Jump to content

Possible GPU malware


Recommended Posts

Hi,

 

I am wondering if I have some kind of malware in my GPU.  System runs fine until something challenging to the GPU is started, like video transcoding or Solidworks, Then I get either a black screen or white screen and complete system lockup.  The GPU is an ATI Radeon HD 4870.  Right now, I have removed the ATI drivers and the card is using a windows driver, with the same problems. I have attached the dds.txt and attach.txt report files generated by dds.com.  Any advice you can provide would be most welcome.  You guys are saints and I cannot thank you enough for your efforts.

 

Sincerely,

Steve DeJesus

 

attach.txt

dds.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

OK, I uninstalled bittorrent software and ran the 3 steps you outlined.  Here is the report from RogueKiller:

 

 

RKreport[0]_S_02142014_165025.txt:

 

 

RogueKiller V8.8.7 _x64_ [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 02/14/2014 16:50:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EVVS-63E1B1 ATA Device +++++
--- User ---
[MBR] 5614377c78a7a02d7f0a3090850177ab
[bSP] eaea4c7e08ff00715788fc41012b4371 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3500413AS ATA Device +++++
--- User ---
[MBR] f02e4990315b842b0e89a573a52acada
[bSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02142014_165025.txt >>
 
 
 
 
Link to post
Share on other sites

  • Root Admin

That looks okay

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

I could not run the online virus scan.  I got a message as follows from Chrome:

The webpage at http://www.eset.com/online-scanner/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

 

I cleared out all cookies and got the same error.  

 

Here are the  logs:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

www.malwarebytes.org
 
Database version: v2014.02.14.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Steve :: PC2-VIDEO [administrator]
 
2/14/2014 5:03:01 PM
mbar-log-2014-02-14 (17-03-01).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 230104
Time elapsed: 6 minute(s), 50 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16518
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 4252098560, free: 2369798144
 
Downloaded database version: v2014.02.14.09
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     02/14/2014 17:02:58
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\pwipf6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\e1q62x64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004dd3060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-b\
Lower Device Object: 0xfffffa8003d06680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d4c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-6\
Lower Device Object: 0xfffffa8004b33060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8004dd3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004dd3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dd3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004b36520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003d06680, DeviceName: \Device\Ide\IdeDeviceP2T1L0-b\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d4c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d4c1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d4c790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004ae6670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b33060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F4EB8E37
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 976564224
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Steve on Fri 02/14/2014 at 17:18:34.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Steve\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 17:23:02.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
# AdwCleaner v3.018 - Report created 14/02/2014 at 17:32:35
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steve - PC2-VIDEO
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [745 octets] - [14/02/2014 17:30:40]
AdwCleaner[s0].txt - [667 octets] - [14/02/2014 17:32:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [726 octets] ##########
 
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.14.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Steve :: PC2-VIDEO [administrator]
 
2/14/2014 5:39:04 PM
mbam-log-2014-02-14 (17-39-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208918
Time elapsed: 2 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
Link to post
Share on other sites

Here is the rest:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Steve (administrator) on PC2-VIDEO on 14-02-2014 17:54:56
Running from C:\Users\Steve\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Steve\AppData\Local\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-30] (AVAST Software)
HKLM-x32\...\Run: [Privatefirewall] - C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM-x32\...\Run: [NBAgent] - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-04-28] (Nero AG)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-06] (Microsoft Corporation)
HKU\S-1-5-21-1654872690-2637105890-1346635818-1000\...\Run: [Google Update] - C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-06] (Google Inc.)
HKU\S-1-5-21-1654872690-2637105890-1346635818-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1654872690-2637105890-1346635818-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1654872690-2637105890-1346635818-1000\...\MountPoints2: {3da62bd3-3a1c-11e3-9bc5-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-1654872690-2637105890-1346635818-1000\...\MountPoints2: {c3b046b8-86f3-11e3-bf72-000bab3cd406} - F:\Setup.exe
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x11A3F3FE69DBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
 
CHR Extension: (Google Docs) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-06]
CHR Extension: (Google Drive) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-06]
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-06]
CHR Extension: (eBay Web App) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2013-11-06]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-06]
CHR Extension: (Screen Capture (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2014-01-04]
CHR Extension: (Netflix) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2013-12-17]
CHR Extension: (Bomomo) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2013-11-20]
CHR Extension: (NYTimes) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel [2013-11-12]
CHR Extension: (Google Calendar) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-06]
CHR Extension: (avast! Online Security) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-06]
CHR Extension: (Dropbox) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-11-06]
CHR Extension: (SoundCloud) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2013-11-06]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-11-06]
CHR Extension: (Weather Underground) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-11-12]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-30]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-30] (AVAST Software)
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2014-01-21] (WiseCleaner.com)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-30] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-26] (Disc Soft Ltd)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-14 17:54 - 2014-02-14 17:55 - 00010739 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-14 17:54 - 2014-02-14 17:54 - 00000000 ____D () C:\FRST
2014-02-14 17:53 - 2014-02-14 17:53 - 02152960 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-14 17:36 - 2014-02-14 17:36 - 00000805 _____ () C:\Users\Steve\Desktop\AdwCleaner[s0].txt
2014-02-14 17:30 - 2014-02-14 17:32 - 00000000 ____D () C:\AdwCleaner
2014-02-14 17:29 - 2014-02-14 17:29 - 01166132 _____ () C:\Users\Steve\Desktop\AdwCleaner.exe
2014-02-14 17:23 - 2014-02-14 17:23 - 00000887 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-02-14 17:18 - 2014-02-14 17:18 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 17:16 - 2014-02-14 17:16 - 01037530 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2014-02-14 17:16 - 2014-02-14 17:16 - 00000000 ____D () C:\Users\Steve\Desktop\Done
2014-02-14 17:02 - 2014-02-14 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-14 17:01 - 2014-02-14 17:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-14 17:01 - 2014-02-14 17:01 - 00000000 ____D () C:\Users\Steve\Desktop\Mbar
2014-02-14 16:59 - 2014-02-14 17:00 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.07.0.1009.exe
2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Windows\ERDNT
2014-02-14 16:45 - 2014-02-14 16:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-12 23:18 - 2014-02-12 23:18 - 01531776 _____ () C:\Windows\Minidump\021214-23093-01.dmp
2014-02-12 03:01 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:01 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:01 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:01 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:01 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:01 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:01 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:01 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:01 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:01 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:01 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:01 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:01 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:01 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:01 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:01 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:01 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:01 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:01 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:01 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:01 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:01 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:01 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:01 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:01 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:01 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:01 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:01 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:01 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:01 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:01 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:01 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:01 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:01 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:01 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:01 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:01 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:01 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:01 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 03:01 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:01 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-11 19:15 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-11 19:15 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-11 19:15 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-02-11 19:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-02-11 19:15 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-11 19:15 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-11 19:15 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-11 19:15 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-11 19:15 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-11 19:14 - 2014-02-11 19:14 - 00010009 _____ () C:\Windows\DirectX.log
2014-02-11 19:14 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-11 19:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-11 19:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-11 19:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-11 19:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-11 19:14 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-11 19:14 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-11 19:14 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-11 19:14 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-11 19:14 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-11 19:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-11 19:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-11 19:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-11 19:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-11 19:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-11 19:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-11 19:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-11 19:14 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-11 19:14 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-11 19:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-11 19:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-11 19:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-11 19:14 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-11 19:14 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-11 19:14 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-11 19:14 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-11 19:14 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-11 19:14 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-11 19:14 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-11 19:14 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-11 19:14 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-11 19:14 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-11 19:14 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-11 19:14 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-11 19:14 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-11 19:14 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-11 19:14 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-11 19:14 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-11 19:14 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-11 19:14 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-11 19:14 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-11 19:14 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-11 19:14 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-11 19:14 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-11 19:14 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-11 19:14 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-11 19:14 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-11 19:14 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-11 19:14 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-11 19:14 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-11 19:14 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-11 19:14 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-11 19:14 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-11 19:14 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-11 19:14 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-11 19:14 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-11 19:14 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-11 19:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-11 19:14 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-11 19:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-11 19:14 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-11 19:14 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-11 19:14 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-11 19:14 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-11 19:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-11 19:14 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-11 19:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-11 19:14 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-11 19:14 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-11 19:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-11 19:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-11 19:14 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-11 19:14 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-11 19:14 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-11 19:14 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-11 19:14 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-11 19:14 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-11 19:14 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-11 19:14 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-11 19:14 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-11 19:14 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-11 19:14 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-11 19:14 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-11 19:14 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-11 19:14 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-11 19:14 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-11 19:14 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-11 19:14 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-11 19:14 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-11 19:14 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-11 19:14 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-11 19:14 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-11 19:14 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-11 19:14 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-11 19:14 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-11 19:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-11 19:14 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-11 19:14 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-11 19:14 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-11 19:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-11 19:14 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-11 19:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-11 19:14 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-11 19:14 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-11 19:14 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-11 19:14 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-11 19:14 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-11 19:14 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-11 19:14 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-11 19:14 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-11 19:14 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-11 19:14 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-11 19:14 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-11 19:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-11 19:14 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-11 19:14 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-11 19:14 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-11 19:14 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-11 19:11 - 2014-02-11 19:15 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-11 19:11 - 2014-02-11 19:15 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-02-11 19:11 - 2014-02-11 19:11 - 00001090 _____ () C:\Users\Steve\Desktop\MSI Afterburner.lnk
2014-02-11 19:11 - 2014-02-11 19:11 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-02-11 19:10 - 2014-02-11 19:10 - 22990573 _____ () C:\Users\Steve\Downloads\MSIAfterburnerSetup231.zip
2014-02-11 19:10 - 2014-02-11 19:10 - 00000000 ____D () C:\Users\Steve\Downloads\MSIAfterburnerSetup231
2014-02-11 19:09 - 2014-02-11 19:09 - 00930440 _____ (CNET Download.com) C:\Users\Steve\Downloads\cbsidlm-cbsi176-MSI_Afterburner-SEO-75871628.exe
2014-02-11 16:18 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 16:18 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 16:18 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 16:18 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 16:18 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 16:18 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 16:17 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 16:17 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 16:17 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 16:17 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 16:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 16:17 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 16:17 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 16:17 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 16:17 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 16:17 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 16:17 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 16:17 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 16:17 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 16:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 16:17 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 16:17 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 16:17 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 16:17 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 16:17 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 16:17 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 16:17 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 16:17 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 15:48 - 2014-02-11 15:48 - 00276032 _____ () C:\Windows\Minidump\021114-20453-01.dmp
2014-02-11 15:25 - 2014-02-11 15:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\EDrawings
2014-02-11 15:22 - 2014-02-11 15:32 - 00000000 ____D () C:\Users\Steve\AppData\Local\TempSWBackupDirectory
2014-02-11 15:20 - 2014-02-11 15:20 - 00007625 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2014-02-11 15:18 - 2014-02-11 15:18 - 00000000 ____D () C:\Users\Steve\AppData\Local\SolidWorks
2014-02-11 15:06 - 2014-02-12 23:18 - 489201541 _____ () C:\Windows\MEMORY.DMP
2014-02-11 15:06 - 2014-02-11 15:06 - 01113016 _____ () C:\Windows\Minidump\021114-44468-01.dmp
2014-02-11 13:09 - 2014-02-11 13:09 - 00000000 ____D () C:\Users\Steve\Documents\SolidWorksComposer
2014-02-11 13:08 - 2014-02-11 13:08 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-02-11 13:07 - 2014-02-11 13:07 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\help_images_otherUI
2014-02-11 13:07 - 2014-02-11 13:07 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\Documents\SolidWorks Visual Studio Tools for Applications
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\DassaultSystemes
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\AppData\Local\DassaultSystemes
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\SolidWorks Data
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-02-11 12:59 - 2014-02-11 13:08 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-02-11 12:59 - 2014-02-11 13:08 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-02-11 12:59 - 2014-02-11 12:59 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-02-11 12:59 - 2014-02-11 12:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-11 12:58 - 2014-02-11 12:58 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-02-11 12:58 - 2014-02-11 12:58 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Users\Steve\Documents\Visual Studio 2005
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-11 12:56 - 2014-02-11 12:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-11 12:56 - 2014-02-11 12:56 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-11 12:54 - 2014-02-11 15:21 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-11 12:08 - 2014-02-11 15:18 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\SolidWorks
2014-02-11 12:08 - 2014-02-11 12:53 - 00000000 ____D () C:\Windows\SolidWorks
2014-02-11 12:08 - 2014-02-11 12:08 - 00000000 ____D () C:\Users\Steve\Downloads\sldim
2014-02-11 12:06 - 2014-02-11 12:07 - 29474856 _____ () C:\Users\Steve\Downloads\SolidWorksSetup.exe
2014-02-11 11:59 - 2014-02-14 17:52 - 00679067 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 11:59 - 2014-02-11 15:06 - 00071312 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 11:57 - 2014-02-11 22:23 - 00000890 _____ () C:\Windows\PFRO.log
2014-02-11 11:53 - 2014-02-14 17:34 - 00000934 _____ () C:\Windows\setupact.log
2014-02-11 11:53 - 2014-02-11 11:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-11 10:25 - 2014-02-11 11:57 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-02-11 10:25 - 2014-02-11 10:25 - 00003214 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-02-11 10:18 - 2014-02-14 17:35 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Wise Care 365
2014-02-11 10:18 - 2014-02-11 10:18 - 00001160 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-02-11 10:18 - 2014-02-11 10:18 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-11 10:17 - 2014-02-11 10:17 - 08473672 _____ (WiseCleaner.com ) C:\Users\Steve\Downloads\WiseCare365.exe
2014-02-11 10:07 - 2014-02-11 10:08 - 160489864 _____ (Advanced Micro Devices, Inc.) C:\Users\Steve\Downloads\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
2014-02-08 19:05 - 2014-02-08 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-01 12:14 - 2014-02-14 17:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 12:14 - 2014-02-04 15:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-01 12:14 - 2014-02-04 15:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-01 12:14 - 2014-02-01 12:14 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-01 12:13 - 2014-02-01 12:14 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2014-01-30 19:27 - 2014-01-30 19:27 - 00000000 ____D () C:\Users\Steve\AppData\Local\Privatefirewall
2014-01-30 19:19 - 2014-01-30 19:19 - 00000146 _____ () C:\Windows\ODBC.INI
2014-01-30 19:19 - 2014-01-30 19:19 - 00000000 ____D () C:\ProgramData\Privacyware
2014-01-30 19:19 - 2014-01-30 19:19 - 00000000 ____D () C:\Program Files (x86)\Privacyware
2014-01-30 19:19 - 2013-09-29 21:24 - 00133152 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-01-30 19:18 - 2014-01-30 19:18 - 03749640 _____ (PWI, Inc. ) C:\Users\Steve\Downloads\privatefirewall.exe
2014-01-30 19:03 - 2014-01-30 19:03 - 00450639 ____R () C:\Windows\system32\Drivers\etc\hosts.20140130-190336.backup
2014-01-30 00:33 - 2014-01-30 00:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\AVAST Software
2014-01-30 00:32 - 2014-02-14 16:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-30 00:32 - 2014-01-30 00:32 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-30 00:32 - 2014-01-30 00:31 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 00:32 - 2014-01-30 00:31 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 00:32 - 2014-01-30 00:31 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 00:31 - 2014-01-30 00:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 00:31 - 2014-01-30 00:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-28 00:24 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140128-002422.backup
2014-01-28 00:22 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140128-002229.backup
2014-01-27 21:27 - 2014-01-27 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-27 21:26 - 2014-01-28 00:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-27 21:26 - 2014-01-27 21:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-27 21:26 - 2014-01-27 21:26 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-27 21:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-01-26 20:50 - 2014-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-01-26 20:48 - 2014-01-26 20:48 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-26 20:47 - 2014-01-26 20:47 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-26 20:47 - 2014-01-26 20:47 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-01-26 20:02 - 2014-02-11 15:15 - 00000000 ____D () C:\ProgramData\AMD
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ATI
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D () C:\Users\Steve\AppData\Local\ATI
2014-01-26 17:18 - 2014-01-26 17:18 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-01-21 21:13 - 2014-01-21 21:13 - 00000000 ____D () C:\Windows\Sun
2014-01-21 19:06 - 2014-01-21 19:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 19:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-18 05:10 - 2014-01-18 05:10 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 05:10 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-18 05:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-18 05:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-18 05:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-16 00:17 - 2014-01-16 00:18 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\VASSAL
2014-01-16 00:17 - 2014-01-16 00:17 - 00000830 _____ () C:\Users\Steve\Desktop\VASSAL.lnk
2014-01-16 00:17 - 2014-01-16 00:17 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL
2014-01-16 00:17 - 2014-01-16 00:17 - 00000000 ____D () C:\Program Files\VASSAL-3.2.9
2014-01-15 22:12 - 2014-01-15 22:32 - 69094165 _____ () C:\Users\Steve\Downloads\SOTM_VASSAL.vmod
2014-01-15 22:08 - 2014-01-15 22:08 - 00571569 _____ () C:\Users\Steve\Downloads\Cthulhu_Dice_0.1.vmod
2014-01-15 22:07 - 2014-01-15 22:10 - 25384313 _____ () C:\Users\Steve\Downloads\Chaos_in_the_Old_World_FFG_1.22.vmod
2014-01-15 19:12 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 19:12 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 19:12 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 19:12 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-14 17:55 - 2014-02-14 17:54 - 00010739 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-02-14 17:54 - 2014-02-14 17:54 - 00000000 ____D () C:\FRST
2014-02-14 17:53 - 2014-02-14 17:53 - 02152960 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2014-02-14 17:53 - 2014-02-01 12:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 17:52 - 2014-02-11 11:59 - 00679067 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 17:40 - 2009-07-13 23:45 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 17:40 - 2009-07-13 23:45 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 17:36 - 2014-02-14 17:36 - 00000805 _____ () C:\Users\Steve\Desktop\AdwCleaner[s0].txt
2014-02-14 17:35 - 2014-02-11 10:18 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Wise Care 365
2014-02-14 17:35 - 2013-11-14 00:12 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Dropbox
2014-02-14 17:34 - 2014-02-11 11:53 - 00000934 _____ () C:\Windows\setupact.log
2014-02-14 17:34 - 2013-11-14 00:15 - 00000000 ___RD () C:\Users\Steve\Dropbox
2014-02-14 17:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 17:32 - 2014-02-14 17:30 - 00000000 ____D () C:\AdwCleaner
2014-02-14 17:29 - 2014-02-14 17:29 - 01166132 _____ () C:\Users\Steve\Desktop\AdwCleaner.exe
2014-02-14 17:28 - 2013-11-06 22:39 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000UA.job
2014-02-14 17:23 - 2014-02-14 17:23 - 00000887 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-02-14 17:18 - 2014-02-14 17:18 - 00000000 ____D () C:\Windows\ERUNT
2014-02-14 17:16 - 2014-02-14 17:16 - 01037530 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2014-02-14 17:16 - 2014-02-14 17:16 - 00000000 ____D () C:\Users\Steve\Desktop\Done
2014-02-14 17:15 - 2014-02-14 17:02 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-14 17:01 - 2014-02-14 17:01 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-14 17:01 - 2014-02-14 17:01 - 00000000 ____D () C:\Users\Steve\Desktop\Mbar
2014-02-14 17:00 - 2014-02-14 16:59 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Steve\Desktop\mbar-1.07.0.1009.exe
2014-02-14 16:46 - 2014-02-14 16:46 - 00000000 ____D () C:\Windows\ERDNT
2014-02-14 16:45 - 2014-02-14 16:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-14 16:36 - 2014-01-30 00:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-13 00:52 - 2013-11-24 15:44 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\vlc
2014-02-12 23:28 - 2013-11-06 22:39 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000Core.job
2014-02-12 23:18 - 2014-02-12 23:18 - 01531776 _____ () C:\Windows\Minidump\021214-23093-01.dmp
2014-02-12 23:18 - 2014-02-11 15:06 - 489201541 _____ () C:\Windows\MEMORY.DMP
2014-02-12 23:18 - 2013-12-24 01:53 - 00000000 ____D () C:\Windows\Minidump
2014-02-12 22:48 - 2013-11-25 04:29 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\XnView
2014-02-12 15:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-12 04:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 03:09 - 2013-11-01 02:27 - 00772558 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 03:09 - 2009-07-14 00:13 - 00772558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-11 22:23 - 2014-02-11 11:57 - 00000890 _____ () C:\Windows\PFRO.log
2014-02-11 19:41 - 2013-12-24 18:22 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-02-11 19:15 - 2014-02-11 19:11 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-02-11 19:15 - 2014-02-11 19:11 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-02-11 19:14 - 2014-02-11 19:14 - 00010009 _____ () C:\Windows\DirectX.log
2014-02-11 19:11 - 2014-02-11 19:11 - 00001090 _____ () C:\Users\Steve\Desktop\MSI Afterburner.lnk
2014-02-11 19:11 - 2014-02-11 19:11 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2014-02-11 19:10 - 2014-02-11 19:10 - 22990573 _____ () C:\Users\Steve\Downloads\MSIAfterburnerSetup231.zip
2014-02-11 19:10 - 2014-02-11 19:10 - 00000000 ____D () C:\Users\Steve\Downloads\MSIAfterburnerSetup231
2014-02-11 19:09 - 2014-02-11 19:09 - 00930440 _____ (CNET Download.com) C:\Users\Steve\Downloads\cbsidlm-cbsi176-MSI_Afterburner-SEO-75871628.exe
2014-02-11 15:48 - 2014-02-11 15:48 - 00276032 _____ () C:\Windows\Minidump\021114-20453-01.dmp
2014-02-11 15:32 - 2014-02-11 15:22 - 00000000 ____D () C:\Users\Steve\AppData\Local\TempSWBackupDirectory
2014-02-11 15:25 - 2014-02-11 15:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\EDrawings
2014-02-11 15:21 - 2014-02-11 12:54 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-02-11 15:20 - 2014-02-11 15:20 - 00007625 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2014-02-11 15:18 - 2014-02-11 15:18 - 00000000 ____D () C:\Users\Steve\AppData\Local\SolidWorks
2014-02-11 15:18 - 2014-02-11 12:08 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\SolidWorks
2014-02-11 15:15 - 2014-01-26 20:02 - 00000000 ____D () C:\ProgramData\AMD
2014-02-11 15:06 - 2014-02-11 15:06 - 01113016 _____ () C:\Windows\Minidump\021114-44468-01.dmp
2014-02-11 15:06 - 2014-02-11 11:59 - 00071312 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-11 15:06 - 2009-07-13 23:45 - 00295600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-11 13:09 - 2014-02-11 13:09 - 00000000 ____D () C:\Users\Steve\Documents\SolidWorksComposer
2014-02-11 13:08 - 2014-02-11 13:08 - 00000000 ____D () C:\Program Files (x86)\SolidWorks Corp
2014-02-11 13:08 - 2014-02-11 12:59 - 00000000 ____D () C:\Program Files\SolidWorks Corp
2014-02-11 13:08 - 2014-02-11 12:59 - 00000000 ____D () C:\Program Files\Common Files\SolidWorks Shared
2014-02-11 13:07 - 2014-02-11 13:07 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\help_images_otherUI
2014-02-11 13:07 - 2014-02-11 13:07 - 00000000 _____ () C:\Windows\eDrawingOfficeAutomator.INI
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\Documents\SolidWorks Visual Studio Tools for Applications
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\DassaultSystemes
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\Users\Steve\AppData\Local\DassaultSystemes
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\SolidWorks Data
2014-02-11 13:06 - 2014-02-11 13:06 - 00000000 ____D () C:\ProgramData\DassaultSystemes
2014-02-11 12:59 - 2014-02-11 12:59 - 00000000 ____D () C:\ProgramData\SolidWorks
2014-02-11 12:59 - 2014-02-11 12:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-11 12:58 - 2014-02-11 12:58 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-02-11 12:58 - 2014-02-11 12:58 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-02-11 12:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Users\Steve\Documents\Visual Studio 2005
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 12:57 - 2014-02-11 12:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-11 12:57 - 2014-02-11 12:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-11 12:56 - 2014-02-11 12:56 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-11 12:53 - 2014-02-11 12:08 - 00000000 ____D () C:\Windows\SolidWorks
2014-02-11 12:08 - 2014-02-11 12:08 - 00000000 ____D () C:\Users\Steve\Downloads\sldim
2014-02-11 12:07 - 2014-02-11 12:06 - 29474856 _____ () C:\Users\Steve\Downloads\SolidWorksSetup.exe
2014-02-11 11:57 - 2014-02-11 10:25 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-02-11 11:53 - 2014-02-11 11:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-11 10:25 - 2014-02-11 10:25 - 00003214 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-02-11 10:21 - 2013-10-21 02:43 - 00000000 ____D () C:\Windows\Panther
2014-02-11 10:18 - 2014-02-11 10:18 - 00001160 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-02-11 10:18 - 2014-02-11 10:18 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-02-11 10:17 - 2014-02-11 10:17 - 08473672 _____ (WiseCleaner.com ) C:\Users\Steve\Downloads\WiseCare365.exe
2014-02-11 10:08 - 2014-02-11 10:07 - 160489864 _____ (Advanced Micro Devices, Inc.) C:\Users\Steve\Downloads\13-9-legacy_vista_win7_64_dd_ccc_whql.exe
2014-02-08 19:05 - 2014-02-08 19:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-06 07:16 - 2014-02-12 03:01 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-12 03:01 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-12 03:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-12 03:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-12 03:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-12 03:01 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-12 03:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-12 03:01 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-12 03:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-12 03:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-12 03:01 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-12 03:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-12 03:01 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-12 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-12 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-12 03:01 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-12 03:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-12 03:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-12 03:01 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-12 03:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-12 03:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-12 03:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-12 03:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-12 03:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-12 03:01 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-12 03:01 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-12 03:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-12 03:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-12 03:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-12 03:01 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-12 03:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-12 03:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-12 03:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-12 03:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 15:53 - 2014-02-01 12:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-04 15:53 - 2014-02-01 12:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 15:53 - 2013-12-24 02:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-03 22:31 - 2013-12-20 00:11 - 00002330 _____ () C:\Users\Steve\Desktop\Google Chrome.lnk
2014-02-01 12:14 - 2014-02-01 12:14 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-01 12:14 - 2014-02-01 12:13 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2014-02-01 02:23 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140211-112003.backup
2014-01-30 19:27 - 2014-01-30 19:27 - 00000000 ____D () C:\Users\Steve\AppData\Local\Privatefirewall
2014-01-30 19:19 - 2014-01-30 19:19 - 00000146 _____ () C:\Windows\ODBC.INI
2014-01-30 19:19 - 2014-01-30 19:19 - 00000000 ____D () C:\ProgramData\Privacyware
2014-01-30 19:19 - 2014-01-30 19:19 - 00000000 ____D () C:\Program Files (x86)\Privacyware
2014-01-30 19:18 - 2014-01-30 19:18 - 03749640 _____ (PWI, Inc. ) C:\Users\Steve\Downloads\privatefirewall.exe
2014-01-30 19:03 - 2014-01-30 19:03 - 00450639 ____R () C:\Windows\system32\Drivers\etc\hosts.20140130-190336.backup
2014-01-30 19:03 - 2009-07-13 21:34 - 00450639 ____R () C:\Windows\system32\Drivers\etc\hosts.20140201-022301.backup
2014-01-30 00:33 - 2014-01-30 00:33 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\AVAST Software
2014-01-30 00:32 - 2014-01-30 00:32 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-30 00:31 - 2014-01-30 00:32 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 00:31 - 2014-01-30 00:32 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 00:31 - 2014-01-30 00:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-30 00:31 - 2014-01-30 00:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 00:31 - 2014-01-30 00:31 - 00000000 ____D () C:\Program Files\AVAST Software
2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-28 00:24 - 2009-07-13 21:34 - 00450639 ____R () C:\Windows\system32\Drivers\etc\hosts.20140130-190312.backup
2014-01-28 00:21 - 2014-01-27 21:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-27 21:31 - 2014-01-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-27 21:27 - 2014-01-27 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-27 21:26 - 2014-01-27 21:26 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-26 20:50 - 2014-01-26 20:50 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-01-26 20:48 - 2014-01-26 20:48 - 00001954 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-01-26 20:47 - 2014-01-26 20:47 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-01-26 20:47 - 2014-01-26 20:47 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\ATI
2014-01-26 20:02 - 2014-01-26 20:02 - 00000000 ____D () C:\Users\Steve\AppData\Local\ATI
2014-01-26 19:03 - 2013-11-01 02:28 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-01-26 19:02 - 2013-12-24 14:31 - 00000000 ____D () C:\Users\Steve\AppData\Local\NVIDIA Corporation
2014-01-26 17:18 - 2014-01-26 17:18 - 00000000 _____ () C:\Windows\ativpsrm.bin
2014-01-24 00:34 - 2013-11-01 02:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-01-24 00:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-01-22 19:14 - 2013-11-17 16:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-22 19:12 - 2013-11-17 16:19 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-21 21:13 - 2014-01-21 21:13 - 00000000 ____D () C:\Windows\Sun
2014-01-21 19:06 - 2014-01-21 19:06 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-21 19:06 - 2014-01-21 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-18 05:11 - 2014-01-01 17:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-18 05:10 - 2014-01-18 05:10 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-18 05:10 - 2014-01-01 17:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-18 04:52 - 2013-11-14 00:15 - 00000979 _____ () C:\Users\Steve\Desktop\Dropbox.lnk
2014-01-18 04:52 - 2013-11-14 00:13 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-18 04:52 - 2013-10-20 23:29 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 00:18 - 2014-01-16 00:17 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\VASSAL
2014-01-16 00:17 - 2014-01-16 00:17 - 00000830 _____ () C:\Users\Steve\Desktop\VASSAL.lnk
2014-01-16 00:17 - 2014-01-16 00:17 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL
2014-01-16 00:17 - 2014-01-16 00:17 - 00000000 ____D () C:\Program Files\VASSAL-3.2.9
2014-01-16 00:17 - 2013-10-20 23:29 - 00000000 ____D () C:\Users\Steve\AppData\Local\VirtualStore
2014-01-15 22:32 - 2014-01-15 22:12 - 69094165 _____ () C:\Users\Steve\Downloads\SOTM_VASSAL.vmod
2014-01-15 22:10 - 2014-01-15 22:07 - 25384313 _____ () C:\Users\Steve\Downloads\Chaos_in_the_Old_World_FFG_1.22.vmod
2014-01-15 22:08 - 2014-01-15 22:08 - 00571569 _____ () C:\Users\Steve\Downloads\Cthulhu_Dice_0.1.vmod
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:42
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by Steve at 2014-02-14 17:55:26
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Privatefirewall (Enabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
CloudReading (x32 Version: 1.0.27.1025 - Foxit Corporation)
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ERUNT 1.1j (x32 Version:  - Lars Hederer)
Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Intel® Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel)
Intel® Network Connections 18.7.28.0 (Version: 18.7.28.0 - Intel) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MSI Afterburner 2.3.1 (x32 Version: 2.3.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 10 (x32 Version: 5.8.10600.6.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.6.10700.5.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.4.10400.2.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.6.10600.4.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.4.10500.1.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.6.10800.6.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10100 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.4.10300.1.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden
Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden
Nero Multimedia Suite 10 (x32 Version: 10.5.10500 - Nero AG)
Nero Prerequisite Installer 1.0 (x32 Version: 11.0.11500 - Nero AG)
Nero Recode 10 (x32 Version: 4.10.10700.5.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden
Nero SoundTrax 10 (x32 Version: 4.10.10500.4.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero StartSmart 10 (x32 Version: 10.6.10500.3.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero Vision 10 (x32 Version: 7.4.11000.9.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero WaveEditor 10 (x32 Version: 5.10.10700.6.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
Privatefirewall 7.0 (x32 Version: 7.0.30.3 - PWI, Inc.)
SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP02 (x32 Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks Composer Player 2014 SP02 x64 Edition (Version: 22.20.40 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
SpeedFan (remove only) (x32 Version:  - )
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
VASSAL (3.2.9) (Version: 3.2.9 - vassalengine.org)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
Wise Care 365 2.94 (x32 Version: 2.94 - WiseCleaner.com, Inc.)
XnView 2.04 (x32 Version: 2.04 - Gougelet Pierre-e)
 
==================== Restore Points  =========================
 
11-02-2014 13:08:27 Scheduled Checkpoint
11-02-2014 15:21:01 Created by Wise Care 365
11-02-2014 21:16:19 Windows Update
12-02-2014 00:14:00 Installed DirectX
12-02-2014 08:00:13 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-02-11 11:20 - 00450709 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {025B9E5B-22BE-444E-9F6C-6C60888E1F5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000UA => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {3CC10DF5-992E-4CAA-A1BB-843007E88CA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {5D9EAAC2-3365-4581-B556-BA0C21F00F97} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000Core => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {AF3107AC-9B6E-4268-BAFF-04C8D9B8D22B} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-01-21] (WiseCleaner.COM)
Task: {C3CD0A17-531A-45A4-8964-FD6F53C6E864} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-30] (AVAST Software)
Task: {DC163D28-FA7C-4F69-B30C-7DBBD19460AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E5FA5186-024E-40FE-913F-6BAE472C0DAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {FF218A69-58A9-4419-9BDD-6E2C81D8732F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000Core.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654872690-2637105890-1346635818-1000UA.job => C:\Users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-11 20:06 - 2014-01-11 20:06 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2014-02-14 16:36 - 2014-02-14 12:53 - 02180608 _____ () C:\Program Files\AVAST Software\Avast\defs\14021402\algo.dll
2014-01-27 21:26 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-27 21:26 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-30 00:31 - 2014-01-30 00:31 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-27 21:26 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-27 21:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-27 21:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-03 22:31 - 2014-02-01 18:41 - 00715592 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 22:31 - 2014-02-01 18:41 - 00100168 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 22:31 - 2014-02-01 18:42 - 04055368 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 22:31 - 2014-02-01 18:42 - 00399688 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 22:31 - 2014-02-01 18:41 - 01634632 _____ () C:\Users\Steve\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (02/14/2014 05:34:57 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (02/14/2014 05:34:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (02/14/2014 05:33:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 43%
Total physical RAM: 4055.12 MB
Available physical RAM: 2305.28 MB
Total Pagefile: 8108.41 MB
Available Pagefile: 6164.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:355.16 GB) NTFS
Drive d: (Internal SATA 1Tb) (Fixed) (Total:931.51 GB) (Free:108.11 GB) NTFS
Drive f: (Sniper2_STARTER) (CDROM) (Total:4.03 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F4EB8E37)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 

 

Link to post
Share on other sites

  • Root Admin

I'm not really seeing any infection there.  I would recommend uninstalling Wise Care 365 - pretty much Snake Oil and I wouldn't run it on my box.

 

It looks like Spybot is having some issue according to the Event Logs but difficult to tell why or what caused it.

 

My guess is that the video card itself just might possibly be bad.  Do you have the old card or another one you can swap out to try?

 

We can run some other tools to look for malware but so far it's looking reasonably clean.

Link to post
Share on other sites

  • Root Admin

You could try putting the computer into a Diagnostic Mode using MSCONFIG.EXE and reboot and test to see if that helps.

 

 

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png



 
Remove the rest of the tools used:
 

Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.


  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.



AdwCleaner Removal:


  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:


  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.