION.xls2013-08-22 22:12 - 2013-08-22 22:12 - 00685123 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130819081157-6029782496.3gp2013-08-22 22:12 - 2013-08-22 22:12 - 00087795 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130814211449-6025732886.3gp2013-08-22 09:21 - 2013-08-22 09:22 - 00000000 ____D C:\Users\Gabe\Documents\Cinematic_Music_Group-Big_K.R.I.T-King_Remembered_In_Time2013-08-22 09:08 - 2013-08-22 09:08 - 00000000 ____D C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 07:55 - 2013-08-24 05:36 - 00000075 _____ C:\DiskDefrag.log2013-08-22 07:55 - 2013-08-22 07:55 - 00002622 _____ C:\Windows\System32\Tasks\GlaryInitialize 32013-08-22 07:55 - 2013-08-22 07:55 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk2013-08-22 07:55 - 2013-08-20 02:21 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2013-08-22 07:54 - 2013-09-11 01:51 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 3.job2013-08-22 07:54 - 2013-09-11 01:50 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 32013-08-22 07:54 - 2013-08-22 07:54 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 07:47 - 2013-08-22 07:47 - 16136496 _____ C:\Users\Gabe\Downloads\gu3setup.exe2013-08-22 06:52 - 2013-08-22 08:44 - 00000000 ____D C:\Program Files (x86)\WinAce2013-08-22 06:52 - 2013-08-22 06:52 - 04042444 _____ (e-merge GmbH) C:\Users\Gabe\Downloads\wace269i.exe2013-08-22 06:52 - 2013-08-22 06:52 - 00000951 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk2013-08-22 06:49 - 2013-08-22 06:49 - 00862521 _____ C:\Users\Gabe\Downloads\videosnarf-0.63.tar.gz2013-08-22 04:44 - 2013-08-22 04:44 - 00582605 _____ C:\Users\Gabe\Downloads\Winamp_Essentials_6_7_8_9_10_11_12_13_14.exe2013-08-21 01:47 - 2013-08-21 01:47 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Apple Computer2013-08-20 15:10 - 2013-08-24 12:52 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-20 15:09 - 2013-08-24 12:52 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-20 15:09 - 2013-08-20 15:09 - 00502848 _____ (NCH Software) C:\Users\Gabe\Downloads\switchsetup.exe2013-08-20 15:04 - 2013-08-20 15:11 - 00000000 ____D C:\Users\Gabe\Documents\Audio from Tim Mcgraw Burglary2013-08-20 14:53 - 2013-08-20 14:56 - 470418208 _____ C:\Users\Gabe\Downloads\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.exe2013-08-20 14:45 - 2013-08-20 14:45 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe2013-08-20 14:18 - 2013-08-20 14:18 - 00979928 _____ (CyberLink) C:\Users\Gabe\Downloads\CyberLink_PowerDirector_Downloader.exe2013-08-20 13:22 - 2013-08-25 13:11 - 00000000 ____D C:\Users\Public\CyberLink2013-08-20 13:22 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Gabe\Documents\CyberLink2013-08-20 13:20 - 2013-08-20 13:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\CyberLink2013-08-20 13:14 - 2013-08-22 08:44 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-08-20 13:14 - 2013-08-20 13:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-08-20 12:40 - 2013-08-23 02:06 - 00000000 ____D C:\Users\Gabe\Downloads\CyberLink Power Director 11 Ultra DeLtA Sn1p3r2013-08-20 12:35 - 2013-08-20 12:37 - 00838896 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp4.sfk2013-08-20 12:32 - 2013-08-20 12:37 - 00886196 _____ C:\Users\Gabe\Downloads\10aug1921.mp4.sfk2013-08-20 12:20 - 2013-08-26 05:30 - 63503421 _____ C:\Users\Gabe\Downloads\BR13AUG1330.mp42013-08-20 12:17 - 2013-08-20 12:18 - 52289079 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 1 of 2).mp42013-08-20 12:17 - 2013-08-20 12:18 - 31723429 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 2 of 2).mp42013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys2013-08-20 02:05 - 2013-08-20 02:08 - 43723137 _____ C:\Users\Gabe\Downloads\LR13AUG0515.mp42013-08-20 01:58 - 2013-08-20 02:05 - 44618151 _____ C:\Users\Gabe\Downloads\LR13AUG0420.mp42013-08-20 01:56 - 2013-08-20 02:05 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0325.mp42013-08-20 01:52 - 2013-08-20 02:02 - 75121062 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp42013-08-20 01:51 - 2013-08-20 01:58 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0235.mp42013-08-20 01:42 - 2013-08-20 01:49 - 90665926 _____ C:\Users\Gabe\Downloads\LR13AUG0146.mp42013-08-20 01:35 - 2013-08-20 01:37 - 28597549 _____ C:\Users\Gabe\Downloads\BR13AUG0132 (Part 1 of 2).mp42013-08-20 01:35 - 2013-08-20 01:35 - 00000000 _____ C:\Users\Gabe\Downloads\BR13AUG1332 (Part 2 of 2).mp42013-08-19 17:40 - 2013-08-20 07:11 - 00000032 _____ C:\Users\Gabe\AppData\Roaming\mbam.context.scan2013-08-19 13:50 - 2013-08-19 13:50 - 00685123 _____ C:\Users\Gabe\Downloads\CC.3gp2013-08-19 13:49 - 2013-08-19 13:49 - 00650639 _____ C:\Users\Gabe\Downloads\DAD.3gp2013-08-19 13:47 - 2013-08-19 13:47 - 01457652 _____ (Repair Video, Inc. ) C:\Users\Gabe\Desktop\asf_avi_rm_wmv_repair.exe2013-08-18 23:44 - 2013-08-18 23:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-18 23:44 - 2013-08-18 23:44 - 00000291 _____ C:\AdwCleaner[s2].txt2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 23:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2013-08-18 23:43 - 2013-08-18 23:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabe\Downloads\mbam-setup-1.75.0.1300.exe2013-08-18 10:45 - 2013-08-18 10:46 - 52273262 _____ C:\Users\Gabe\Downloads\10aug2155.mp42013-08-18 10:45 - 2013-08-18 10:45 - 05730942 _____ C:\Users\Gabe\Downloads\item.mp42013-08-18 07:11 - 2013-08-18 07:11 - 00002006 _____ C:\AdwCleaner[s1].txt2013-08-18 07:09 - 2013-08-18 07:09 - 00891115 _____ C:\Users\Gabe\Downloads\SecurityCheck.exe2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB4C8.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB080.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAP79BE.tmp2013-08-18 07:05 - 2013-08-20 07:46 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-18 07:03 - 2013-08-18 07:03 - 00001841 _____ C:\Users\Gabe\Desktop\Process Hacker 2.lnk2013-08-18 07:03 - 2013-08-18 07:03 - 00000000 ____D C:\Program Files\Process Hacker 22013-08-17 22:56 - 2013-08-17 23:04 - 96836088 _____ C:\Users\Gabe\Downloads\10aug2004.avi2013-08-17 22:55 - 2013-08-17 22:55 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe2013-08-17 22:52 - 2013-08-26 08:14 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Audacity2013-08-17 22:52 - 2013-08-17 22:52 - 00001007 _____ C:\Users\Gabe\Desktop\Audacity.lnk2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Audacity2013-08-17 22:51 - 2013-08-17 22:52 - 21281052 _____ (Audacity Team ) C:\Users\Gabe\Downloads\audacity-win-2.0.3.exe2013-08-17 22:50 - 2013-08-17 22:50 - 01856092 _____ (wj32 ) C:\Users\Gabe\Downloads\processhacker-2.31-setup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 01618718 _____ (UpsideOut, Inc. ) C:\Users\Gabe\Downloads\ProxifySetup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 00001199 _____ C:\Users\Public\Desktop\Proxify Tray Application.lnk2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files (x86)\Proxify Tray Application2013-08-17 19:37 - 2013-08-17 19:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2013-08-17 15:13 - 2013-08-17 15:14 - 68162708 _____ C:\Users\Gabe\Downloads\10aug2133.mp42013-08-17 15:13 - 2013-08-17 15:13 - 68174687 _____ C:\Users\Gabe\Downloads\10aug1921.mp42013-08-17 15:12 - 2013-08-17 15:13 - 52554458 _____ C:\Users\Gabe\Downloads\10aug2112.mp42013-08-17 15:08 - 2013-08-17 15:09 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20041.mp42013-08-17 15:07 - 2013-08-17 15:08 - 47703588 _____ C:\Users\Gabe\Downloads\10aug2006.mp42013-08-17 15:06 - 2013-08-17 15:07 - 68020484 _____ C:\Users\Gabe\Downloads\10aug2004.mp42013-08-17 14:15 - 2013-08-17 14:15 - 68020484 _____ C:\Users\Gabe\Downloads\22222.mp42013-08-17 14:14 - 2013-08-17 14:14 - 47703588 _____ C:\Users\Gabe\Downloads\10Augbedroom.mp42013-08-17 14:11 - 2013-08-17 14:11 - 68020484 _____ C:\Users\Gabe\Downloads\My New Clipjjj.mp42013-08-17 13:57 - 2013-08-17 13:58 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20101.mp42013-08-17 13:56 - 2013-08-17 13:56 - 35517108 _____ C:\Users\Gabe\Downloads\19aug7pm.mp42013-08-17 06:46 - 2013-08-17 06:46 - 08163216 _____ C:\Users\Gabe\Downloads\12AUG2149.mp42013-08-17 06:45 - 2013-08-17 06:45 - 07722827 _____ C:\Users\Gabe\Downloads\15AUG1717.mp42013-08-17 06:44 - 2013-08-17 06:45 - 144556875 _____ C:\Users\Gabe\Downloads\7AUG1133.mp42013-08-17 06:43 - 2013-08-17 06:43 - 10074467 _____ C:\Users\Gabe\Downloads\7AUG1852.mp42013-08-17 06:42 - 2013-08-17 06:42 - 07572170 _____ C:\Users\Gabe\Downloads\3AUG.mp42013-08-17 06:36 - 2013-08-17 06:37 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010(2).mp42013-08-17 06:35 - 2013-08-17 06:36 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010.mp42013-08-17 06:35 - 2013-08-17 06:35 - 06246836 _____ C:\Users\Gabe\Downloads\12AUG0615.mp42013-08-17 06:34 - 2013-08-17 06:34 - 08811349 _____ C:\Users\Gabe\Downloads\10AUG1923.mp42013-08-17 06:33 - 2013-08-17 06:35 - 57246322 _____ C:\Users\Gabe\Downloads\46.mp42013-08-17 05:45 - 2013-08-17 05:45 - 24192489 _____ C:\Users\Gabe\Downloads\45.mp42013-08-17 05:37 - 2013-08-17 05:37 - 08811349 _____ C:\Users\Gabe\Downloads\44.mp42013-08-17 04:33 - 2013-08-03 05:40 - 00000836 _____ C:\Users\Gabe\Documents\kp[.cer2013-08-17 01:37 - 2013-08-17 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-15 17:25 - 2013-08-15 17:26 - 07722827 _____ C:\Users\Gabe\Downloads\3333.mp42013-08-15 10:49 - 2013-08-15 10:49 - 00567391 _____ C:\Users\Gabe\Documents\334.3gp2013-08-14 23:02 - 2013-08-14 23:02 - 08163216 _____ C:\Users\Gabe\Downloads\My Ne.mp42013-08-13 03:16 - 2013-08-13 03:17 - 144556875 _____ C:\Users\Gabe\Downloads\22.mp42013-08-13 01:46 - 2013-08-22 08:45 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Yahoo!2013-08-13 01:45 - 2013-08-13 01:45 - 00001137 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk2013-08-13 01:44 - 2013-08-20 10:41 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-13 01:44 - 2013-08-13 01:44 - 00442040 _____ (Yahoo! Inc.) C:\Users\Gabe\Downloads\msgr11us.exe2013-08-13 00:47 - 2013-08-13 10:30 - 00000000 ____D C:\Users\Gabe\Downloads\Epic (2013)2013-08-13 00:47 - 2013-08-13 00:51 - 00000000 ____D C:\Users\Gabe\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL2013-08-13 00:46 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Oblivion (2013) [1080p]2013-08-12 16:10 - 2013-08-12 16:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys2013-08-12 13:25 - 2013-08-12 13:26 - 06246836 _____ C:\Users\Gabe\Downloads\My New Clip(2).mp42013-08-12 06:41 - 2013-08-12 06:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf==================== One Month Modified Files and Folders =======2013-09-11 02:02 - 2013-08-09 11:40 - 00000000 ____D C:\wifidata2013-09-11 02:02 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru2013-09-11 01:55 - 2013-08-07 16:14 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3684579750-837988229-3943600733-10022013-09-11 01:51 - 2013-08-22 07:54 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 3.job2013-09-11 01:50 - 2013-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 32013-09-11 01:39 - 2012-07-26 00:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-11 01:35 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-11 01:16 - 2013-09-11 01:16 - 03191888 _____ (McAfee, Inc.) C:\Users\Gabe\Desktop\MCPR.exe2013-09-11 01:16 - 2013-08-03 04:00 - 01234136 _____ C:\Windows\WindowsUpdate.log2013-09-11 01:04 - 2013-09-08 07:58 - 00008044 _____ C:\Windows\PFRO.log2013-09-10 23:46 - 2013-09-10 23:46 - 00030839 _____ C:\Users\Gabe\Desktop\Addition.txt2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\FRST2013-09-10 23:45 - 2013-09-10 23:44 - 01949408 _____ (Farbar) C:\Users\Gabe\Desktop\FRST64.exe2013-09-10 22:48 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Program Files\ESET2013-09-10 22:41 - 2013-09-10 22:41 - 01415824 _____ (ESET) C:\Users\Gabe\Desktop\eset_nod32_antivirus_live_installer.exe2013-09-10 22:39 - 2013-09-10 20:20 - 00000000 ____D C:\Users\Gabe\Desktop\mbar2013-09-10 22:13 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI2013-09-10 21:23 - 2013-09-10 21:23 - 02347384 _____ (ESET) C:\Users\Gabe\Desktop\esetsmartinstaller_enu.exe2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-10 21:22 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM2013-09-10 21:16 - 2013-09-10 21:05 - 00000000 ____D C:\AdwCleaner2013-09-10 21:04 - 2013-09-10 21:04 - 01037278 _____ C:\Users\Gabe\Desktop\AdwCleaner.exe2013-09-10 21:01 - 2013-09-10 21:01 - 00002162 _____ C:\Users\Gabe\Desktop\JRT.txt2013-09-10 20:59 - 2013-09-10 20:09 - 00000000 ____D C:\Users\Gabe\Desktop\RK_Quarantine2013-09-10 20:53 - 2013-09-10 08:03 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield2013-09-10 20:51 - 2013-09-10 20:51 - 00000000 ____D C:\Windows\ERUNT2013-09-10 20:50 - 2013-09-10 20:50 - 01029490 _____ (Thisisu) C:\Users\Gabe\Desktop\JRT.exe2013-09-10 20:46 - 2013-09-10 20:05 - 00002424 _____ C:\Users\Gabe\Desktop\Rkill.txt2013-09-10 20:20 - 2013-09-10 20:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Gabe\Desktop\mbar-1.07.0.1005.exe2013-09-10 20:17 - 2013-09-10 20:17 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64(1).exe2013-09-10 20:12 - 2013-09-10 20:12 - 00001771 _____ C:\Users\Gabe\Desktop\RKreport[0]_S_09102013_201228.txt2013-09-10 20:07 - 2013-09-10 20:07 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64.exe2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Tiffany\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Gabe\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Tiffany\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Gabe\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000000 ____D C:\Windows\ERDNT2013-09-10 20:07 - 2013-09-10 20:06 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-10 20:06 - 2013-09-10 20:06 - 00791393 _____ (Lars Hederer ) C:\Users\Gabe\Desktop\erunt-setup.exe2013-09-10 20:05 - 2013-09-10 20:05 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Gabe\Desktop\rkill.exe2013-09-10 20:05 - 2013-09-10 20:05 - 00000000 ____D C:\Users\Gabe\Desktop\rkill2013-09-10 19:40 - 2013-09-10 19:40 - 00024917 _____ C:\Users\Gabe\Desktop\DDS 10 Sep 13.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00024917 _____ C:\Users\Gabe\Desktop\dds.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00012515 _____ C:\Users\Gabe\Desktop\attach.txt2013-09-10 19:36 - 2013-08-09 12:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\uTorrent2013-09-10 19:34 - 2013-09-10 19:34 - 00688992 ____R (Swearware) C:\Users\Gabe\Desktop\dds.scr2013-09-10 09:11 - 2013-09-10 09:11 - 05312512 _____ C:\Users\Gabe\Documents\proof.evtx2013-09-10 09:11 - 2013-09-10 09:11 - 00000000 ____D C:\Users\Gabe\Documents\LocaleMetaData2013-09-10 08:29 - 2013-09-10 08:29 - 00312280 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-10 08:29 - 2013-09-10 08:20 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-09-10 08:24 - 2013-09-10 08:24 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2013-09-10 08:24 - 2013-09-10 08:24 - 00000913 _____ C:\Users\Public\Desktop\AntiLogger.lnk2013-09-10 08:24 - 2013-09-10 08:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger2013-09-10 08:24 - 2013-09-10 08:23 - 00000000 ____D C:\Users\Gabe\AppData\Local\Zemana2013-09-10 08:23 - 2013-09-10 08:23 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst2013-09-10 08:22 - 2013-09-10 08:21 - 21264112 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\Zemana_AntiLogger_1.9.3.502.exe2013-09-10 08:20 - 2013-09-10 08:20 - 00000000 ____D C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 08:19 - 2013-09-10 08:19 - 04322816 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe2013-09-10 08:04 - 2013-09-10 08:04 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-09-10 08:03 - 2013-09-10 08:03 - 00583584 _____ C:\Users\Gabe\Downloads\hotspotshield-setup.exe2013-09-10 08:03 - 2013-09-10 08:03 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini2013-09-10 07:08 - 2013-09-10 07:08 - 00002107 _____ C:\Users\Public\Desktop\Who Is On My Wifi.lnk2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Program Files (x86)\IO3O LLC2013-09-10 07:08 - 2013-08-09 11:39 - 05228920 _____ (IO3O LLC ) C:\Users\Gabe\Downloads\mywifi.exe2013-09-08 16:32 - 2013-09-08 16:28 - 767623168 ____R C:\Users\Gabe\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso2013-09-08 16:31 - 2013-08-07 16:12 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony Corporation2013-09-08 16:31 - 2013-08-03 04:47 - 00000000 ____D C:\Program Files (x86)\Sony2013-09-08 16:04 - 2013-09-08 16:04 - 00000000 ____H C:\Users\Gabe\Documents\Default.rdp2013-09-08 11:03 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\WinStore2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Windows Defender2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-09-08 10:36 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe2013-09-08 09:41 - 2013-09-08 09:41 - 16243768 _____ C:\Users\Gabe\Downloads\Glary_Utilities_v3.9.1.exe2013-09-08 08:26 - 2013-08-07 16:53 - 00000000 ____D C:\Windows\system32\MRT2013-09-08 08:25 - 2013-08-07 16:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-08 07:20 - 2013-08-03 05:22 - 00000000 ____D C:\Program Files (x86)\CyberLink2013-09-08 07:20 - 2013-08-03 04:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-09-08 07:08 - 2012-08-02 18:59 - 00000000 ____D C:\Windows\Panther2013-09-08 06:54 - 2013-08-07 17:13 - 00000022 _____ C:\Windows\Model.txt2013-09-08 03:25 - 2013-09-08 03:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02013-09-07 09:18 - 2013-09-07 09:18 - 01448299 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130820164851.3gp2013-09-07 09:15 - 2013-09-07 09:15 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130821123433.3gp2013-09-07 09:15 - 2013-09-07 09:14 - 00475112 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822103012.3gp2013-09-07 09:12 - 2013-09-07 09:12 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822123215.3gp2013-09-07 08:43 - 2013-09-07 08:43 - 00356352 _____ C:\Users\Gabe\Downloads\log.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00064000 _____ C:\Users\Gabe\Downloads\contact.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00040448 _____ C:\Users\Gabe\Downloads\logcall.xls2013-09-05 17:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-09-04 14:58 - 2013-09-04 14:58 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe2013-09-04 14:49 - 2013-09-04 14:39 - 00000000 ____D C:\Program Files (x86)\JGS-Scan2013-09-04 14:38 - 2013-09-04 14:39 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe2013-09-04 14:38 - 2013-09-04 14:38 - 04907960 _____ () C:\Users\Gabe\Downloads\JGS-Scan3.exe2013-09-04 14:37 - 2013-09-04 14:37 - 00584600 _____ C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe2013-09-04 14:35 - 2013-08-07 16:08 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Adobe2013-09-03 19:08 - 2013-09-03 19:07 - 00000000 ____D C:\Program Files\stinger2013-09-03 19:07 - 2013-09-03 19:07 - 00000000 ____D C:\Stinger_Quarantine2013-09-03 19:06 - 2013-09-03 19:06 - 04900592 _____ (McAfee, Inc.) C:\Users\Gabe\Downloads\McAfeeSetup-Serial.exe2013-09-03 18:57 - 2013-09-03 18:57 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-26 08:14 - 2013-08-17 22:52 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Audacity2013-08-26 06:15 - 2013-08-26 06:13 - 116778590 _____ C:\Users\Gabe\Downloads\GET A LIFE 1627.mp42013-08-26 06:11 - 2013-08-26 06:10 - 78900943 _____ C:\Users\Gabe\Downloads\SACKCHASING COUGAR.mp42013-08-26 06:10 - 2013-08-26 06:09 - 89449556 _____ C:\Users\Gabe\Downloads\PL1300.mp42013-08-26 06:10 - 2013-08-26 06:09 - 60828557 _____ C:\Users\Gabe\Downloads\WORTHLESS LOSER.mp42013-08-26 06:09 - 2013-08-26 06:09 - 76704889 _____ C:\Users\Gabe\Downloads\LIVING WITH PARENTS AT 40.mp42013-08-26 06:04 - 2013-08-26 06:03 - 53457437 _____ C:\Users\Gabe\Downloads\FD1902.mp42013-08-26 06:04 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750WW.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FFFF.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD175022.mp42013-08-26 06:03 - 2013-08-26 06:02 - 20270529 _____ C:\Users\Gabe\Downloads\FD2000-FINISH.mp42013-08-26 05:58 - 2013-08-26 05:58 - 44342458 _____ C:\Users\Gabe\Downloads\11.mp42013-08-26 05:58 - 2013-08-26 05:58 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750.mp42013-08-26 05:58 - 2013-08-26 05:58 - 34018519 _____ C:\Users\Gabe\Downloads\FD1705.mp42013-08-26 05:58 - 2013-08-26 05:57 - 40459964 _____ C:\Users\Gabe\Downloads\1.mp42013-08-26 05:53 - 2013-08-26 05:52 - 40459964 _____ C:\Users\Gabe\Downloads\FD21AUG1530.mp42013-08-26 05:52 - 2013-08-26 05:52 - 39933685 _____ C:\Users\Gabe\Downloads\FD21AUG1430.mp42013-08-26 05:52 - 2013-08-26 05:51 - 54647286 _____ C:\Users\Gabe\Downloads\My New Clip33.mp42013-08-26 05:49 - 2013-08-26 05:49 - 39940067 _____ C:\Users\Gabe\Downloads\FD21AUG1310.mp42013-08-26 05:49 - 2013-08-26 05:48 - 39142968 _____ C:\Users\Gabe\Downloads\FrontDoor21Aug1215.mp42013-08-26 05:32 - 2013-08-26 05:31 - 54647286 _____ C:\Users\Gabe\Downloads\Front Door 21August.mp42013-08-26 05:31 - 2013-08-26 05:30 - 58247011 _____ C:\Users\Gabe\Downloads\BR13AUG1510.mp42013-08-26 05:30 - 2013-08-26 05:30 - 40918583 _____ C:\Users\Gabe\Downloads\BR13AUG1415.mp42013-08-26 05:30 - 2013-08-20 12:20 - 63503421 _____ C:\Users\Gabe\Downloads\BR13AUG1330.mp42013-08-26 05:15 - 2013-08-25 13:39 - 00000000 ____D C:\Users\Gabe\Documents\NACI_data2013-08-25 22:21 - 2013-08-25 13:39 - 00072588 _____ C:\Users\Gabe\Documents\NACI.aup2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apple Computer2013-08-25 13:18 - 2013-08-25 13:16 - 236588638 _____ C:\Users\Gabe\Documents\NACI.wav2013-08-25 13:11 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Public\CyberLink2013-08-25 11:10 - 2013-08-25 11:10 - 00000000 ____D C:\Users\Gabe\Downloads\MP_ROOT2013-08-24 12:52 - 2013-08-20 15:10 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-24 12:52 - 2013-08-20 15:09 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-24 05:36 - 2013-08-22 07:55 - 00000075 _____ C:\DiskDefrag.log2013-08-24 02:04 - 2013-08-03 04:53 - 00000000 ____D C:\Program Files\Sony2013-08-23 12:34 - 2013-08-23 12:34 - 00461312 _____ C:\Users\Gabe\Downloads\1.xls2013-08-23 12:30 - 2013-08-23 11:49 - 00191488 _____ C:\Users\Gabe\Downloads\213991775063143LOCATION.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00461312 _____ C:\Users\Gabe\Downloads\213991775063143SMS.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00047616 _____ C:\Users\Gabe\Downloads\213991775063143CALL.xls2013-08-23 02:06 - 2013-08-20 12:40 - 00000000 ____D C:\Users\Gabe\Downloads\CyberLink Power Director 11 Ultra DeLtA Sn1p3r2013-08-22 22:12 - 2013-08-22 22:12 - 00685123 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130819081157-6029782496.3gp2013-08-22 22:12 - 2013-08-22 22:12 - 00087795 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130814211449-6025732886.3gp2013-08-22 21:47 - 2013-08-08 01:25 - 00000000 ____D C:\Users\Tiffany\AppData\Local\Sony Corporation2013-08-22 21:47 - 2013-08-03 04:47 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation2013-08-22 09:34 - 2013-08-08 01:36 - 00007616 _____ C:\Users\Gabe\AppData\Local\resmon.resmoncfg2013-08-22 09:22 - 2013-08-22 09:21 - 00000000 ____D C:\Users\Gabe\Documents\Cinematic_Music_Group-Big_K.R.I.T-King_Remembered_In_Time2013-08-22 09:08 - 2013-08-22 09:08 - 00000000 ____D C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 09:08 - 2013-08-07 21:28 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Mozilla2013-08-22 08:45 - 2013-08-13 01:46 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Yahoo!2013-08-22 08:45 - 2013-08-10 23:59 - 00000000 ____D C:\Users\Gabe\Documents\Sony PMB2013-08-22 08:45 - 2013-08-08 01:20 - 00000000 ____D C:\Users\Tiffany2013-08-22 08:45 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Sony2013-08-22 08:45 - 2013-08-07 16:07 - 00000000 ____D C:\Users\Gabe2013-08-22 08:44 - 2013-08-22 06:52 - 00000000 ____D C:\Program Files (x86)\WinAce2013-08-22 08:44 - 2013-08-20 13:14 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-08-22 08:44 - 2013-08-08 08:32 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-08-22 08:44 - 2012-07-26 01:12 - 00000000 __SHD C:\Program Files\Windows Sidebar2013-08-22 08:44 - 2012-07-25 22:37 - 00000000 __RHD C:\Users\Default2013-08-22 08:43 - 2013-08-03 04:22 - 00000000 ____D C:\Intel2013-08-22 08:00 - 2013-08-09 03:48 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Winamp2013-08-22 07:55 - 2013-08-22 07:55 - 00002622 _____ C:\Windows\System32\Tasks\GlaryInitialize 32013-08-22 07:55 - 2013-08-22 07:55 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk2013-08-22 07:54 - 2013-08-22 07:54 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 07:47 - 2013-08-22 07:47 - 16136496 _____ C:\Users\Gabe\Downloads\gu3setup.exe2013-08-22 06:52 - 2013-08-22 06:52 - 04042444 _____ (e-merge GmbH) C:\Users\Gabe\Downloads\wace269i.exe2013-08-22 06:52 - 2013-08-22 06:52 - 00000951 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk2013-08-22 06:49 - 2013-08-22 06:49 - 00862521 _____ C:\Users\Gabe\Downloads\videosnarf-0.63.tar.gz2013-08-22 04:44 - 2013-08-22 04:44 - 00582605 _____ C:\Users\Gabe\Downloads\Winamp_Essentials_6_7_8_9_10_11_12_13_14.exe2013-08-22 04:44 - 2013-08-09 03:48 - 00000000 ____D C:\Program Files (x86)\Winamp2013-08-21 01:47 - 2013-08-21 01:47 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Apple Computer2013-08-20 15:11 - 2013-08-20 15:04 - 00000000 ____D C:\Users\Gabe\Documents\Audio from Tim Mcgraw Burglary2013-08-20 15:09 - 2013-08-20 15:09 - 00502848 _____ (NCH Software) C:\Users\Gabe\Downloads\switchsetup.exe2013-08-20 14:56 - 2013-08-20 14:53 - 470418208 _____ C:\Users\Gabe\Downloads\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.exe2013-08-20 14:45 - 2013-08-20 14:45 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe2013-08-20 14:18 - 2013-08-20 14:18 - 00979928 _____ (CyberLink) C:\Users\Gabe\Downloads\CyberLink_PowerDirector_Downloader.exe2013-08-20 13:22 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Gabe\Documents\CyberLink2013-08-20 13:20 - 2013-08-20 13:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\CyberLink2013-08-20 13:14 - 2013-08-20 13:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-08-20 12:37 - 2013-08-20 12:35 - 00838896 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp4.sfk2013-08-20 12:37 - 2013-08-20 12:32 - 00886196 _____ C:\Users\Gabe\Downloads\10aug1921.mp4.sfk2013-08-20 12:29 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony2013-08-20 12:18 - 2013-08-20 12:17 - 52289079 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 1 of 2).mp42013-08-20 12:18 - 2013-08-20 12:17 - 31723429 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 2 of 2).mp42013-08-20 10:41 - 2013-08-13 01:44 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-20 10:40 - 2013-08-03 04:44 - 00000000 ____D C:\Program Files\Common Files\Sony Shared2013-08-20 07:46 - 2013-08-18 07:05 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-20 07:11 - 2013-08-19 17:40 - 00000032 _____ C:\Users\Gabe\AppData\Roaming\mbam.context.scan2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys2013-08-20 02:21 - 2013-08-22 07:55 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2013-08-20 02:08 - 2013-08-20 02:05 - 43723137 _____ C:\Users\Gabe\Downloads\LR13AUG0515.mp42013-08-20 02:05 - 2013-08-20 01:58 - 44618151 _____ C:\Users\Gabe\Downloads\LR13AUG0420.mp42013-08-20 02:05 - 2013-08-20 01:56 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0325.mp42013-08-20 02:02 - 2013-08-20 01:52 - 75121062 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp42013-08-20 01:58 - 2013-08-20 01:51 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0235.mp42013-08-20 01:49 - 2013-08-20 01:42 - 90665926 _____ C:\Users\Gabe\Downloads\LR13AUG0146.mp42013-08-20 01:37 - 2013-08-20 01:35 - 28597549 _____ C:\Users\Gabe\Downloads\BR13AUG0132 (Part 1 of 2).mp42013-08-20 01:35 - 2013-08-20 01:35 - 00000000 _____ C:\Users\Gabe\Downloads\BR13AUG1332 (Part 2 of 2).mp42013-08-19 13:50 - 2013-08-19 13:50 - 00685123 _____ C:\Users\Gabe\Downloads\CC.3gp2013-08-19 13:49 - 2013-08-19 13:49 - 00650639 _____ C:\Users\Gabe\Downloads\DAD.3gp2013-08-19 13:47 - 2013-08-19 13:47 - 01457652 _____ (Repair Video, Inc. ) C:\Users\Gabe\Desktop\asf_avi_rm_wmv_repair.exe2013-08-18 23:44 - 2013-08-18 23:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-18 23:44 - 2013-08-18 23:44 - 00000291 _____ C:\AdwCleaner[s2].txt2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 23:44 - 2013-08-18 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabe\Downloads\mbam-setup-1.75.0.1300.exe2013-08-18 10:46 - 2013-08-18 10:45 - 52273262 _____ C:\Users\Gabe\Downloads\10aug2155.mp42013-08-18 10:45 - 2013-08-18 10:45 - 05730942 _____ C:\Users\Gabe\Downloads\item.mp42013-08-18 07:11 - 2013-08-18 07:11 - 00002006 _____ C:\AdwCleaner[s1].txt2013-08-18 07:09 - 2013-08-18 07:09 - 00891115 _____ C:\Users\Gabe\Downloads\SecurityCheck.exe2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB4C8.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB080.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAP79BE.tmp2013-08-18 07:03 - 2013-08-18 07:03 - 00001841 _____ C:\Users\Gabe\Desktop\Process Hacker 2.lnk2013-08-18 07:03 - 2013-08-18 07:03 - 00000000 ____D C:\Program Files\Process Hacker 22013-08-17 23:04 - 2013-08-17 22:56 - 96836088 _____ C:\Users\Gabe\Downloads\10aug2004.avi2013-08-17 22:55 - 2013-08-17 22:55 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe2013-08-17 22:52 - 2013-08-17 22:52 - 00001007 _____ C:\Users\Gabe\Desktop\Audacity.lnk2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Audacity2013-08-17 22:52 - 2013-08-17 22:51 - 21281052 _____ (Audacity Team ) C:\Users\Gabe\Downloads\audacity-win-2.0.3.exe2013-08-17 22:50 - 2013-08-17 22:50 - 01856092 _____ (wj32 ) C:\Users\Gabe\Downloads\processhacker-2.31-setup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 01618718 _____ (UpsideOut, Inc. ) C:\Users\Gabe\Downloads\ProxifySetup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 00001199 _____ C:\Users\Public\Desktop\Proxify Tray Application.lnk2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files (x86)\Proxify Tray Application2013-08-17 19:37 - 2013-08-17 19:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2013-08-17 15:14 - 2013-08-17 15:13 - 68162708 _____ C:\Users\Gabe\Downloads\10aug2133.mp42013-08-17 15:13 - 2013-08-17 15:13 - 68174687 _____ C:\Users\Gabe\Downloads\10aug1921.mp42013-08-17 15:13 - 2013-08-17 15:12 - 52554458 _____ C:\Users\Gabe\Downloads\10aug2112.mp42013-08-17 15:09 - 2013-08-17 15:08 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20041.mp42013-08-17 15:08 - 2013-08-17 15:07 - 47703588 _____ C:\Users\Gabe\Downloads\10aug2006.mp42013-08-17 15:07 - 2013-08-17 15:06 - 68020484 _____ C:\Users\Gabe\Downloads\10aug2004.mp42013-08-17 14:15 - 2013-08-17 14:15 - 68020484 _____ C:\Users\Gabe\Downloads\22222.mp42013-08-17 14:14 - 2013-08-17 14:14 - 47703588 _____ C:\Users\Gabe\Downloads\10Augbedroom.mp42013-08-17 14:11 - 2013-08-17 14:11 - 68020484 _____ C:\Users\Gabe\Downloads\My New Clipjjj.mp42013-08-17 13:58 - 2013-08-17 13:57 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20101.mp42013-08-17 13:56 - 2013-08-17 13:56 - 35517108 _____ C:\Users\Gabe\Downloads\19aug7pm.mp42013-08-17 06:46 - 2013-08-17 06:46 - 08163216 _____ C:\Users\Gabe\Downloads\12AUG2149.mp42013-08-17 06:45 - 2013-08-17 06:45 - 07722827 _____ C:\Users\Gabe\Downloads\15AUG1717.mp42013-08-17 06:45 - 2013-08-17 06:44 - 144556875 _____ C:\Users\Gabe\Downloads\7AUG1133.mp42013-08-17 06:43 - 2013-08-17 06:43 - 10074467 _____ C:\Users\Gabe\Downloads\7AUG1852.mp42013-08-17 06:42 - 2013-08-17 06:42 - 07572170 _____ C:\Users\Gabe\Downloads\3AUG.mp42013-08-17 06:37 - 2013-08-17 06:36 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010(2).mp42013-08-17 06:36 - 2013-08-17 06:35 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010.mp42013-08-17 06:35 - 2013-08-17 06:35 - 06246836 _____ C:\Users\Gabe\Downloads\12AUG0615.mp42013-08-17 06:35 - 2013-08-17 06:33 - 57246322 _____ C:\Users\Gabe\Downloads\46.mp42013-08-17 06:34 - 2013-08-17 06:34 - 08811349 _____ C:\Users\Gabe\Downloads\10AUG1923.mp42013-08-17 05:45 - 2013-08-17 05:45 - 24192489 _____ C:\Users\Gabe\Downloads\45.mp42013-08-17 05:37 - 2013-08-17 05:37 - 08811349 _____ C:\Users\Gabe\Downloads\44.mp42013-08-17 03:38 - 2013-08-03 04:46 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-08-17 03:38 - 2013-08-03 04:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-08-17 01:37 - 2013-08-17 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-15 17:26 - 2013-08-15 17:25 - 07722827 _____ C:\Users\Gabe\Downloads\3333.mp42013-08-15 10:49 - 2013-08-15 10:49 - 00567391 _____ C:\Users\Gabe\Documents\334.3gp2013-08-15 01:38 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF2013-08-14 23:02 - 2013-08-14 23:02 - 08163216 _____ C:\Users\Gabe\Downloads\My Ne.mp42013-08-13 10:30 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Epic (2013)2013-08-13 03:17 - 2013-08-13 03:16 - 144556875 _____ C:\Users\Gabe\Downloads\22.mp42013-08-13 01:45 - 2013-08-13 01:45 - 00001137 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk2013-08-13 01:44 - 2013-08-13 01:44 - 00442040 _____ (Yahoo! Inc.) C:\Users\Gabe\Downloads\msgr11us.exe2013-08-13 00:51 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL2013-08-13 00:47 - 2013-08-13 00:46 - 00000000 ____D C:\Users\Gabe\Downloads\Oblivion (2013) [1080p]2013-08-12 16:10 - 2013-08-12 16:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys2013-08-12 16:07 - 2013-09-10 08:03 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-12 13:26 - 2013-08-12 13:25 - 06246836 _____ C:\Users\Gabe\Downloads\My New Clip(2).mp42013-08-12 06:41 - 2013-08-12 06:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728301 Share Posted September 11, 2013 ==================== One Month Modified Files and Folders =======2013-09-11 02:02 - 2013-08-09 11:40 - 00000000 ____D C:\wifidata2013-09-11 02:02 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru2013-09-11 01:55 - 2013-08-07 16:14 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3684579750-837988229-3943600733-10022013-09-11 01:51 - 2013-08-22 07:54 - 00000348 _____ C:\Windows\Tasks\GlaryInitialize 3.job2013-09-11 01:50 - 2013-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 32013-09-11 01:39 - 2012-07-26 00:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-11 01:35 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-11 01:16 - 2013-09-11 01:16 - 03191888 _____ (McAfee, Inc.) C:\Users\Gabe\Desktop\MCPR.exe2013-09-11 01:16 - 2013-08-03 04:00 - 01234136 _____ C:\Windows\WindowsUpdate.log2013-09-11 01:04 - 2013-09-08 07:58 - 00008044 _____ C:\Windows\PFRO.log2013-09-10 23:46 - 2013-09-10 23:46 - 00030839 _____ C:\Users\Gabe\Desktop\Addition.txt2013-09-10 23:45 - 2013-09-10 23:45 - 00000000 ____D C:\FRST2013-09-10 23:45 - 2013-09-10 23:44 - 01949408 _____ (Farbar) C:\Users\Gabe\Desktop\FRST64.exe2013-09-10 22:48 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP2013-09-10 22:45 - 2013-09-10 22:45 - 00000000 ____D C:\Program Files\ESET2013-09-10 22:41 - 2013-09-10 22:41 - 01415824 _____ (ESET) C:\Users\Gabe\Desktop\eset_nod32_antivirus_live_installer.exe2013-09-10 22:39 - 2013-09-10 20:20 - 00000000 ____D C:\Users\Gabe\Desktop\mbar2013-09-10 22:13 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI2013-09-10 21:23 - 2013-09-10 21:23 - 02347384 _____ (ESET) C:\Users\Gabe\Desktop\esetsmartinstaller_enu.exe2013-09-10 21:23 - 2013-09-10 21:23 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-10 21:22 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM2013-09-10 21:16 - 2013-09-10 21:05 - 00000000 ____D C:\AdwCleaner2013-09-10 21:04 - 2013-09-10 21:04 - 01037278 _____ C:\Users\Gabe\Desktop\AdwCleaner.exe2013-09-10 21:01 - 2013-09-10 21:01 - 00002162 _____ C:\Users\Gabe\Desktop\JRT.txt2013-09-10 20:59 - 2013-09-10 20:09 - 00000000 ____D C:\Users\Gabe\Desktop\RK_Quarantine2013-09-10 20:53 - 2013-09-10 08:03 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield2013-09-10 20:51 - 2013-09-10 20:51 - 00000000 ____D C:\Windows\ERUNT2013-09-10 20:50 - 2013-09-10 20:50 - 01029490 _____ (Thisisu) C:\Users\Gabe\Desktop\JRT.exe2013-09-10 20:46 - 2013-09-10 20:05 - 00002424 _____ C:\Users\Gabe\Desktop\Rkill.txt2013-09-10 20:20 - 2013-09-10 20:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Gabe\Desktop\mbar-1.07.0.1005.exe2013-09-10 20:17 - 2013-09-10 20:17 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64(1).exe2013-09-10 20:12 - 2013-09-10 20:12 - 00001771 _____ C:\Users\Gabe\Desktop\RKreport[0]_S_09102013_201228.txt2013-09-10 20:07 - 2013-09-10 20:07 - 03788288 _____ C:\Users\Gabe\Desktop\RogueKillerX64.exe2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Tiffany\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\Gabe\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000924 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Tiffany\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\Gabe\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000905 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-10 20:07 - 2013-09-10 20:07 - 00000000 ____D C:\Windows\ERDNT2013-09-10 20:07 - 2013-09-10 20:06 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-10 20:06 - 2013-09-10 20:06 - 00791393 _____ (Lars Hederer ) C:\Users\Gabe\Desktop\erunt-setup.exe2013-09-10 20:05 - 2013-09-10 20:05 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Gabe\Desktop\rkill.exe2013-09-10 20:05 - 2013-09-10 20:05 - 00000000 ____D C:\Users\Gabe\Desktop\rkill2013-09-10 19:40 - 2013-09-10 19:40 - 00024917 _____ C:\Users\Gabe\Desktop\DDS 10 Sep 13.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00024917 _____ C:\Users\Gabe\Desktop\dds.txt2013-09-10 19:38 - 2013-09-10 19:35 - 00012515 _____ C:\Users\Gabe\Desktop\attach.txt2013-09-10 19:36 - 2013-08-09 12:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\uTorrent2013-09-10 19:34 - 2013-09-10 19:34 - 00688992 ____R (Swearware) C:\Users\Gabe\Desktop\dds.scr2013-09-10 09:11 - 2013-09-10 09:11 - 05312512 _____ C:\Users\Gabe\Documents\proof.evtx2013-09-10 09:11 - 2013-09-10 09:11 - 00000000 ____D C:\Users\Gabe\Documents\LocaleMetaData2013-09-10 08:29 - 2013-09-10 08:29 - 00312280 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-10 08:29 - 2013-09-10 08:20 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK2013-09-10 08:24 - 2013-09-10 08:24 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys2013-09-10 08:24 - 2013-09-10 08:24 - 00000913 _____ C:\Users\Public\Desktop\AntiLogger.lnk2013-09-10 08:24 - 2013-09-10 08:24 - 00000000 ____D C:\Program Files (x86)\AntiLogger2013-09-10 08:24 - 2013-09-10 08:23 - 00000000 ____D C:\Users\Gabe\AppData\Local\Zemana2013-09-10 08:23 - 2013-09-10 08:23 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst2013-09-10 08:22 - 2013-09-10 08:21 - 21264112 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\Zemana_AntiLogger_1.9.3.502.exe2013-09-10 08:20 - 2013-09-10 08:20 - 00000000 ____D C:\Users\Gabe\AppData\Local\AntiLogger Free2013-09-10 08:19 - 2013-09-10 08:19 - 04322816 _____ (Zemana Ltd. ) C:\Users\Gabe\Downloads\AntiLoggerFree_Setup_1.6.2.245.exe2013-09-10 08:04 - 2013-09-10 08:04 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk2013-09-10 08:03 - 2013-09-10 08:03 - 00583584 _____ C:\Users\Gabe\Downloads\hotspotshield-setup.exe2013-09-10 08:03 - 2013-09-10 08:03 - 00000020 ___SH C:\Users\fbwuser\ntuser.ini2013-09-10 07:08 - 2013-09-10 07:08 - 00002107 _____ C:\Users\Public\Desktop\Who Is On My Wifi.lnk2013-09-10 07:08 - 2013-09-10 07:08 - 00000000 ____D C:\Program Files (x86)\IO3O LLC2013-09-10 07:08 - 2013-08-09 11:39 - 05228920 _____ (IO3O LLC ) C:\Users\Gabe\Downloads\mywifi.exe2013-09-08 16:32 - 2013-09-08 16:28 - 767623168 ____R C:\Users\Gabe\Downloads\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso2013-09-08 16:31 - 2013-08-07 16:12 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony Corporation2013-09-08 16:31 - 2013-08-03 04:47 - 00000000 ____D C:\Program Files (x86)\Sony2013-09-08 16:04 - 2013-09-08 16:04 - 00000000 ____H C:\Users\Gabe\Documents\Default.rdp2013-09-08 11:03 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\WinStore2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Windows Defender2013-09-08 10:36 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-09-08 10:36 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe2013-09-08 09:41 - 2013-09-08 09:41 - 16243768 _____ C:\Users\Gabe\Downloads\Glary_Utilities_v3.9.1.exe2013-09-08 08:26 - 2013-08-07 16:53 - 00000000 ____D C:\Windows\system32\MRT2013-09-08 08:25 - 2013-08-07 16:53 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-09-08 07:20 - 2013-08-03 05:22 - 00000000 ____D C:\Program Files (x86)\CyberLink2013-09-08 07:20 - 2013-08-03 04:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2013-09-08 07:08 - 2012-08-02 18:59 - 00000000 ____D C:\Windows\Panther2013-09-08 06:54 - 2013-08-07 17:13 - 00000022 _____ C:\Windows\Model.txt2013-09-08 03:25 - 2013-09-08 03:25 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apps\2.02013-09-07 09:18 - 2013-09-07 09:18 - 01448299 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130820164851.3gp2013-09-07 09:15 - 2013-09-07 09:15 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130821123433.3gp2013-09-07 09:15 - 2013-09-07 09:14 - 00475112 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822103012.3gp2013-09-07 09:12 - 2013-09-07 09:12 - 02896534 _____ C:\Users\Gabe\Downloads\213991775063143-SURROUND-20130822123215.3gp2013-09-07 08:43 - 2013-09-07 08:43 - 00356352 _____ C:\Users\Gabe\Downloads\log.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00064000 _____ C:\Users\Gabe\Downloads\contact.xls2013-09-07 08:43 - 2013-09-07 08:43 - 00040448 _____ C:\Users\Gabe\Downloads\logcall.xls2013-09-05 17:36 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-09-04 14:58 - 2013-09-04 14:58 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe2013-09-04 14:49 - 2013-09-04 14:39 - 00000000 ____D C:\Program Files (x86)\JGS-Scan2013-09-04 14:38 - 2013-09-04 14:39 - 00737280 _____ (Indigo Rose Corporation) C:\Windows\iun6002.exe2013-09-04 14:38 - 2013-09-04 14:38 - 04907960 _____ () C:\Users\Gabe\Downloads\JGS-Scan3.exe2013-09-04 14:37 - 2013-09-04 14:37 - 00584600 _____ C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe2013-09-04 14:35 - 2013-08-07 16:08 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Adobe2013-09-03 19:08 - 2013-09-03 19:07 - 00000000 ____D C:\Program Files\stinger2013-09-03 19:07 - 2013-09-03 19:07 - 00000000 ____D C:\Stinger_Quarantine2013-09-03 19:06 - 2013-09-03 19:06 - 04900592 _____ (McAfee, Inc.) C:\Users\Gabe\Downloads\McAfeeSetup-Serial.exe2013-09-03 18:57 - 2013-09-03 18:57 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\DiskDefrag2013-08-26 08:14 - 2013-08-17 22:52 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Audacity2013-08-26 06:15 - 2013-08-26 06:13 - 116778590 _____ C:\Users\Gabe\Downloads\GET A LIFE 1627.mp42013-08-26 06:11 - 2013-08-26 06:10 - 78900943 _____ C:\Users\Gabe\Downloads\SACKCHASING COUGAR.mp42013-08-26 06:10 - 2013-08-26 06:09 - 89449556 _____ C:\Users\Gabe\Downloads\PL1300.mp42013-08-26 06:10 - 2013-08-26 06:09 - 60828557 _____ C:\Users\Gabe\Downloads\WORTHLESS LOSER.mp42013-08-26 06:09 - 2013-08-26 06:09 - 76704889 _____ C:\Users\Gabe\Downloads\LIVING WITH PARENTS AT 40.mp42013-08-26 06:04 - 2013-08-26 06:03 - 53457437 _____ C:\Users\Gabe\Downloads\FD1902.mp42013-08-26 06:04 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750WW.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FFFF.mp42013-08-26 06:03 - 2013-08-26 06:03 - 35874577 _____ C:\Users\Gabe\Downloads\FD175022.mp42013-08-26 06:03 - 2013-08-26 06:02 - 20270529 _____ C:\Users\Gabe\Downloads\FD2000-FINISH.mp42013-08-26 05:58 - 2013-08-26 05:58 - 44342458 _____ C:\Users\Gabe\Downloads\11.mp42013-08-26 05:58 - 2013-08-26 05:58 - 35874577 _____ C:\Users\Gabe\Downloads\FD1750.mp42013-08-26 05:58 - 2013-08-26 05:58 - 34018519 _____ C:\Users\Gabe\Downloads\FD1705.mp42013-08-26 05:58 - 2013-08-26 05:57 - 40459964 _____ C:\Users\Gabe\Downloads\1.mp42013-08-26 05:53 - 2013-08-26 05:52 - 40459964 _____ C:\Users\Gabe\Downloads\FD21AUG1530.mp42013-08-26 05:52 - 2013-08-26 05:52 - 39933685 _____ C:\Users\Gabe\Downloads\FD21AUG1430.mp42013-08-26 05:52 - 2013-08-26 05:51 - 54647286 _____ C:\Users\Gabe\Downloads\My New Clip33.mp42013-08-26 05:49 - 2013-08-26 05:49 - 39940067 _____ C:\Users\Gabe\Downloads\FD21AUG1310.mp42013-08-26 05:49 - 2013-08-26 05:48 - 39142968 _____ C:\Users\Gabe\Downloads\FrontDoor21Aug1215.mp42013-08-26 05:32 - 2013-08-26 05:31 - 54647286 _____ C:\Users\Gabe\Downloads\Front Door 21August.mp42013-08-26 05:31 - 2013-08-26 05:30 - 58247011 _____ C:\Users\Gabe\Downloads\BR13AUG1510.mp42013-08-26 05:30 - 2013-08-26 05:30 - 40918583 _____ C:\Users\Gabe\Downloads\BR13AUG1415.mp42013-08-26 05:30 - 2013-08-20 12:20 - 63503421 _____ C:\Users\Gabe\Downloads\BR13AUG1330.mp42013-08-26 05:15 - 2013-08-25 13:39 - 00000000 ____D C:\Users\Gabe\Documents\NACI_data2013-08-25 22:21 - 2013-08-25 13:39 - 00072588 _____ C:\Users\Gabe\Documents\NACI.aup2013-08-25 14:03 - 2013-08-25 14:03 - 00000000 ____D C:\Users\Gabe\AppData\Local\Apple Computer2013-08-25 13:18 - 2013-08-25 13:16 - 236588638 _____ C:\Users\Gabe\Documents\NACI.wav2013-08-25 13:11 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Public\CyberLink2013-08-25 11:10 - 2013-08-25 11:10 - 00000000 ____D C:\Users\Gabe\Downloads\MP_ROOT2013-08-24 12:52 - 2013-08-20 15:10 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2013-08-24 12:52 - 2013-08-20 15:09 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\NCH Software2013-08-24 05:36 - 2013-08-22 07:55 - 00000075 _____ C:\DiskDefrag.log2013-08-24 02:04 - 2013-08-03 04:53 - 00000000 ____D C:\Program Files\Sony2013-08-23 12:34 - 2013-08-23 12:34 - 00461312 _____ C:\Users\Gabe\Downloads\1.xls2013-08-23 12:30 - 2013-08-23 11:49 - 00191488 _____ C:\Users\Gabe\Downloads\213991775063143LOCATION.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00461312 _____ C:\Users\Gabe\Downloads\213991775063143SMS.xls2013-08-23 12:07 - 2013-08-23 12:07 - 00047616 _____ C:\Users\Gabe\Downloads\213991775063143CALL.xls2013-08-23 02:06 - 2013-08-20 12:40 - 00000000 ____D C:\Users\Gabe\Downloads\CyberLink Power Director 11 Ultra DeLtA Sn1p3r2013-08-22 22:12 - 2013-08-22 22:12 - 00685123 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130819081157-6029782496.3gp2013-08-22 22:12 - 2013-08-22 22:12 - 00087795 _____ C:\Users\Gabe\Downloads\213991775063143-CALL-20130814211449-6025732886.3gp2013-08-22 21:47 - 2013-08-08 01:25 - 00000000 ____D C:\Users\Tiffany\AppData\Local\Sony Corporation2013-08-22 21:47 - 2013-08-03 04:47 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation2013-08-22 09:34 - 2013-08-08 01:36 - 00007616 _____ C:\Users\Gabe\AppData\Local\resmon.resmoncfg2013-08-22 09:22 - 2013-08-22 09:21 - 00000000 ____D C:\Users\Gabe\Documents\Cinematic_Music_Group-Big_K.R.I.T-King_Remembered_In_Time2013-08-22 09:08 - 2013-08-22 09:08 - 00000000 ____D C:\Users\Gabe\AppData\Local\Macromedia2013-08-22 09:08 - 2013-08-07 21:28 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Mozilla2013-08-22 08:45 - 2013-08-13 01:46 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Yahoo!2013-08-22 08:45 - 2013-08-10 23:59 - 00000000 ____D C:\Users\Gabe\Documents\Sony PMB2013-08-22 08:45 - 2013-08-08 01:20 - 00000000 ____D C:\Users\Tiffany2013-08-22 08:45 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Sony2013-08-22 08:45 - 2013-08-07 16:07 - 00000000 ____D C:\Users\Gabe2013-08-22 08:44 - 2013-08-22 06:52 - 00000000 ____D C:\Program Files (x86)\WinAce2013-08-22 08:44 - 2013-08-20 13:14 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-08-22 08:44 - 2013-08-08 08:32 - 00000000 ____D C:\Program Files (x86)\The KMPlayer2013-08-22 08:44 - 2012-07-26 01:12 - 00000000 __SHD C:\Program Files\Windows Sidebar2013-08-22 08:44 - 2012-07-25 22:37 - 00000000 __RHD C:\Users\Default2013-08-22 08:43 - 2013-08-03 04:22 - 00000000 ____D C:\Intel2013-08-22 08:00 - 2013-08-09 03:48 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Winamp2013-08-22 07:55 - 2013-08-22 07:55 - 00002622 _____ C:\Windows\System32\Tasks\GlaryInitialize 32013-08-22 07:55 - 2013-08-22 07:55 - 00001080 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk2013-08-22 07:54 - 2013-08-22 07:54 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\GlarySoft2013-08-22 07:47 - 2013-08-22 07:47 - 16136496 _____ C:\Users\Gabe\Downloads\gu3setup.exe2013-08-22 06:52 - 2013-08-22 06:52 - 04042444 _____ (e-merge GmbH) C:\Users\Gabe\Downloads\wace269i.exe2013-08-22 06:52 - 2013-08-22 06:52 - 00000951 _____ C:\Users\Public\Desktop\WinAce Archiver.lnk2013-08-22 06:49 - 2013-08-22 06:49 - 00862521 _____ C:\Users\Gabe\Downloads\videosnarf-0.63.tar.gz2013-08-22 04:44 - 2013-08-22 04:44 - 00582605 _____ C:\Users\Gabe\Downloads\Winamp_Essentials_6_7_8_9_10_11_12_13_14.exe2013-08-22 04:44 - 2013-08-09 03:48 - 00000000 ____D C:\Program Files (x86)\Winamp2013-08-21 01:47 - 2013-08-21 01:47 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Apple Computer2013-08-20 15:11 - 2013-08-20 15:04 - 00000000 ____D C:\Users\Gabe\Documents\Audio from Tim Mcgraw Burglary2013-08-20 15:09 - 2013-08-20 15:09 - 00502848 _____ (NCH Software) C:\Users\Gabe\Downloads\switchsetup.exe2013-08-20 14:56 - 2013-08-20 14:53 - 470418208 _____ C:\Users\Gabe\Downloads\PowerDirector_3026_GM6_Trial_Trial_VDE130619-02.exe2013-08-20 14:45 - 2013-08-20 14:45 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe2013-08-20 14:18 - 2013-08-20 14:18 - 00979928 _____ (CyberLink) C:\Users\Gabe\Downloads\CyberLink_PowerDirector_Downloader.exe2013-08-20 13:22 - 2013-08-20 13:22 - 00000000 ____D C:\Users\Gabe\Documents\CyberLink2013-08-20 13:20 - 2013-08-20 13:20 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\CyberLink2013-08-20 13:14 - 2013-08-20 13:14 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk2013-08-20 12:37 - 2013-08-20 12:35 - 00838896 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp4.sfk2013-08-20 12:37 - 2013-08-20 12:32 - 00886196 _____ C:\Users\Gabe\Downloads\10aug1921.mp4.sfk2013-08-20 12:29 - 2013-08-07 17:33 - 00000000 ____D C:\Users\Gabe\AppData\Local\Sony2013-08-20 12:18 - 2013-08-20 12:17 - 52289079 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 1 of 2).mp42013-08-20 12:18 - 2013-08-20 12:17 - 31723429 _____ C:\Users\Gabe\Downloads\BR13AUG1240 (Part 2 of 2).mp42013-08-20 10:41 - 2013-08-13 01:44 - 00000000 ____D C:\Program Files (x86)\Yahoo!2013-08-20 10:40 - 2013-08-03 04:44 - 00000000 ____D C:\Program Files\Common Files\Sony Shared2013-08-20 07:46 - 2013-08-18 07:05 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Process Hacker 22013-08-20 07:11 - 2013-08-19 17:40 - 00000032 _____ C:\Users\Gabe\AppData\Roaming\mbam.context.scan2013-08-20 07:02 - 2013-08-20 07:02 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys2013-08-20 07:02 - 2013-08-20 07:02 - 00103576 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys2013-08-20 02:21 - 2013-08-22 07:55 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2013-08-20 02:08 - 2013-08-20 02:05 - 43723137 _____ C:\Users\Gabe\Downloads\LR13AUG0515.mp42013-08-20 02:05 - 2013-08-20 01:58 - 44618151 _____ C:\Users\Gabe\Downloads\LR13AUG0420.mp42013-08-20 02:05 - 2013-08-20 01:56 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0325.mp42013-08-20 02:02 - 2013-08-20 01:52 - 75121062 _____ C:\Users\Gabe\Downloads\LR13AUG0330.mp42013-08-20 01:58 - 2013-08-20 01:51 - 57036111 _____ C:\Users\Gabe\Downloads\LR13AUG0235.mp42013-08-20 01:49 - 2013-08-20 01:42 - 90665926 _____ C:\Users\Gabe\Downloads\LR13AUG0146.mp42013-08-20 01:37 - 2013-08-20 01:35 - 28597549 _____ C:\Users\Gabe\Downloads\BR13AUG0132 (Part 1 of 2).mp42013-08-20 01:35 - 2013-08-20 01:35 - 00000000 _____ C:\Users\Gabe\Downloads\BR13AUG1332 (Part 2 of 2).mp42013-08-19 13:50 - 2013-08-19 13:50 - 00685123 _____ C:\Users\Gabe\Downloads\CC.3gp2013-08-19 13:49 - 2013-08-19 13:49 - 00650639 _____ C:\Users\Gabe\Downloads\DAD.3gp2013-08-19 13:47 - 2013-08-19 13:47 - 01457652 _____ (Repair Video, Inc. ) C:\Users\Gabe\Desktop\asf_avi_rm_wmv_repair.exe2013-08-18 23:44 - 2013-08-18 23:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-08-18 23:44 - 2013-08-18 23:44 - 00000291 _____ C:\AdwCleaner[s2].txt2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Users\Gabe\AppData\Roaming\Malwarebytes2013-08-18 23:44 - 2013-08-18 23:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-18 23:44 - 2013-08-18 23:43 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabe\Downloads\mbam-setup-1.75.0.1300.exe2013-08-18 10:46 - 2013-08-18 10:45 - 52273262 _____ C:\Users\Gabe\Downloads\10aug2155.mp42013-08-18 10:45 - 2013-08-18 10:45 - 05730942 _____ C:\Users\Gabe\Downloads\item.mp42013-08-18 07:11 - 2013-08-18 07:11 - 00002006 _____ C:\AdwCleaner[s1].txt2013-08-18 07:09 - 2013-08-18 07:09 - 00891115 _____ C:\Users\Gabe\Downloads\SecurityCheck.exe2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB4C8.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAPB080.tmp2013-08-18 07:07 - 2013-08-18 07:07 - 00000000 _____ C:\Windows\SysWOW64\FAP79BE.tmp2013-08-18 07:03 - 2013-08-18 07:03 - 00001841 _____ C:\Users\Gabe\Desktop\Process Hacker 2.lnk2013-08-18 07:03 - 2013-08-18 07:03 - 00000000 ____D C:\Program Files\Process Hacker 22013-08-17 23:04 - 2013-08-17 22:56 - 96836088 _____ C:\Users\Gabe\Downloads\10aug2004.avi2013-08-17 22:55 - 2013-08-17 22:55 - 00894600 _____ (CNET Download.com) C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe2013-08-17 22:52 - 2013-08-17 22:52 - 00001007 _____ C:\Users\Gabe\Desktop\Audacity.lnk2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Audacity2013-08-17 22:52 - 2013-08-17 22:51 - 21281052 _____ (Audacity Team ) C:\Users\Gabe\Downloads\audacity-win-2.0.3.exe2013-08-17 22:50 - 2013-08-17 22:50 - 01856092 _____ (wj32 ) C:\Users\Gabe\Downloads\processhacker-2.31-setup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 01618718 _____ (UpsideOut, Inc. ) C:\Users\Gabe\Downloads\ProxifySetup.exe2013-08-17 20:15 - 2013-08-17 20:15 - 00001199 _____ C:\Users\Public\Desktop\Proxify Tray Application.lnk2013-08-17 20:15 - 2013-08-17 20:15 - 00000000 ____D C:\Program Files (x86)\Proxify Tray Application2013-08-17 19:37 - 2013-08-17 19:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2013-08-17 15:14 - 2013-08-17 15:13 - 68162708 _____ C:\Users\Gabe\Downloads\10aug2133.mp42013-08-17 15:13 - 2013-08-17 15:13 - 68174687 _____ C:\Users\Gabe\Downloads\10aug1921.mp42013-08-17 15:13 - 2013-08-17 15:12 - 52554458 _____ C:\Users\Gabe\Downloads\10aug2112.mp42013-08-17 15:09 - 2013-08-17 15:08 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20041.mp42013-08-17 15:08 - 2013-08-17 15:07 - 47703588 _____ C:\Users\Gabe\Downloads\10aug2006.mp42013-08-17 15:07 - 2013-08-17 15:06 - 68020484 _____ C:\Users\Gabe\Downloads\10aug2004.mp42013-08-17 14:15 - 2013-08-17 14:15 - 68020484 _____ C:\Users\Gabe\Downloads\22222.mp42013-08-17 14:14 - 2013-08-17 14:14 - 47703588 _____ C:\Users\Gabe\Downloads\10Augbedroom.mp42013-08-17 14:11 - 2013-08-17 14:11 - 68020484 _____ C:\Users\Gabe\Downloads\My New Clipjjj.mp42013-08-17 13:58 - 2013-08-17 13:57 - 68020484 _____ C:\Users\Gabe\Downloads\10aug20101.mp42013-08-17 13:56 - 2013-08-17 13:56 - 35517108 _____ C:\Users\Gabe\Downloads\19aug7pm.mp42013-08-17 06:46 - 2013-08-17 06:46 - 08163216 _____ C:\Users\Gabe\Downloads\12AUG2149.mp42013-08-17 06:45 - 2013-08-17 06:45 - 07722827 _____ C:\Users\Gabe\Downloads\15AUG1717.mp42013-08-17 06:45 - 2013-08-17 06:44 - 144556875 _____ C:\Users\Gabe\Downloads\7AUG1133.mp42013-08-17 06:43 - 2013-08-17 06:43 - 10074467 _____ C:\Users\Gabe\Downloads\7AUG1852.mp42013-08-17 06:42 - 2013-08-17 06:42 - 07572170 _____ C:\Users\Gabe\Downloads\3AUG.mp42013-08-17 06:37 - 2013-08-17 06:36 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010(2).mp42013-08-17 06:36 - 2013-08-17 06:35 - 57246322 _____ C:\Users\Gabe\Downloads\10AUG2010.mp42013-08-17 06:35 - 2013-08-17 06:35 - 06246836 _____ C:\Users\Gabe\Downloads\12AUG0615.mp42013-08-17 06:35 - 2013-08-17 06:33 - 57246322 _____ C:\Users\Gabe\Downloads\46.mp42013-08-17 06:34 - 2013-08-17 06:34 - 08811349 _____ C:\Users\Gabe\Downloads\10AUG1923.mp42013-08-17 05:45 - 2013-08-17 05:45 - 24192489 _____ C:\Users\Gabe\Downloads\45.mp42013-08-17 05:37 - 2013-08-17 05:37 - 08811349 _____ C:\Users\Gabe\Downloads\44.mp42013-08-17 03:38 - 2013-08-03 04:46 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-08-17 03:38 - 2013-08-03 04:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-08-17 01:37 - 2013-08-17 01:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-08-15 17:26 - 2013-08-15 17:25 - 07722827 _____ C:\Users\Gabe\Downloads\3333.mp42013-08-15 10:49 - 2013-08-15 10:49 - 00567391 _____ C:\Users\Gabe\Documents\334.3gp2013-08-15 01:38 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF2013-08-14 23:02 - 2013-08-14 23:02 - 08163216 _____ C:\Users\Gabe\Downloads\My Ne.mp42013-08-13 10:30 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Epic (2013)2013-08-13 03:17 - 2013-08-13 03:16 - 144556875 _____ C:\Users\Gabe\Downloads\22.mp42013-08-13 01:45 - 2013-08-13 01:45 - 00001137 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk2013-08-13 01:44 - 2013-08-13 01:44 - 00442040 _____ (Yahoo! Inc.) C:\Users\Gabe\Downloads\msgr11us.exe2013-08-13 00:51 - 2013-08-13 00:47 - 00000000 ____D C:\Users\Gabe\Downloads\Superman.Man.of.Steel.2013.720p.R6.LiNE.x264.AAC-DiGiTAL2013-08-13 00:47 - 2013-08-13 00:46 - 00000000 ____D C:\Users\Gabe\Downloads\Oblivion (2013) [1080p]2013-08-12 16:10 - 2013-08-12 16:10 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys2013-08-12 16:07 - 2013-09-10 08:03 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-12 13:26 - 2013-08-12 13:25 - 06246836 _____ C:\Users\Gabe\Downloads\My New Clip(2).mp42013-08-12 06:41 - 2013-08-12 06:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.WdfFiles to move or delete:====================C:\Users\Gabe\AppData\Local\Temp\fp_pl_pfs_installer.exeC:\Users\Gabe\AppData\Local\Temp\GLFAF29.EXEC:\Users\Gabe\AppData\Local\Temp\GLFC820.EXEC:\Users\Gabe\AppData\Local\Temp\mpsetup.exeC:\Users\Gabe\AppData\Local\Temp\oi_{684560FE-6968-42F9-846C-5B6C16643EF9}.exeC:\Users\Gabe\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== BCD ================================Firmware Boot Manager---------------------identifier {fwbootmgr}displayorder {bootmgr} {03119580-fc2b-11e2-be6a-806e6f6e6963} {03119581-fc2b-11e2-be6a-806e6f6e6963} {03119582-fc2b-11e2-be6a-806e6f6e6963}timeout 0Windows Boot Manager--------------------identifier {bootmgr}device partition=\Device\HarddiskVolume3path \EFI\Microsoft\Boot\bootmgfw.efidescription Windows Boot Managerlocale en-USinherit {globalsettings}default {current}resumeobject {5a330576-fc33-11e2-8cfc-b6b95feeff5b}displayorder {current}toolsdisplayorder {memdiag}timeout 30Firmware Application (101fffff)-------------------------------identifier {03119580-fc2b-11e2-be6a-806e6f6e6963}description EFI USB DeviceFirmware Application (101fffff)-------------------------------identifier {03119581-fc2b-11e2-be6a-806e6f6e6963}description EFI DVD/CDROMFirmware Application (101fffff)-------------------------------identifier {03119582-fc2b-11e2-be6a-806e6f6e6963}description EFI NetworkWindows Boot Loader-------------------identifier {current}device partition=C:path \Windows\system32\winload.efidescription Windows 8locale en-USinherit {bootloadersettings}recoverysequence {5a330578-fc33-11e2-8cfc-b6b95feeff5b}recoveryenabled Yesisolatedcontext Yesallowedinmemorysettings 0x15000075osdevice partition=C:systemroot \Windowsresumeobject {5a330576-fc33-11e2-8cfc-b6b95feeff5b}nx OptInbootmenupolicy StandardWindows Boot Loader-------------------identifier {5a330578-fc33-11e2-8cfc-b6b95feeff5b}device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{5a330579-fc33-11e2-8cfc-b6b95feeff5b}path \windows\system32\winload.efidescription Windows Recovery Environmentlocale en-usinherit {bootloadersettings}displaymessage Recoverydisplaymessageoverride Recoveryosdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{5a330579-fc33-11e2-8cfc-b6b95feeff5b}systemroot \windowsnx OptInbootmenupolicy Standardwinpe YesResume from Hibernate---------------------identifier {5a330576-fc33-11e2-8cfc-b6b95feeff5b}device partition=C:path \Windows\system32\winresume.efidescription Windows Resume Applicationlocale en-USinherit {resumeloadersettings}recoverysequence {5a330578-fc33-11e2-8cfc-b6b95feeff5b}recoveryenabled Yesisolatedcontext Yesallowedinmemorysettings 0x15000075filedevice partition=C:filepath \hiberfil.sysbootmenupolicy Standarddebugoptionenabled NoWindows Memory Tester---------------------identifier {memdiag}device partition=\Device\HarddiskVolume3path \EFI\Microsoft\Boot\memtest.efidescription Windows Memory Diagnosticlocale en-USinherit {globalsettings}badmemoryaccess YesEMS Settings------------identifier {emssettings}bootems NoDebugger Settings-----------------identifier {dbgsettings}debugtype Serialdebugport 1baudrate 115200RAM Defects-----------identifier {badmemory}Global Settings---------------identifier {globalsettings}inherit {dbgsettings} {emssettings} {badmemory}Boot Loader Settings--------------------identifier {bootloadersettings}inherit {globalsettings} {hypervisorsettings}Hypervisor Settings-------------------identifier {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200Resume Loader Settings----------------------identifier {resumeloadersettings}inherit {globalsettings}Device options--------------identifier {5a330579-fc33-11e2-8cfc-b6b95feeff5b}description Windows Recoveryramdisksdidevice partition=\Device\HarddiskVolume2ramdisksdipath \Recovery\WindowsRE\boot.sdiLastRegBack: 2013-09-09 03:00==================== End Of Log ============================ Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728302 Share Posted September 11, 2013 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013Ran by Gabe at 2013-09-11 02:03:27Running from C:\Users\Gabe\DesktopBoot Mode: Normal============================================================================== Installed Programs =======================Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)Adobe Reader XI (11.0.03) MUI (x32 Version: 11.0.03)AntiLogger (x32 Version: 1.9.3.502)AntiLogger (x32)Apple Application Support (x32 Version: 2.1.7)Audacity 2.0.3 (x32 Version: 2.0.3)ERUNT 1.1j (x32)ESET NOD32 Antivirus (Version: 6.0.316.0)ESET Online Scanner v3 (x32)Glary Utilities 3.9 (x32 Version: 3.9.0.137)Harmony Browser Plug-in (x32 Version: 2.0)Hotspot Shield 3.13 (x32 Version: 3.13)Intel® Management Engine Components (x32 Version: 8.1.0.1281)Intel® Processor Graphics (x32 Version: 9.17.10.2963)Intel® PROSet/Wireless NFC Software (Version: 1.1.1.002)Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)Intel® Trusted Connect Service Client (Version: 1.24.738.1)KeyCrypt SDK version 1.6.1.246 (x32 Version: 1.6.1.246)Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)Microsoft Office (x32 Version: 15.0.4454.1510)Microsoft Report Viewer Redistributable 2005 (x32 Version: 8.0.50727.42)Microsoft Report Viewer Redistributable 2005 (x32)Microsoft Silverlight (Version: 5.1.20125.0)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)Movie Studio Platinum 12.0 (64-bit) (Version: 12.0.756)Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)MSVCRT Redists (Version: 1.0)Networkx64 (Version: 1.0.0)NVIDIA Control Panel 311.46 (Version: 311.46)NVIDIA Graphics Driver 311.46 (Version: 311.46)NVIDIA Install Application (Version: 2.1002.109.706)NVIDIA Optimus 1.11.3 (Version: 1.11.3)NVIDIA PhysX (x32 Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Update Components (Version: 1.11.3)PlayMemories Home (x32 Version: 7.0.02.14060)Process Hacker 2.31 (r5355) (Version: 2.31.0.5355)Proxify Tray Application version 1.0.8.0 (x32 Version: 1.0.8.0)QuickTime (x32 Version: 7.72.80.56)Realtek Ethernet Controller Driver (x32 Version: 8.10.1226.2012)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6895)Realtek PCIE Card Reader (x32 Version: 6.2.9200.28135)Shared C Run-time for x64 (Version: 10.0.0)Synaptics Pointing Device Driver (Version: 16.4.0.1)The KMPlayer (remove only) (x32 Version: 3.6.0.87)VAIO Movie Creator (x32 Version: 4.1.01.15140)Who Is On My Wifi version 2.1.7 (x32 Version: 2.1.7)WinAce Archiver (x32 Version: 2.69)Winamp (x32 Version: 5.65 )Winamp Detector Plug-in (HKCU Version: 1.0.0.1)Winamp Essentials Pack (x32 Version: v5.64)Yahoo! Messenger (x32)Yahoo! Toolbar (x32)==================== Restore Points =========================23-08-2013 04:40:49 Removed VAIO First Logon Setup Tool04-09-2013 05:55:15 Scheduled Checkpoint08-09-2013 14:17:26 Removed VAIO Easy Connect.11-09-2013 03:45:44 Malwarebytes Anti-Rootkit Restore Point==================== Hosts content: ==========================2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 CriticalTask: {1512017D-D898-4D3A-AAD6-BA5ADA05B6BC} - System32\Tasks\VaioRegistrationDesktopTask => C:\Program Files\Sony\VAIO Registration\Sony.VAIO.Desktop.RegistrationTask.exe [2012-08-09] (Sony)Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandlerTask: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-03] (Microsoft Corporation)Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEventsTask: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenanceTask: {22A6F687-35EF-443E-B1BF-8EE7D9B943AF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstallTask: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group PolicyTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-19] (Microsoft Corporation)Task: {24DB440A-2AA6-4B5A-AAC9-080DFDE57700} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanupTask: {263BFA26-C253-4887-B4D5-EFED40F334D1} - System32\Tasks\GlaryInitialize 3 => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe [2013-08-20] (Glarysoft Ltd)Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata RefreshTask: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-TasksTask: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge UpdateTask: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance ConfiguratorTask: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTaskTask: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystemTask: {3D5AAA45-F954-4E6A-984D-2181BED5C309} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3684579750-837988229-3943600733-1002Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-MaintenanceTask: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorageTask: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogonTask: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual MaintenanceTask: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot RequiredTask: {61B0D0DE-0EB4-4EDA-A894-A85CF2B01B12} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstallTask: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-19] (Microsoft Corporation)Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-UpdateTask: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular MaintenanceTask: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle MaintenanceTask: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync LicensesTask: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTimeTask: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnosticTask: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-19] (Microsoft Corporation)Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTaskTask: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTaskTask: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTaskTask: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScanTask: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecificTask: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity ScanTask: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data senderTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-25] (Microsoft Corporation)Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetworkTask: {D6A7F05B-63D4-4253-B241-5BDCCA176EC7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauservTask: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 CriticalTask: {DD092B2B-9EE8-4A98-A22C-F1880DB0DF95} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnectTask: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash RecoveryTask: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskTask: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-19] (Microsoft Corporation)Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_startedTask: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-25] (Microsoft Corporation)Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQMTask: {F517077F-AA0A-4CDA-B0D5-B992ADAA4F14} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-13] (Synaptics Incorporated)Task: C:\Windows\Tasks\GlaryInitialize 3.job => C:\Program Files (x86)\Glary Utilities 3\Initialize.exe==================== Loaded Modules (whitelisted) =============2013-03-14 14:11 - 2013-03-13 21:33 - 01049840 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll2013-03-14 14:11 - 2013-03-13 21:38 - 00254704 _____ (Synaptics Incorporated) C:\Windows\SYSTEM32\SynTPAPI.dll2013-08-03 04:40 - 2013-05-02 19:45 - 01107440 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvumdshimx.dll2013-08-03 04:40 - 2013-05-02 19:43 - 00245872 _____ (NVIDIA Corporation) C:\Windows\SYSTEM32\nvinitx.dll2013-03-11 15:49 - 2013-03-08 00:04 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2013-08-03 04:36 - 2013-05-06 18:13 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll2013-08-03 04:36 - 2013-05-06 18:13 - 03693640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll2013-03-14 12:21 - 2013-03-13 20:33 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc2013-03-14 12:21 - 2013-03-13 20:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00123776 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ToastNotify.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00254080 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00691288 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00355008 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00123752 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll2013-03-21 15:19 - 2013-03-21 15:19 - 00119144 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01653320 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll2013-03-21 15:20 - 2013-03-21 15:20 - 01010624 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll2013-03-21 15:20 - 2013-03-21 15:20 - 00111416 _____ (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll2013-08-20 02:19 - 2013-08-20 02:19 - 00037664 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Languages.dll2013-08-20 02:18 - 2013-08-20 02:18 - 00020256 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\BootTime.dll2013-08-20 02:19 - 2013-08-20 02:19 - 00827168 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\LockDll.dll2013-08-20 02:18 - 2013-08-20 02:18 - 00493344 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\CheckUpdate.dll2013-08-20 02:20 - 2013-08-20 02:20 - 00178464 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\settings.dll2013-08-20 02:20 - 2013-08-20 02:20 - 00194848 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\RestoreCenter.dll2013-08-20 02:21 - 2013-08-20 02:21 - 00255776 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\TracksEraser.dll2013-08-20 02:21 - 2013-08-20 02:21 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 3\zlib1.dll2013-08-20 02:18 - 2013-08-20 02:18 - 00068384 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Backup.dll2013-08-20 02:19 - 2013-08-20 02:19 - 00097568 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\Log.dll2013-08-20 02:20 - 2013-08-20 02:20 - 00067360 _____ (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 3\ObjectAdmin.dll2013-09-10 07:08 - 2012-06-27 07:18 - 00839680 _____ () C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\System.Data.SQLite.dll2012-07-26 01:14 - 2013-06-27 15:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx2013-09-10 07:08 - 2009-05-04 14:22 - 00151040 _____ (http://sharppcap.sf.net) C:\Program Files (x86)\IO3O LLC\Who Is On My Wifi\SharpPcap.dll2013-08-17 01:37 - 2013-08-17 01:37 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) ============================== Faulty Device Manager Devices =============Name: Bluetooth Device (RFCOMM Protocol TDI)Description: Bluetooth Device (RFCOMM Protocol TDI)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RFCOMMProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.==================== Event log errors: =========================Application errors:==================Error: (09/11/2013 01:37:20 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.Error: (09/11/2013 01:37:20 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.Error: (09/11/2013 01:07:06 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.Error: (09/11/2013 01:07:06 AM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)Description: 1Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent) (User: NT AUTHORITY)Description: 0x7eThe specified module could not be found.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service) (User: SysAdmin)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.Error: (09/10/2013 10:12:26 PM) (Source: EventSystem) (User: )Description: 800706e5EventSystem.EventSubscription{D2D9D1BD-A036-4BCF-8DA7-ED916C08B2F6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ExplorerError: (09/10/2013 09:23:31 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.System errors:=============Error: (09/11/2013 01:37:20 AM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%2Error: (09/11/2013 01:07:07 AM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error:%%2Error: (09/10/2013 10:47:26 PM) (Source: Service Control Manager) (User: )Description: The Process creation detector. service failed to start due to the following error:%%1275Error: (09/10/2013 10:47:26 PM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\Glary Utilities 3\ProcObsrv.sysError: (09/10/2013 10:45:48 PM) (Source: Service Control Manager) (User: )Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (09/10/2013 10:23:01 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRA~2\MCAFEE\SITEAD~1\SAUI.EXEError: (09/10/2013 10:23:01 PM) (Source: mbamchameleon) (User: )Description: \??\c:\PROGRA~2\mcafee\SITEAD~1\saui.exeError: (09/10/2013 10:19:11 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRAM FILES\COMMON FILES\MCAFEE\CORE\MCHOST.EXEError: (09/10/2013 10:19:11 PM) (Source: mbamchameleon) (User: )Description: \??\C:\Program Files\Common Files\McAfee\Core\mchost.exeError: (09/10/2013 10:17:24 PM) (Source: mbamchameleon) (User: )Description: \Device\HarddiskVolume5\PROGRAM FILES\COMMON FILES\MCAFEE\CORE\MCHOST.EXEMicrosoft Office Sessions:=========================Error: (09/11/2013 01:37:20 AM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/11/2013 01:37:20 AM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/11/2013 01:07:06 AM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/11/2013 01:07:06 AM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)Description: 1Error: (09/10/2013 10:48:46 PM) (Source: McLogEvent)(User: NT AUTHORITY)Description: 0x7eThe specified module could not be found.Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/10/2013 10:16:55 PM) (Source: Microsoft-Windows-User Profiles Service)(User: SysAdmin)Description:Error: (09/10/2013 10:12:26 PM) (Source: EventSystem)(User: )Description: 800706e5EventSystem.EventSubscription{D2D9D1BD-A036-4BCF-8DA7-ED916C08B2F6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ExplorerError: (09/10/2013 09:23:31 PM) (Source: SideBySide)(User: )Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Gabe\Desktop\esetsmartinstaller_enu.exeCodeIntegrity Errors:=================================== Date: 2013-09-10 22:47:26.632 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-10 19:36:25.786 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-08 16:29:56.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-08 07:16:03.419 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-22 21:38:41.484 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files (x86)\Glary Utilities 3\ProcObsrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 14%Total physical RAM: 12166.8 MBAvailable physical RAM: 10373.82 MBTotal Pagefile: 13062.8 MBAvailable Pagefile: 11153.14 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: () (Fixed) (Total:899.57 GB) (Free:477.06 GB) NTFSDrive d: (OFFICE14) (CDROM) (Total:2.35 GB) (Free:0 GB) UDF==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 6AD751D9)Partition: GPT Partition Type==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728304 Share Posted September 11, 2013 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and save the new version, do not run it from your browser, quite your browser and run the saved version. fixlist.txt Link to post Share on other sites More sharing options...
DesertDogg Posted September 11, 2013 Author ID:728364 Share Posted September 11, 2013 Done, here is the log. How does it look? Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013Ran by Gabe at 2013-09-11 06:13:53 Run:1Running from C:\Users\Gabe\DesktopBoot Mode: Normal==============================================Content of fixlist:*****************BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle CorporatioBHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)C:\Users\Gabe\AppData\Local\Temp\0222411378878482mcinst.exeC:\Users\Gabe\AppData\Local\Temp\022241~1.EXEC:\Users\Gabe\AppData\Local\Temp\dlm5D8C.tmp\AdvancedScantoPDFFree.exeC:\Users\Gabe\AppData\Local\Temp\fp_pl_pfs_installer.exeC:\Users\Gabe\AppData\Local\Temp\GLFAF29.EXEC:\Users\Gabe\AppData\Local\Temp\GLFC820.EXEC:\Users\Gabe\AppData\Local\Temp\mpsetup.exeC:\Users\Gabe\AppData\Local\Temp\oi_{684560FE-6968-42F9-846C-5B6C16643EF9}.exeC:\Users\Gabe\AppData\Local\Temp\Quarantine.exeC:\Users\Gabe\Downloads\cbsidlm-cbsi127-KMPlayer-SEO-10659939.exeC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exeC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exeC:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exeC:\Users\Gabe\Downloads\cbsidlm-tr1_14-3GP_Player-SEO-10881638.exeC:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exeC:\Users\Gabe\Downloads\KMPlayer_3.6.0.87.exeFF Extension: No Name - C:\Program Files\McAfee\MSKFF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\...\Policies\Explorer: [NoActiveDesktop] 1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankMountPoints2: {03119575-fc2b-11e2-be6a-806e6f6e6963} - "D:\SETUP.EXE"ProxyServer: 127.0.0.1:48627S2 0222411378878482mcinstcleanup; C:\Users\Gabe\AppData\Local\Temp\022241~1.EXE [834664 2013-07-30] (McAfee, Inc.)S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [x]S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]SearchScopes: HKCU - {4372E590-7695-4EC2-97A9-962BD3B31DC6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASAJSSearchScopes: HKLM - DefaultScope value is missing.*****************HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully."C:\Users\Gabe\AppData\Local\Temp\0222411378878482mcinst.exe" => File/Directory not found."C:\Users\Gabe\AppData\Local\Temp\022241~1.EXE" => File/Directory not found.C:\Users\Gabe\AppData\Local\Temp\dlm5D8C.tmp\AdvancedScantoPDFFree.exe => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\GLFAF29.EXE => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\GLFC820.EXE => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\mpsetup.exe => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\oi_{684560FE-6968-42F9-846C-5B6C16643EF9}.exe => Moved successfully.C:\Users\Gabe\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-cbsi127-KMPlayer-SEO-10659939.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Advanced_Scan_to_PDF_Free-SEO-75738710.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Download_App-BP-75864009.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-cbsi134-Pazera_Free_MP4_to_AVI_Converter-SEO-10784027.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-tr1_14-3GP_Player-SEO-10881638.exe => Moved successfully.C:\Users\Gabe\Downloads\cbsidlm-tr1_14-JGSScan-ORG-10267419.exe => Moved successfully.C:\Users\Gabe\Downloads\KMPlayer_3.6.0.87.exe => Moved successfully.C:\Program Files\McAfee\MSK not found.HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully.C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully.HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key not found.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2 => Key deleted successfully.C:\Windows\system32\npDeployJava1.dll => Moved successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoActiveDesktop => Value deleted successfully.HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03119575-fc2b-11e2-be6a-806e6f6e6963} => Key deleted successfully.HKCR\CLSID\{03119575-fc2b-11e2-be6a-806e6f6e6963} => Key not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.0222411378878482mcinstcleanup => Service not found.mfevtp => Service not found.mfefire => Service not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4372E590-7695-4EC2-97A9-962BD3B31DC6} => Key deleted successfully.HKCR\CLSID\{4372E590-7695-4EC2-97A9-962BD3B31DC6} => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 11, 2013 Root Admin ID:728654 Share Posted September 11, 2013 How is the computer running now? Are there still any signs of an infection? Please download Security Check from here or here.Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Link to post Share on other sites More sharing options...
DesertDogg Posted September 12, 2013 Author ID:729158 Share Posted September 12, 2013 Results of screen317's Security Check version 0.99.73 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox (23.0.1)````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: %````````````````````End of Log`````````````````````` Thanks, sorry for the delay. It seems to be ok but when I rebooted the cpu tried to do a boot defragment or something from glary utilities thaty I didnt initiate. Not sure how to read this report. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 13, 2013 Root Admin ID:729207 Share Posted September 13, 2013 It shows that everything is okay and up to date for a few basic common plugins and security software. You may need to reinstall Glary but personally I'd recommend trying to do maintenance with the built-in tools in most cases. For sure don't use any Registry Cleaning tools. Do I need a Windows Registry Cleaner? At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know.Let's go ahead and remove the tools and logs we've used during this process.Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.They are often updated daily so if you went to use them again in the future they would be outdated anyways.The following procedures will implement some cleanup procedures to remove these tools.It will also reset your System Restore by flushing out previous restore points and create a new restore point.It will also remove all the backups our tools may have created.Uninstall ComboFix (if used):Turn off all active protection software including your antivirus. Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button) Please copy and past the following into the box ComboFix /Uninstall and click OK. Note the space between the X and the /Uninstall, it needs to be there.Remove the rest of the tools used:Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not go ahead and delete it by yourself. If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.AdwCleaner Removal:Double click on AdwCleaner.exe to run the tool. Click on Uninstall Confirm with YesESET antivirus Removal:This tool can be uninstalled via the Control Panel, Programs, UninstallIf there are any other left over Folders, Files, Logs then you can delete them on your own.Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8Remove all but the most recent Restore Point on Windows XPAs Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable JavaA lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Recommended Posts