Infection with BitCoin Miner

SillyClicker · October 5, 2013

Clicked something stupidly, got Windows\Time BitCoin miner infection.

I can't post dds.txt or attach.txt as they're too long to fit into the post. Please find attached.

Thanks!

dds.txt

attach.txt

MrCharlie · October 5, 2013

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

SillyClicker · October 5, 2013

RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Adam [Admin rights]

Mode : Scan -- Date : 10/05/2013 17:17:18

| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] Time-svc.exe -- C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [-] -> KILLED [TermProc]

[sUSP PATH] WindowsTime.exe -- C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe [-] -> KILLED [TermProc]

[sUSP PATH] TimeServer.exe -- C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe [-] -> KILLED [TermProc]

[sUSP PATH] cgminer.exe -- C:\Users\Adam\AppData\Roaming\miner\cgminer.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 15 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : miner ("C:\Users\Adam\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Adam\AppData\Roaming\miner\start.bat" [-][-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2347419715-266202084-3160654399-1000\[...]\Run : miner ("C:\Users\Adam\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Adam\AppData\Roaming\miner\start.bat" [-][-]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[EXT RUN][sUSP PATH] HKCU\Adam_ON_H:\[...]\Run : gmote (C:\Users\Adam\AppData\Local\Temp\Rar$EX00.830\gmote.exe [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\Users\Adam\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND]

-> H:\Users\Default\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\Adam\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

-> H:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

192.168.1.41 ubuntuweb

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDP725050GLA360 +++++

--- User ---

[MBR] 00679582b4bc278212ad6832d98bb33c

[bSP] 2be1cf2470448f251cbf3805e5d3f7e1 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 94719 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 193984875 | Size: 382218 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - Hitachi HDS5C1010CLA382 +++++

--- User ---

[MBR] 4169fa3f354f3ba72d9ca753750258ef

[bSP] 3aa773d853c84204974482a44325c4e8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) (Standard disk drives) - OCZ-AGILITY3 +++++

--- User ---

[MBR] a78560df2969e942ed8afcfabf9ddfd0

[bSP] 62d8b417d56521d3fe7f282a99fd388e : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ SCSI) (Standard disk drives) - Maxtor 6 L200M0 SCSI Disk Device +++++

--- User ---

[MBR] 38ba55c8fe1af184f7d6ed20606ddc93

[bSP] 21dad06da336f6e799b6383867279c99 : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[0]_S_10052013_171718.txt >>

Thanks, sorry for multiposting!

MrCharlie · October 5, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

SillyClicker · October 5, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Adam (administrator) on ADAM-PC on 05-10-2013 17:26:03

Running from C:\Users\Adam\Desktop

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe

(Microsoft Corporation) C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

() C:\Program Files\Synergy\synergyd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\vVX3000.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

(Spotify Ltd) C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

(Razer USA Ltd.) C:\Program Files (x86)\n52te\n52teHid.exe

(Creative Technology Ltd.) C:\Windows\V0700Mon.exe

(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe

(Google) C:\Users\Adam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe

() C:\Program Files\Sublime Text 2\sublime_text.exe

(SRWare) C:\Program Files (x86)\SRWare Iron\iron.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [PC Monitor Operations] - C:\Program Files (x86)\PC Monitor\pcmontask.exe [122688 2012-04-04] (MMSOFT Design Ltd.)

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-24] (Logitech Inc.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)

HKLM\...\Run: [Cm108Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-07-18] (Microsoft Corporation)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKCU\...\Run: [DisplayFusion] - C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [1275624 2011-06-21] (Binary Fortress Software)

HKCU\...\Run: [Google Update] - C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-27] (Google Inc.)

HKCU\...\Run: [Facebook Update] - C:\Users\Adam\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)

HKCU\...\Run: [steam] - K:\Games\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation)

HKCU\...\Run: [F.lux] - C:\Users\Adam\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()

HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Adam\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-03] (Spotify Ltd)

HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)

HKCU\...\Run: [miner] - "C:\Users\Adam\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Adam\AppData\Roaming\miner\start.bat"

MountPoints2: {3430f4ae-0d25-11e1-bb4c-bcaec54d89f7} - G:\INSTALL.EXE

MountPoints2: {62e742c7-9111-11e1-9cb0-bcaec54d89f7} - G:\Setup.exe

MountPoints2: {b56ab58b-c440-11e2-bcc3-bcaec54d89f7} - G:\setup.exe

HKLM-x32\...\Run: [Jomantha] - C:\Program Files (x86)\n52te\n52teHid.exe [159744 2008-06-13] (Razer USA Ltd.)

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation)

HKLM-x32\...\Run: [V0700Mon.exe] - C:\Windows\V0700Mon.exe [28672 2010-08-17] (Creative Technology Ltd.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nppp.ahk - Shortcut.lnk

ShortcutTarget: nppp.ahk - Shortcut.lnk -> C:\Users\Adam\Dropbox\Scripts\nppp.ahk (No File)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk

ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk

ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x69FB2F862219CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 192.168.1.41 ubuntuweb

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5FA91867-B82F-41E7-B910-CAF54A55D45C}: [NameServer]208.67.222.222 208.67.220.220

FireFox:

========

FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File

FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File

FF Plugin-x32: @esn/esnlaunch,version=1.116.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @soe.sony.com/installer,version=1.0.3 - C:\Users\Adam\AppData\Local\Chromium\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.152_0\npsoe.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Adam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Adam\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Adam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF Extension: British English Dictionary - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default\Extensions\en-GB@dictionaries.addons.mozilla.org

FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default\Extensions\LogMeInClient@logmein.com

FF Extension: firebug - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default\Extensions\firebug@software.joehewitt.com.xpi

FF Extension: No Name - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook

FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook

Chrome:

=======

CHR RestoreOnStartup: "urls_to_restore_on_startup": [

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1

CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1

CHR Extension: (AdBlock) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0

CHR Extension: (FlashBlock) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0

CHR Extension: (Readability Redux) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggheggpdocamneaacmfoipeehedigia\1.3.4_0

CHR Extension: (Evernote Web Clipper) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0

CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)

R2 KinectManagement; C:\Program Files\Microsoft Kinect Drivers\Service\KinectManagementService.exe [98816 2012-09-18] (Microsoft Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-10] (LogMeIn, Inc.)

S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-10] (LogMeIn, Inc.)

S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)

S3 M4-Service; C:\Users\Adam\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [1008032 2012-06-15] ()

R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2013-07-18] (Microsoft Corporation)

S3 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-07-18] (Microsoft Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-19] ()

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)

R2 Synergy; C:\Program Files\Synergy\synergyd.exe [423424 2013-05-03] ()

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)

S2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-10-05] (Microsoft)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [x]

S2 MSCamSvc; "C:\Program Files\Microsoft LifeCam\MSCamS64.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-01] ()

R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)

R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows ® Win 7 DDK provider)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-25] (DT Soft Ltd)

S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()

S3 KinectCamera; C:\Windows\System32\Drivers\kinectcamera.sys [192512 2012-09-20] (Microsoft Corporation)

R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2011-06-20] (Logitech Inc.)

R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-01] ()

S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)

R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)

R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)

S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-30] (Duplex Secure Ltd.)

R3 V0700Vid; C:\Windows\System32\DRIVERS\V0700Vid.sys [393728 2010-10-17] (Creative Technology Ltd.)

S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106408 2012-12-19] (Oracle Corporation)

S3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows ® Codename Longhorn DDK provider)

S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

U3 ae9pv490; C:\Windows\System32\Drivers\ae9pv490.sys [0 ] (Microsoft Corporation)

S4 LMIRfsClientNP; No ImagePath

S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]

S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-05 17:25 - 2013-10-05 17:25 - 01954124 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe

2013-10-05 17:25 - 2013-10-05 17:25 - 00000000 ____D C:\FRST

2013-10-05 17:17 - 2013-10-05 17:17 - 00005914 _____ C:\Users\Adam\Desktop\RKreport[0]_S_10052013_171718.txt

2013-10-05 17:16 - 2013-10-05 17:21 - 00000000 ____D C:\Users\Adam\Desktop\RK_Quarantine

2013-10-05 17:14 - 2013-10-05 17:14 - 03980800 _____ C:\Users\Adam\Desktop\RogueKillerX64.exe

2013-10-05 16:49 - 2013-10-05 16:49 - 00034606 _____ C:\Users\Adam\Desktop\dds.txt

2013-10-05 16:49 - 2013-10-05 16:49 - 00025372 _____ C:\Users\Adam\Desktop\attach.txt

2013-10-05 16:48 - 2013-10-05 16:48 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com

2013-10-05 16:33 - 2013-10-05 16:33 - 00234010 _____ C:\Windows\SysWOW64\poclbm130302GeForce GTX 660gv1w256l4.bin

2013-10-05 11:47 - 2013-10-05 11:48 - 00000000 ____D C:\Users\Adam\AppData\Roaming\miner

2013-10-03 22:29 - 2013-10-03 22:29 - 00000000 ____D C:\terrariaserv

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fill and Cross Royal Riddles

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\8floor

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Program Files (x86)\Fill and Cross Royal Riddles

2013-09-21 11:44 - 2013-09-21 11:44 - 00000000 ____D C:\Program Files (x86)\Brackets Sprint 30

2013-09-20 17:35 - 2013-09-20 17:35 - 00000945 _____ C:\Users\Adam\Desktop\Open Broadcaster Software.lnk

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\OBS

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Program Files (x86)\OBS

2013-09-19 23:48 - 2013-09-19 23:48 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-09-19 23:46 - 2013-09-12 09:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-09-19 23:46 - 2013-09-12 09:58 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-09-19 23:46 - 2013-09-12 09:58 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-09-19 23:46 - 2013-08-20 14:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-09-19 23:46 - 2013-08-20 14:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2013-09-19 23:46 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2013-09-19 23:46 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files\iTunes

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files\iPod

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-09-19 12:44 - 2013-09-19 12:44 - 00292728 _____ C:\Windows\Minidump\091913-36379-01.dmp

2013-09-17 18:08 - 2013-09-20 21:19 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Guild Wars 2

2013-09-14 18:04 - 2013-09-14 18:04 - 00000000 ____D C:\Windows\rescache

2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Adam\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2013-09-13 23:49 - 2013-08-10 06:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-13 23:49 - 2013-08-10 06:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-13 23:49 - 2013-08-10 06:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-13 23:49 - 2013-08-10 06:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-13 23:49 - 2013-08-10 06:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-13 23:49 - 2013-08-10 06:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-13 23:49 - 2013-08-10 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-13 23:49 - 2013-08-10 04:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-13 23:49 - 2013-08-10 04:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-13 23:49 - 2013-08-10 04:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-13 23:49 - 2013-08-10 04:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-13 23:49 - 2013-08-10 04:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-13 23:49 - 2013-08-10 03:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-09-13 23:49 - 2013-08-10 03:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-13 08:14 - 2013-08-08 02:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-13 08:14 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2013-09-13 08:14 - 2013-08-02 03:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-09-13 08:14 - 2013-08-02 03:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-09-13 08:14 - 2013-08-02 03:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2013-09-13 08:14 - 2013-08-02 03:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-09-13 08:14 - 2013-08-02 03:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2013-09-13 08:14 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2013-09-13 08:14 - 2013-08-02 03:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2013-09-13 08:14 - 2013-08-02 03:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2013-09-13 08:14 - 2013-08-02 03:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-13 08:14 - 2013-08-02 02:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-13 08:14 - 2013-08-02 02:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-09-13 08:14 - 2013-08-02 02:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2013-09-13 08:14 - 2013-08-02 02:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2013-09-13 08:14 - 2013-08-02 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2013-09-13 08:14 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2013-09-13 08:14 - 2013-08-02 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-09-13 08:14 - 2013-08-02 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-09-13 08:14 - 2013-08-02 01:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-09-13 08:14 - 2013-08-02 01:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-09-13 08:14 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2013-09-13 08:14 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2013-09-13 08:14 - 2013-07-26 03:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-09-13 08:14 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-09-13 08:14 - 2013-07-26 02:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-09-13 08:14 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-09-12 17:56 - 2013-09-12 17:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\fltk.org

2013-09-12 17:56 - 2013-09-12 17:56 - 00000000 ____D C:\ProgramData\fltk.org

2013-09-12 17:20 - 2013-09-12 17:20 - 00001945 _____ C:\Windows\epplauncher.mif

2013-09-12 17:20 - 2013-09-12 17:20 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-09-12 17:20 - 2013-09-12 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-09-12 17:17 - 2013-10-05 16:44 - 00000696 _____ C:\Windows\PFRO.log

2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-09-08 11:31 - 2013-09-08 11:31 - 00001017 _____ C:\Users\Adam\Desktop\ownCloud.lnk

2013-09-07 17:45 - 2013-09-07 17:45 - 00000000 ____D C:\ProgramData\Steam

2013-09-07 17:43 - 2013-09-07 17:43 - 00000499 _____ C:\Users\Public\Desktop\Castle of Illusion.lnk

2013-09-05 18:44 - 2013-09-05 18:44 - 00000000 ____D C:\Program Files (x86)\QuickTime

==================== One Month Modified Files and Folders =======

2013-10-05 17:25 - 2013-10-05 17:25 - 01954124 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe

2013-10-05 17:25 - 2013-10-05 17:25 - 00000000 ____D C:\FRST

2013-10-05 17:25 - 2011-06-20 18:41 - 00000000 ____D C:\Users\Adam\AppData\Roaming\TeraCopy

2013-10-05 17:21 - 2013-10-05 17:16 - 00000000 ____D C:\Users\Adam\Desktop\RK_Quarantine

2013-10-05 17:17 - 2013-10-05 17:17 - 00005914 _____ C:\Users\Adam\Desktop\RKreport[0]_S_10052013_171718.txt

2013-10-05 17:17 - 2012-04-30 19:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-05 17:15 - 2012-01-13 22:50 - 00000000 ____D C:\Program Files (x86)\Trillian

2013-10-05 17:15 - 2011-06-23 17:41 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Xfire

2013-10-05 17:15 - 2011-06-20 17:42 - 01437794 _____ C:\Windows\WindowsUpdate.log

2013-10-05 17:14 - 2013-10-05 17:14 - 03980800 _____ C:\Users\Adam\Desktop\RogueKillerX64.exe

2013-10-05 17:06 - 2011-06-27 12:03 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347419715-266202084-3160654399-1000UA.job

2013-10-05 16:57 - 2009-07-14 05:45 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-05 16:57 - 2009-07-14 05:45 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-05 16:49 - 2013-10-05 16:49 - 00034606 _____ C:\Users\Adam\Desktop\dds.txt

2013-10-05 16:49 - 2013-10-05 16:49 - 00025372 _____ C:\Users\Adam\Desktop\attach.txt

2013-10-05 16:48 - 2013-10-05 16:48 - 00688992 ____R (Swearware) C:\Users\Adam\Desktop\dds.com

2013-10-05 16:46 - 2011-06-20 18:59 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Dropbox

2013-10-05 16:45 - 2013-08-08 08:53 - 00014972 _____ C:\Windows\setupact.log

2013-10-05 16:45 - 2012-04-30 19:42 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-05 16:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-05 16:44 - 2013-09-12 17:17 - 00000696 _____ C:\Windows\PFRO.log

2013-10-05 16:44 - 2013-03-31 22:08 - 00000000 ____D C:\ProgramData\NVIDIA

2013-10-05 16:38 - 2012-04-19 19:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-10-05 16:33 - 2013-10-05 16:33 - 00234010 _____ C:\Windows\SysWOW64\poclbm130302GeForce GTX 660gv1w256l4.bin

2013-10-05 16:31 - 2012-03-30 16:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-05 16:07 - 2011-07-07 00:46 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2347419715-266202084-3160654399-1000UA.job

2013-10-05 16:06 - 2011-06-27 12:03 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2347419715-266202084-3160654399-1000Core.job

2013-10-05 14:08 - 2012-12-23 21:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\ftblauncher

2013-10-05 12:57 - 2011-06-20 18:10 - 00000000 ____D C:\Program Files (x86)\SRWare Iron

2013-10-05 11:48 - 2013-10-05 11:47 - 00000000 ____D C:\Users\Adam\AppData\Roaming\miner

2013-10-05 09:58 - 2011-06-20 19:27 - 00000000 ____D C:\Users\Adam\AppData\Roaming\NoNameScript

2013-10-05 09:58 - 2011-06-20 19:26 - 00000000 ____D C:\Program Files (x86)\mIRC

2013-10-05 09:46 - 2011-06-20 19:45 - 00000000 ____D C:\ProgramData\LogMeIn

2013-10-05 02:10 - 2011-06-20 20:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Spotify

2013-10-04 22:07 - 2011-07-07 00:46 - 00000900 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2347419715-266202084-3160654399-1000Core.job

2013-10-04 16:30 - 2011-06-20 20:35 - 00000000 ____D C:\Users\Adam\AppData\Local\Spotify

2013-10-04 16:25 - 2013-08-06 18:18 - 00000000 ____D C:\Users\Adam\AppData\Roaming\vlc

2013-10-04 16:25 - 2011-10-07 22:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Mumble

2013-10-03 22:29 - 2013-10-03 22:29 - 00000000 ____D C:\terrariaserv

2013-10-03 22:22 - 2011-11-24 19:08 - 00000000 ____D C:\Users\Adam\AppData\Local\Plex

2013-10-03 18:21 - 2013-08-29 22:03 - 00000000 ____D C:\Users\Adam\Desktop\iPlayer Recordings

2013-10-03 17:48 - 2013-08-29 22:07 - 00000260 _____ C:\Users\Adam\.swfinfo

2013-10-03 17:48 - 2013-08-29 22:03 - 00000000 ____D C:\Users\Adam\.get_iplayer

2013-10-02 22:03 - 2011-10-05 21:51 - 00000039 _____ C:\Windows\vbaddin.ini

2013-10-02 22:03 - 2011-06-21 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-02 22:02 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini

2013-10-02 21:49 - 2013-07-27 00:30 - 00000000 ____D C:\Users\Adam\AppData\Local\Warframe

2013-10-01 18:41 - 2011-06-23 17:41 - 00000000 ____D C:\ProgramData\Xfire

2013-09-29 18:49 - 2011-10-17 01:38 - 00000000 ____D C:\Users\Adam\AppData\Roaming\PrimoPDF

2013-09-29 18:47 - 2011-10-30 14:23 - 00000000 ____D C:\Users\Adam\AppData\Local\Adobe

2013-09-29 18:46 - 2011-10-30 14:24 - 00000000 ____D C:\ProgramData\Adobe

2013-09-29 18:46 - 2011-10-30 14:24 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-09-27 10:07 - 2011-06-29 16:17 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Mozilla

2013-09-26 01:00 - 2011-07-17 16:58 - 00000396 _____ C:\Windows\Tasks\Defraggler Volume G Task.job

2013-09-22 17:57 - 2012-01-13 23:18 - 00000000 ____D C:\Users\Adam\AppData\Roaming\TS3Client

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fill and Cross Royal Riddles

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Users\Adam\AppData\Roaming\8floor

2013-09-22 00:21 - 2013-09-22 00:21 - 00000000 ____D C:\Program Files (x86)\Fill and Cross Royal Riddles

2013-09-21 22:48 - 2013-03-06 22:46 - 00000741 _____ C:\Windows\Cm108.ini.imi

2013-09-21 11:44 - 2013-09-21 11:44 - 00000000 ____D C:\Program Files (x86)\Brackets Sprint 30

2013-09-20 21:19 - 2013-09-17 18:08 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Guild Wars 2

2013-09-20 17:35 - 2013-09-20 17:35 - 00000945 _____ C:\Users\Adam\Desktop\Open Broadcaster Software.lnk

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\OBS

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software

2013-09-20 17:35 - 2013-09-20 17:35 - 00000000 ____D C:\Program Files (x86)\OBS

2013-09-19 23:48 - 2013-09-19 23:48 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies

2013-09-19 23:48 - 2011-09-16 20:04 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files\iTunes

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files\iPod

2013-09-19 18:36 - 2013-09-19 18:36 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-09-19 18:31 - 2012-03-30 16:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-19 18:31 - 2012-03-30 16:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-19 18:31 - 2011-06-20 19:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-19 12:44 - 2013-09-19 12:44 - 00292728 _____ C:\Windows\Minidump\091913-36379-01.dmp

2013-09-19 12:44 - 2011-12-23 11:49 - 00000000 ____D C:\Windows\Minidump

2013-09-18 23:47 - 2011-10-25 09:41 - 00000000 ____D C:\Users\Adam\.VirtualBox

2013-09-17 18:08 - 2012-04-27 13:18 - 00000000 ____D C:\Program Files (x86)\GW2

2013-09-17 15:03 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-09-17 09:42 - 2011-07-05 10:36 - 00000000 ____D C:\Users\Adam\Tracing

2013-09-16 18:50 - 2012-01-13 23:17 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

2013-09-14 18:04 - 2013-09-14 18:04 - 00000000 ____D C:\Windows\rescache

2013-09-14 12:04 - 2011-06-20 17:43 - 00000000 ___RD C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-14 12:03 - 2013-09-14 12:03 - 00000000 ____D C:\Users\Adam\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

2013-09-14 09:47 - 2011-06-20 17:43 - 00000000 ___RD C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-14 09:47 - 2009-07-14 05:45 - 02467680 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-13 23:49 - 2013-08-16 11:07 - 00000000 ____D C:\Windows\system32\MRT

2013-09-13 23:47 - 2011-06-20 18:02 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-12 17:56 - 2013-09-12 17:56 - 00000000 ____D C:\Users\Adam\AppData\Roaming\fltk.org

2013-09-12 17:56 - 2013-09-12 17:56 - 00000000 ____D C:\ProgramData\fltk.org

2013-09-12 17:56 - 2011-06-20 20:44 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-09-12 17:20 - 2013-09-12 17:20 - 00001945 _____ C:\Windows\epplauncher.mif

2013-09-12 17:20 - 2013-09-12 17:20 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-09-12 17:20 - 2013-09-12 17:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-09-12 17:16 - 2011-06-20 21:00 - 00000000 ____D C:\ProgramData\Avira

2013-09-12 13:28 - 2013-01-25 18:36 - 00000000 ____D C:\ProgramData\VSO

2013-09-12 09:58 - 2013-09-19 23:46 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 22102304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 15703688 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 13628208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 11274528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-09-12 09:58 - 2013-09-19 23:46 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 02367264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432723.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432723.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-09-12 09:58 - 2013-09-19 23:46 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-09-12 09:58 - 2013-07-06 14:34 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-09-12 09:58 - 2013-06-13 18:31 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-09-12 09:58 - 2013-06-13 18:31 - 15901448 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2013-09-12 09:58 - 2013-06-13 18:31 - 12947360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-09-12 09:58 - 2013-06-13 18:31 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2013-09-12 09:58 - 2013-06-13 18:31 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2013-09-12 09:58 - 2013-03-31 22:05 - 00022814 _____ C:\Windows\system32\nvinfo.pb

2013-09-12 09:58 - 2012-12-19 16:34 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2013-09-12 09:58 - 2012-12-19 16:34 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2013-09-12 08:25 - 2013-03-31 22:08 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2013-09-12 08:25 - 2013-03-31 22:08 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2013-09-12 08:25 - 2013-03-31 22:08 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2013-09-12 08:25 - 2013-03-31 22:08 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2013-09-12 08:25 - 2013-03-31 22:08 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2013-09-12 08:25 - 2013-03-31 22:08 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2013-09-12 01:17 - 2013-09-12 01:17 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2013-09-11 23:06 - 2013-03-31 22:08 - 03361114 _____ C:\Windows\system32\nvcoproc.bin

2013-09-08 21:23 - 2013-03-04 14:01 - 00000000 ____D C:\Users\Adam\ownCloud

2013-09-08 11:31 - 2013-09-08 11:31 - 00001017 _____ C:\Users\Adam\Desktop\ownCloud.lnk

2013-09-08 11:31 - 2013-03-04 13:50 - 00000000 ____D C:\Program Files (x86)\ownCloud

2013-09-07 17:45 - 2013-09-07 17:45 - 00000000 ____D C:\ProgramData\Steam

2013-09-07 17:43 - 2013-09-07 17:43 - 00000499 _____ C:\Users\Public\Desktop\Castle of Illusion.lnk

2013-09-05 18:44 - 2013-09-05 18:44 - 00000000 ____D C:\Program Files (x86)\QuickTime

Files to move or delete:

====================

C:\ProgramData\hash.dat

C:\ProgramData\LaunchURL.bat

Some content of TEMP:

====================

C:\Users\Adam\AppData\Local\Temp\Checkupdate.exe

C:\Users\Adam\AppData\Local\Temp\Foxit Reader Updater.exe

C:\Users\Adam\AppData\Local\Temp\gcapi_dll.dll

C:\Users\Adam\AppData\Local\Temp\gtapi_signed.dll

C:\Users\Adam\AppData\Local\Temp\nircmd.exe

C:\Users\Adam\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Adam\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Adam\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Adam\AppData\Local\Temp\nvStInst.exe

C:\Users\Adam\AppData\Local\Temp\ShellLink.dll

C:\Users\Adam\AppData\Local\Temp\VSUSetup.exe

C:\Users\Adam\AppData\Local\Temp\wget.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-01 10:22

==================== End Of Log ============================

Addition.txt

MrCharlie · October 5, 2013

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

SillyClicker · October 5, 2013

# AdwCleaner v3.006 - Report created 05/10/2013 at 18:02:56

# Updated 01/10/2013 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Adam - ADAM-PC

# Running from : C:\Users\Adam\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Adam\AppData\Local\Temp\apn

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\jodf3zlh.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2372 octets] - [05/10/2013 18:01:29]

AdwCleaner[s0].txt - [2204 octets] - [05/10/2013 18:02:56]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2264 octets] ##########

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.05.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16686

Adam :: ADAM-PC [administrator]

05/10/2013 18:22:08

mbam-log-2013-10-05 (18-22-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 235351

Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Performance seems better, no graphics driver crashing either, thank you!

MrCharlie · October 5, 2013

It's OK now?? MrC

SillyClicker · October 5, 2013

Yep, all good thank you!

MrCharlie · October 5, 2013

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
If you get Unsupported operating system. Aborting now, just reboot and try again.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

SillyClicker · October 5, 2013

Results of screen317's Security Check version 0.99.74

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 25

JavaScript Tooling

Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20602

Visual Studio Extensions for Windows Library for JavaScript

Java version out of Date!

Adobe Flash Player 11.8.800.168

Adobe Reader XI

Mozilla Firefox 20.0.1 Firefox out of Date!

Google Chrome 29.0.1547.66

Google Chrome 29.0.1547.76

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 44% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

MrCharlie · October 5, 2013

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java 7 Update 25 <--------Java version out of Date! (should be Update 40)

Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-------------------------------------------

Mozilla Firefox 20.0.1 Firefox out of Date! <-------please check for an update if available

-------------------------------------------

Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76

Your Chrome is out of date, should be Version 30.0.1599.69

Open up Chrome > Click on the 3 bars in the upper right hand corner
Click on About Google Chrome
If there's an update available it will automatically update

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

SillyClicker · October 5, 2013

Great stuff, thank you very much for your help!

MrCharlie · October 5, 2013

OK...Take Care MrC

LDTate · October 6, 2013

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Infection with BitCoin Miner

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information