Help getting rid of minerd.exe and cgminer.exe

[Uviation123]

So, I found minerd.exe taking up all of my CPU space, Googled it found out it was a trojan, stopped the process, then I saw a video called ''How to remove minerd.exe and cgminer.exe'' so I googled cgminer.exe, it's also trojan, I stopped that, ran a scan with Mbam, it found PUP's removed that, restarted didn't see minerd.exe/cgminer.exe in task manager, for about 5-6 hours, now it's back, Any way to remove it, permanent? 

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

• Make sure to get the correct version for your system.
  
• Quit all running programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  
• Wait until Prescan has finished...
  
• The following EULA will appear, please select accept
   
  
   
  
• Ensure MBR scan, Check faked and AntiRootkit are checked
  
• Select Scan
   
  
   
  
• When the scan completes select Report, copy and paste that to your reply.
   
  
   
  
• The log should be found in RKreport[?].txt on your Desktop
  
• Exit/Close RogueKiller
  
  
   
  Post those logs..
   
  Kevin

[Uviation123]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01

Ran by samuel (administrator) on KEKEFAMILYPC on 02-06-2014 11:29:33

Running from C:\Users\samuel\Downloads

Platform: Windows 8 Pro (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

() C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe

(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [Akamai NetSession Interface] => C:\Users\samuel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [GameCenterMailRu] => "C:\Users\samuel\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-05-10] (Electronic Arts)

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\Run: [DriverBoot] => C:\DriverBoot\DriverBoot.exe [5994496 2014-05-29] ()

HKU\S-1-5-21-3631150188-1442477864-1940474469-1001\...\MountPoints2: E - "E:\SETUP.EXE" 

AppInit_DLLs: C:\PROGRA~2\SW_X64~1.BOO => C:\PROGRA~2\SW_X64~1.BOO File Not Found

Startup: C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x576FD651D773CF01

BHO: YoutubeAdblocker - {011B3ED8-05B7-030B-834F-4E78C4687BC6} - C:\Program Files (x86)\YoutubeAdblocker\RFtwvL5Oa6.x64.dll No File

BHO: safeeweub - {262FB85B-135F-54A3-2FDB-8B86AD239CF2} - C:\Program Files (x86)\safeeweub\Nf2h12Zc.x64.dll No File

BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)

BHO-x32: safeeweub - {262FB85B-135F-54A3-2FDB-8B86AD239CF2} - C:\Program Files (x86)\safeeweub\Nf2h12Zc.dll No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

 

FireFox:

========

FF ProfilePath: C:\Users\samuel\AppData\Roaming\Mozilla\Firefox\Profiles\pp1y1voi.default

FF Homepage: about:home

FF SelectedSearchEngine: Google

FF NewTab: about:newtab

FF DefaultSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF Plugin-x32: @qq.com/npAndroidAssistant - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll No File

FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.18\Bin\npSSOAxCtrlForPTLogin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @mail.ru/GameCenter - C:\Users\samuel\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll No File

FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\samuel\AppData\Local\Roblox\Versions\version-ca7bb36aabe54be5\\NPRobloxProxy.dll ( ROBLOX Corporation)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\samuel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook

FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-05-04]

 

Chrome: 

=======

CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3320048&octid=EB_ORIGINAL_CTID&ISID=M938719A6-5767-4106-A0DD-F0E81B98C146&SearchSource=55&CUI=&UM=5&UP=SP863FB34A-1154-4A94-83DC-368FB4FAF15C&SSPV=

CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3320048&octid=EB_ORIGINAL_CTID&ISID=M938719A6-5767-4106-A0DD-F0E81B98C146&SearchSource=55&CUI=&UM=5&UP=SP863FB34A-1154-4A94-83DC-368FB4FAF15C&SSPV=", "https://www.google.com/"

CHR Extension: (Google Drive) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-17]

CHR Extension: (ROBLOX 3D Preview Plugin) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\begdomdbhchlodcakjoephdlnmkkljoa [2014-05-28]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-17]

CHR Extension: (Adblock Plus) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-09]

CHR Extension: (Google Search) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-17]

CHR Extension: (Roblox Group Enhancer by Merely) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjfhkkpgfghimddaekfocbahebohdim [2013-11-09]

CHR Extension: (Running Fred) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebimpllhoibdkjegcdpbppjocbgcikj [2014-02-27]

CHR Extension: (nCage) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbmfljfohghaepamnfokgggaejlmfol [2014-05-28]

CHR Extension: (ROBLOX+) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2014-05-28]

CHR Extension: (Google Wallet) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]

CHR Extension: (Battlefield Play4Free) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-11-01]

CHR Extension: (Flow Colors) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk [2013-10-19]

CHR Extension: (Gmail) - C:\Users\samuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-17]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)

S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-05-05] (Perfect World Entertainment Inc)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-13] (BitRaider, LLC)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-05-24] (EasyAntiCheat Ltd)

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-06-01] (Echobit LLC)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-15] (LogMeIn, Inc.)

R2 MoboroboDeviceService; C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe [70952 2014-01-14] ()

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5148240 2013-07-22] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-01] ()

R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\SWSvc.dll",service

S2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-02-13] (BitRaider)

S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.3\dbk64.sys [64480 2013-06-02] ()

R3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2013-09-28] (Echobit, LLC)

S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)

R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-10-22] (Splashtop Inc.)

S3 TesSafe; C:\Windows\system32\TesSafe.sys [159160 2013-11-30] (TENCENT)

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [19208 2013-12-15] ()

S3 dump_wmimmc; \??\C:\Suba Games\Nine Dragons\GameGuard\dump_wmimmc.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\8.7.10504.206\QMUdisk64.sys [X]

S3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]

S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]

S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-02 11:29 - 2014-06-02 11:29 - 00016467 _____ () C:\Users\samuel\Downloads\FRST.txt

2014-06-02 11:29 - 2014-06-02 11:29 - 00000000 ____D () C:\FRST

2014-06-02 11:28 - 2014-06-02 11:29 - 02067456 _____ (Farbar) C:\Users\samuel\Downloads\FRST64.exe

2014-06-02 10:33 - 2014-06-02 10:33 - 00000000 ____D () C:\Users\samuel\AppData\Local\Red 5 Studios

2014-06-02 10:32 - 2014-06-02 10:32 - 00000000 ____D () C:\Users\samuel\Documents\Firefall

2014-06-02 02:57 - 2014-06-02 02:57 - 00002360 _____ () C:\Users\Public\Desktop\Play Firefall.lnk

2014-06-02 02:57 - 2014-06-02 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Red 5 Studios

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\Program Files (x86)\Red 5 Studios

2014-06-02 02:03 - 2014-06-02 02:03 - 19794408 _____ () C:\Users\samuel\Downloads\FirefallInstaller.exe

2014-06-01 23:26 - 2014-06-01 23:29 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal (2).zip

2014-06-01 23:15 - 2014-06-01 23:15 - 00161298 _____ () C:\Users\samuel\Downloads\Barata's Tekno  Multihack_mpgh.net.rar

2014-06-01 22:40 - 2014-06-01 22:42 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal (1).zip

2014-06-01 22:38 - 2014-06-01 22:40 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal.zip

2014-06-01 22:23 - 2014-06-01 22:23 - 03666432 _____ () C:\Users\samuel\Downloads\Trainer.EXE

2014-06-01 18:29 - 2014-06-01 18:29 - 00200262 _____ () C:\Users\samuel\Downloads\Speed Mod by LugiazSoul (1).zip

2014-06-01 16:55 - 2014-06-01 16:55 - 00000000 ____D () C:\Users\samuel\AppData\Local\Funcom

2014-06-01 16:55 - 2014-06-01 16:55 - 00000000 ____D () C:\DreamWorldCache

2014-06-01 16:54 - 2014-06-01 16:54 - 00000368 _____ () C:\Users\samuel\Desktop\LEGO Minifigures Online.appref-ms

2014-06-01 16:54 - 2014-06-01 16:54 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funcom

2014-06-01 16:46 - 2014-06-01 16:46 - 00010076 _____ () C:\Users\samuel\Downloads\LEGOMinifiguresOnline.application

2014-06-01 14:03 - 2014-05-31 13:28 - 00104448 _____ (SquadZLeader) C:\Users\samuel\Desktop\S4Z.exe

2014-06-01 14:02 - 2014-06-01 14:02 - 00073959 _____ () C:\Users\samuel\Downloads\S4Z (1).rar

2014-06-01 12:02 - 2014-06-01 12:02 - 00000221 _____ () C:\Users\samuel\Desktop\Assassin's Creed Brotherhood.url

2014-05-31 19:38 - 2014-05-31 19:38 - 00000865 _____ () C:\Users\samuel\Downloads\payday_the_heist_modded_config.rar

2014-05-31 19:36 - 2014-05-31 19:36 - 00001938 _____ () C:\Users\samuel\Downloads\render settings DauG.txt

2014-05-31 19:30 - 2014-05-31 19:38 - 00000000 ____D () C:\Users\samuel\AppData\Local\PAYDAY 2

2014-05-30 19:10 - 2014-05-30 19:10 - 00369846 _____ () C:\Users\samuel\Downloads\S4Z.rar

2014-05-29 20:08 - 2014-05-29 20:08 - 00000118 _____ () C:\#system_booting.bat

2014-05-29 20:00 - 2014-05-29 20:00 - 00619773 _____ () C:\Users\samuel\Downloads\ZynoxCode v2.0.zip

2014-05-29 19:59 - 2014-05-29 19:59 - 00071736 _____ () C:\Users\samuel\Downloads\AntiKick (1).rar

2014-05-29 19:49 - 2014-05-29 19:49 - 06004615 _____ () C:\Users\samuel\Downloads\[HS4L]-S4League_Hack_EU.rar

2014-05-29 18:30 - 2014-05-29 18:33 - 00000000 ____D () C:\Users\samuel\AppData\Local\ascend

2014-05-29 18:16 - 2014-05-29 18:16 - 00000222 _____ () C:\Users\samuel\Desktop\Ascend Hand of Kul.url

2014-05-28 23:23 - 2014-05-28 23:23 - 00038540 _____ () C:\Users\samuel\Downloads\MaintenanceGui5 UPDATED.rbxm

2014-05-28 23:13 - 2014-05-28 23:13 - 03661824 _____ () C:\Users\samuel\Downloads\Roblox Trainer.EXE

2014-05-28 17:18 - 2014-05-28 17:18 - 00000222 _____ () C:\Users\samuel\Desktop\Fistful of Frags.url

2014-05-27 00:04 - 2014-05-27 00:04 - 01878295 _____ () C:\Users\samuel\Downloads\CR42_234.zip

2014-05-26 23:58 - 2014-05-26 23:58 - 14229643 _____ () C:\Users\samuel\Downloads\Fw-190 A-1 camo.zip

2014-05-26 21:29 - 2014-05-26 21:29 - 02868613 _____ () C:\Users\samuel\Downloads\bf_110c_4_a.zip

2014-05-24 23:45 - 2014-05-24 23:45 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\WizardWars

2014-05-24 23:45 - 2014-05-24 23:40 - 00093048 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe

2014-05-24 23:38 - 2014-05-24 23:38 - 00000222 _____ () C:\Users\samuel\Desktop\Magicka Wizard Wars.url

2014-05-24 21:30 - 2014-05-24 21:30 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Shooter

2014-05-24 18:05 - 2014-05-24 21:33 - 00000000 ____D () C:\Users\samuel\AppData\Local\NexonLauncher

2014-05-24 18:03 - 2014-05-24 18:03 - 10117136 _____ () C:\Users\samuel\Downloads\NexonLauncherSetup.exe

2014-05-24 10:30 - 2014-05-24 10:30 - 00001691 _____ () C:\Users\samuel\Desktop\oldconfig.txt

2014-05-24 10:27 - 2014-05-24 10:27 - 00003292 _____ () C:\Users\samuel\Downloads\Custom Warthunder SLI 32XCSAA.nip

2014-05-24 10:19 - 2014-05-24 10:19 - 00000222 _____ () C:\Users\samuel\Desktop\War Thunder.url

2014-05-24 10:18 - 2014-05-24 10:18 - 07126385 _____ () C:\Users\samuel\Downloads\War Thunder Hack[www.mpgh.net]_mpgh.net.rar

2014-05-23 16:30 - 2014-05-23 16:30 - 11121600 _____ () C:\Users\samuel\Downloads\Crazy_mpgh.net (1).zip

2014-05-23 14:59 - 2014-05-23 14:59 - 11121600 _____ () C:\Users\samuel\Downloads\Crazy_mpgh.net.zip

2014-05-23 07:06 - 2014-05-23 07:06 - 00000000 ____D () C:\Program Files (x86)\Snail Games USA

2014-05-22 21:46 - 2014-05-22 22:41 - 2474812150 _____ () C:\Users\samuel\Downloads\BackGoldInstallSetup_0.0.1.008.rar

2014-05-21 19:56 - 2014-06-01 23:16 - 00000109 _____ () C:\Users\samuel\Desktop\Faith.ini

2014-05-20 19:21 - 2014-05-20 19:21 - 01654470 _____ () C:\Users\samuel\Downloads\background_changer_v2.5_2_mpgh.net.rar

2014-05-20 19:18 - 2014-05-20 19:18 - 00690024 _____ () C:\Users\samuel\Downloads\BLOPS II Backround_mpgh.net.zip

2014-05-20 15:48 - 2014-05-20 15:48 - 00794541 _____ () C:\Users\samuel\Downloads\Rookie v2.0.0 [18.05.2014].rar

2014-05-20 15:47 - 2014-05-20 15:48 - 00524598 _____ () C:\Users\samuel\Downloads\Faith Injector (1).rar

2014-05-20 15:46 - 2014-05-20 15:46 - 00524598 _____ () C:\Users\samuel\Downloads\Faith Injector.rar

2014-05-20 15:46 - 2009-12-01 00:13 - 03065856 _____ () C:\Users\samuel\Desktop\Injector.exe

2014-05-20 15:44 - 2014-05-20 15:44 - 00076379 _____ () C:\Users\samuel\Downloads\AntiKick.rar

2014-05-19 16:01 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-19 16:01 - 2014-05-19 16:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-19 14:08 - 2014-05-19 14:08 - 03097796 _____ () C:\Users\samuel\Downloads\MW3 ChromatiX.zip

2014-05-19 13:59 - 2014-05-19 13:59 - 00023033 _____ () C:\Users\samuel\Downloads\MW3 - Texture Hack [FINAL].rar

2014-05-19 13:36 - 2014-05-19 13:36 - 00322433 _____ () C:\Users\samuel\Downloads\ProScope.rar

2014-05-19 13:34 - 2014-05-19 13:34 - 00583778 _____ () C:\Users\samuel\Downloads\MW3 QScope incl. Crosshair + Rapidknife.rar

2014-05-19 13:23 - 2014-05-19 13:23 - 01195434 _____ () C:\Users\samuel\Downloads\Public Multihack by TheAp713_mpgh.net.rar

2014-05-19 00:40 - 2014-05-19 00:40 - 01508106 _____ () C:\Users\samuel\Downloads\morphgen-binary-master.zip

2014-05-19 00:13 - 2014-05-19 00:14 - 12984640 _____ () C:\Users\samuel\Downloads\ZygorGuidesViewer_mpgh.net (1).rar

2014-05-19 00:13 - 2014-05-19 00:13 - 12984640 _____ () C:\Users\samuel\Downloads\ZygorGuidesViewer_mpgh.net.rar

2014-05-18 12:01 - 2014-05-18 22:24 - 00000000 ____D () C:\Users\samuel\AppData\Local\Arma 3

2014-05-18 12:01 - 2014-05-18 12:03 - 00000000 ____D () C:\Users\samuel\Documents\Arma 3

2014-05-18 12:01 - 2014-05-18 12:01 - 00000000 ____D () C:\ProgramData\Bohemia Interactive

2014-05-17 17:16 - 2014-05-17 17:16 - 00675988 _____ () C:\Users\samuel\Downloads\Minecraft (1).exe

2014-05-16 10:00 - 2014-05-16 10:00 - 00216754 _____ () C:\Users\samuel\Downloads\tMorph.zip

2014-05-16 00:21 - 2014-05-16 00:21 - 04749738 _____ () C:\Users\samuel\Downloads\TheNoobBot-3.1.0.rar

2014-05-15 22:56 - 2014-05-15 22:56 - 09514088 _____ (Perfect World Entertainment) C:\Users\samuel\Downloads\ArcInstall_v20140404a.exe

2014-05-15 21:13 - 2014-05-15 21:13 - 00968783 _____ () C:\Users\samuel\Downloads\WowAP_3.3.5.a._mpgh.net.zip

2014-05-15 15:23 - 2014-05-15 15:23 - 00001252 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk

2014-05-15 15:23 - 2014-05-15 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

2014-05-15 15:22 - 2014-05-22 07:26 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-05-15 15:20 - 2014-05-22 07:25 - 00000000 ____D () C:\Users\samuel\AppData\Local\Battle.net

2014-05-15 15:20 - 2014-05-15 15:26 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Battle.net

2014-05-15 15:20 - 2014-05-15 15:20 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\Users\samuel\AppData\Local\Blizzard Entertainment

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-05-15 15:19 - 2014-05-15 21:20 - 00000000 ____D () C:\ProgramData\Battle.net

2014-05-15 15:18 - 2014-05-15 15:19 - 02942368 _____ (Blizzard Entertainment) C:\Users\samuel\Downloads\World-of-Warcraft-Setup-enUS.exe

2014-05-13 18:48 - 2014-05-13 18:48 - 00262144 _____ () C:\Windows\Minidump\051314-23306-01.dmp

2014-05-13 18:42 - 2014-05-13 18:42 - 00995008 _____ () C:\Users\samuel\Downloads\Firefox.exe

2014-05-13 18:38 - 2014-05-13 18:38 - 00000000 ___RD () C:\Sandbox

2014-05-13 18:37 - 2014-05-13 18:40 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\samuel\Downloads\SandboxieInstall.exe

2014-05-13 18:37 - 2014-05-13 18:37 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\samuel\Downloads\SandboxieInstall (1).exe

2014-05-13 15:33 - 2014-05-13 15:33 - 00002544 _____ () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landmark Beta.lnk

2014-05-13 15:26 - 2014-05-13 15:26 - 19793296 _____ () C:\Users\samuel\Downloads\LM_Beta_setup.exe

2014-05-13 12:18 - 2014-05-13 12:19 - 29580676 _____ () C:\Users\samuel\Downloads\Module 28-1 w Narration.wmv

2014-05-13 11:01 - 2014-05-13 11:01 - 00012175 _____ () C:\Users\samuel\Downloads\Chapter 24 Digestive Diseases Summary.xlsx

2014-05-13 11:01 - 2014-05-13 11:01 - 00012175 _____ () C:\Users\samuel\Downloads\Chapter 24 Digestive Diseases Summary (1).xlsx

2014-05-12 23:15 - 2014-05-12 23:15 - 00262144 _____ () C:\Windows\Minidump\051214-17643-01.dmp

2014-05-12 22:54 - 2014-05-12 22:54 - 00262144 _____ () C:\Windows\Minidump\051214-19640-01.dmp

2014-05-11 20:54 - 2014-05-11 20:54 - 00001441 _____ () C:\Users\samuel\Downloads\bf3fpsconfig.zip

2014-05-11 20:38 - 2014-05-11 20:38 - 41954352 _____ (Razer Inc. ) C:\Users\samuel\Downloads\RazerGameBoosterSetup_4.2.45.0.exe

2014-05-11 19:44 - 2014-05-11 19:44 - 00086834 _____ () C:\Users\samuel\Downloads\MOH_BETA_PUBLIC_[www.unknowncheats.me]_.rar

2014-05-11 14:49 - 2014-05-11 14:49 - 00001070 _____ () C:\Users\Administrator\Desktop\Build and Shoot Launcher.lnk

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Program Files (x86)\Build and Shoot

2014-05-11 14:48 - 2014-05-11 14:48 - 00673002 _____ () C:\Users\samuel\Downloads\Build and Shoot 1.2 Setup (1).exe

2014-05-11 12:55 - 2014-05-11 12:55 - 00139264 _____ (sun.the9.com) C:\Users\samuel\Downloads\9yin_MD5Check (1).exe

2014-05-11 12:53 - 2014-05-11 12:53 - 00139264 _____ (sun.the9.com) C:\Users\samuel\Downloads\9yin_MD5Check.exe

2014-05-11 10:17 - 2014-05-11 10:17 - 00172046 _____ () C:\Users\samuel\Downloads\MohHookv15Rev2_[www.unknowncheats.me]_.zip

2014-05-11 00:21 - 2014-05-11 00:21 - 00000000 ____D () C:\Program Files\Adblock Plus for IE

2014-05-10 23:31 - 2014-05-29 18:00 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Origin

2014-05-10 23:31 - 2014-05-10 23:34 - 00000000 ____D () C:\Users\samuel\AppData\Local\Origin

2014-05-10 23:29 - 2014-05-10 23:29 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\samuel\Downloads\OriginThinSetup.exe

2014-05-10 23:29 - 2014-05-10 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-05-10 22:30 - 2014-05-24 23:36 - 00000138 _____ () C:\Users\samuel\Desktop\New Text Document.txt

2014-05-10 21:51 - 2014-05-10 21:51 - 00000000 __SHD () C:\ProgramData\DSS

2014-05-10 21:29 - 2010-09-16 00:13 - 02601752 _____ () C:\Windows\SysWOW64\pbsvc_moh.exe

2014-05-10 18:32 - 2014-05-10 18:32 - 00408405 _____ () C:\Users\samuel\Downloads\Crysis2AdvancedGraphicsOptions_2_0_1_Beta (1).zip

2014-05-10 17:04 - 2014-05-10 17:04 - 00336209 _____ () C:\Users\samuel\Downloads\SmX-1 CRYNET 2.0 MATTHACK.rar

2014-05-10 17:01 - 2014-05-10 17:01 - 01704543 _____ () C:\Users\samuel\Downloads\Crysis2PAKUtility.rar

2014-05-10 16:09 - 2014-05-10 16:10 - 00000732 _____ () C:\Users\samuel\Downloads\autoexec.cfg

2014-05-10 16:03 - 2014-05-10 16:03 - 00408405 _____ () C:\Users\samuel\Downloads\Crysis2AdvancedGraphicsOptions_2_0_1_Beta.zip

2014-05-10 15:10 - 2014-05-10 15:10 - 00005026 _____ () C:\Users\samuel\Downloads\Ragnos1997-Crysis2Final1-5Patch.rar

2014-05-10 14:46 - 2014-05-10 14:46 - 03337480 _____ () C:\Users\samuel\Downloads\advisorinstaller.exe

2014-05-10 14:46 - 2014-05-10 14:46 - 00002146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

2014-05-10 14:46 - 2014-05-10 14:46 - 00000000 ____D () C:\Program Files (x86)\Belarc

2014-05-10 14:08 - 2014-05-10 14:08 - 00000431 _____ () C:\Users\samuel\Downloads\CryBOOST by DizturbedFan version 1.0

2014-05-10 11:42 - 2014-05-10 11:42 - 00074847 _____ () C:\Users\samuel\Downloads\crysis2configv5.2.zip

2014-05-09 20:52 - 2014-05-09 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2014-05-09 20:41 - 2014-05-09 20:52 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-05-09 20:39 - 2014-05-09 20:40 - 32229024 _____ (Riot Games) C:\Users\samuel\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe

2014-05-09 20:17 - 2014-05-09 20:17 - 00000000 ____D () C:\Users\samuel\AppData\Local\Realmware

2014-05-09 20:16 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realmware BF3 Tools

2014-05-09 20:16 - 2014-05-09 20:16 - 00000000 ____D () C:\Program Files\Realmware

2014-05-09 20:15 - 2014-05-09 20:15 - 03276413 _____ (Realmware) C:\Users\samuel\Downloads\BF3SE-2.3.exe

2014-05-09 18:04 - 2014-06-01 23:23 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS

2014-05-09 17:38 - 2014-05-09 17:38 - 00711649 _____ () C:\Users\samuel\Downloads\pbsetup.zip

2014-05-09 17:33 - 2014-05-09 17:33 - 00094057 _____ () C:\Users\samuel\Downloads\bf3lang.torrent

2014-05-09 07:29 - 2014-05-09 07:29 - 00857600 _____ () C:\Users\samuel\Downloads\LauncherClient.exe

2014-05-09 07:28 - 2014-05-09 07:28 - 00345088 _____ (ZLOFENIX) C:\Users\samuel\Downloads\Launcher.dll

2014-05-09 07:27 - 2014-05-09 07:27 - 08229465 _____ () C:\Users\samuel\Downloads\BF3_Client.rar

2014-05-09 07:24 - 2014-05-09 07:24 - 04574974 _____ () C:\Users\samuel\Downloads\Despo_Launcher_v1.2.rar

2014-05-09 07:12 - 2014-05-09 07:12 - 00000000 ____D () C:\Users\samuel\AppData\Local\ESN

2014-05-09 07:11 - 2014-05-09 07:12 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-05-09 07:11 - 2014-05-09 07:11 - 03822544 _____ () C:\Users\samuel\Downloads\battlelog-web-plugins_2.3.2_134.exe

2014-05-08 15:24 - 2014-05-08 15:54 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\TeamViewer

2014-05-08 15:23 - 2014-05-08 15:23 - 06171848 _____ (TeamViewer GmbH) C:\Users\samuel\Downloads\TeamViewer_Setup_en.exe

2014-05-06 06:24 - 2014-05-06 06:24 - 430097582 _____ () C:\Users\samuel\Downloads\KSP 0.22  { mp88p }.zip

2014-05-05 21:51 - 2014-05-05 21:51 - 00000100 _____ () C:\Users\samuel\Downloads\NoclipBytesAfterPatch.txt

2014-05-05 21:44 - 2014-05-05 21:44 - 00000109 _____ () C:\Users\samuel\Downloads\NewNoclipBytes2014.txt

2014-05-04 20:52 - 2014-05-04 21:16 - 00000000 ____D () C:\Users\samuel\Documents\Fiddler2

2014-05-04 20:51 - 2014-05-04 20:51 - 00001902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk

2014-05-04 20:51 - 2014-05-04 20:51 - 00000000 ____D () C:\Program Files (x86)\Fiddler2

2014-05-04 20:50 - 2014-05-04 20:50 - 00969432 _____ (Telerik) C:\Users\samuel\Downloads\fiddler4setup.exe

2014-05-04 16:34 - 2014-05-04 16:34 - 00279664 _____ () C:\Windows\Minidump\050414-23056-01.dmp

2014-05-03 10:00 - 2014-05-03 10:00 - 00263861 _____ () C:\Users\samuel\Downloads\FataL_v3_1.rar

 

==================== One Month Modified Files and Folders =======

 

2014-06-02 11:30 - 2013-08-14 16:31 - 00000000 ____D () C:\Users\samuel\AppData\Local\Temp

2014-06-02 11:29 - 2014-06-02 11:29 - 00016467 _____ () C:\Users\samuel\Downloads\FRST.txt

2014-06-02 11:29 - 2014-06-02 11:29 - 00000000 ____D () C:\FRST

2014-06-02 11:29 - 2014-06-02 11:28 - 02067456 _____ (Farbar) C:\Users\samuel\Downloads\FRST64.exe

2014-06-02 11:29 - 2013-08-14 19:56 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Skype

2014-06-02 11:17 - 2013-10-17 21:45 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-02 11:14 - 2013-09-28 14:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-02 11:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru

2014-06-02 10:33 - 2014-06-02 10:33 - 00000000 ____D () C:\Users\samuel\AppData\Local\Red 5 Studios

2014-06-02 10:32 - 2014-06-02 10:32 - 00000000 ____D () C:\Users\samuel\Documents\Firefall

2014-06-02 10:30 - 2013-08-14 20:01 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-06-02 08:33 - 2013-08-14 16:31 - 01266334 _____ () C:\Windows\WindowsUpdate.log

2014-06-02 08:02 - 2013-08-14 16:49 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631150188-1442477864-1940474469-1001

2014-06-02 02:57 - 2014-06-02 02:57 - 00002360 _____ () C:\Users\Public\Desktop\Play Firefall.lnk

2014-06-02 02:57 - 2014-06-02 02:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Red 5 Studios

2014-06-02 02:17 - 2013-10-17 21:45 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-02 02:13 - 2013-08-14 21:14 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org

2014-06-02 02:04 - 2014-06-02 02:04 - 00000000 ____D () C:\Program Files (x86)\Red 5 Studios

2014-06-02 02:04 - 2014-01-07 21:28 - 00000000 ___HD () C:\Windows\msdownld.tmp

2014-06-02 02:04 - 2014-01-07 21:28 - 00000000 ____D () C:\Windows\SysWOW64\directx

2014-06-02 02:03 - 2014-06-02 02:03 - 19794408 _____ () C:\Users\samuel\Downloads\FirefallInstaller.exe

2014-06-02 00:15 - 2013-10-17 21:44 - 00000000 ____D () C:\Users\samuel\AppData\Local\Deployment

2014-06-01 23:29 - 2014-06-01 23:26 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal (2).zip

2014-06-01 23:23 - 2014-05-09 18:04 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS

2014-06-01 23:21 - 2013-12-27 19:16 - 00000000 ____D () C:\Users\samuel\AppData\Local\LogMeIn Hamachi

2014-06-01 23:19 - 2014-04-13 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-01 23:19 - 2014-03-12 12:12 - 00000464 ____H () C:\Windows\Tasks\SW.Booster-S-571884386.job

2014-06-01 23:19 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-01 23:16 - 2014-05-21 19:56 - 00000109 _____ () C:\Users\samuel\Desktop\Faith.ini

2014-06-01 23:15 - 2014-06-01 23:15 - 00161298 _____ () C:\Users\samuel\Downloads\Barata's Tekno  Multihack_mpgh.net.rar

2014-06-01 23:15 - 2014-03-09 20:19 - 00000000 ___HD () C:\Users\samuel\Desktop\MW3 Hacks

2014-06-01 22:42 - 2014-06-01 22:40 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal (1).zip

2014-06-01 22:40 - 2014-06-01 22:38 - 202532265 _____ () C:\Users\samuel\Downloads\IW5.Terminal.zip

2014-06-01 22:23 - 2014-06-01 22:23 - 03666432 _____ () C:\Users\samuel\Downloads\Trainer.EXE

2014-06-01 18:29 - 2014-06-01 18:29 - 00200262 _____ () C:\Users\samuel\Downloads\Speed Mod by LugiazSoul (1).zip

2014-06-01 18:14 - 2013-08-22 20:08 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr

2014-06-01 18:14 - 2013-08-22 20:05 - 00282104 _____ () C:\Windows\SysWOW64\PnkBstrB.exe

2014-06-01 18:14 - 2013-08-22 20:05 - 00234768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0

2014-06-01 18:14 - 2013-08-22 20:05 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-06-01 16:55 - 2014-06-01 16:55 - 00000000 ____D () C:\Users\samuel\AppData\Local\Funcom

2014-06-01 16:55 - 2014-06-01 16:55 - 00000000 ____D () C:\DreamWorldCache

2014-06-01 16:54 - 2014-06-01 16:54 - 00000368 _____ () C:\Users\samuel\Desktop\LEGO Minifigures Online.appref-ms

2014-06-01 16:54 - 2014-06-01 16:54 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Funcom

2014-06-01 16:50 - 2014-04-13 01:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-01 16:49 - 2014-04-13 01:17 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-01 16:49 - 2014-04-13 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-01 16:46 - 2014-06-01 16:46 - 00010076 _____ () C:\Users\samuel\Downloads\LEGOMinifiguresOnline.application

2014-06-01 14:10 - 2013-08-15 12:49 - 00963694 _____ () C:\Windows\DirectX.log

2014-06-01 14:02 - 2014-06-01 14:02 - 00073959 _____ () C:\Users\samuel\Downloads\S4Z (1).rar

2014-06-01 13:09 - 2013-08-20 18:31 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\uTorrent

2014-06-01 13:00 - 2013-08-14 18:10 - 00103982 _____ () C:\Windows\PFRO.log

2014-06-01 13:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\Speech

2014-06-01 12:02 - 2014-06-01 12:02 - 00000221 _____ () C:\Users\samuel\Desktop\Assassin's Creed Brotherhood.url

2014-05-31 19:38 - 2014-05-31 19:38 - 00000865 _____ () C:\Users\samuel\Downloads\payday_the_heist_modded_config.rar

2014-05-31 19:38 - 2014-05-31 19:30 - 00000000 ____D () C:\Users\samuel\AppData\Local\PAYDAY 2

2014-05-31 19:36 - 2014-05-31 19:36 - 00001938 _____ () C:\Users\samuel\Downloads\render settings DauG.txt

2014-05-31 17:41 - 2013-08-14 21:24 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2014-05-31 13:28 - 2014-06-01 14:03 - 00104448 _____ (SquadZLeader) C:\Users\samuel\Desktop\S4Z.exe

2014-05-30 20:45 - 2013-08-14 21:33 - 02081280 ___SH () C:\Users\samuel\Desktop\Thumbs.db

2014-05-30 19:10 - 2014-05-30 19:10 - 00369846 _____ () C:\Users\samuel\Downloads\S4Z.rar

2014-05-30 17:16 - 2013-08-20 17:04 - 00000000 ____D () C:\Users\samuel\Documents\My Games

2014-05-29 20:08 - 2014-05-29 20:08 - 00000118 _____ () C:\#system_booting.bat

2014-05-29 20:00 - 2014-05-29 20:00 - 00619773 _____ () C:\Users\samuel\Downloads\ZynoxCode v2.0.zip

2014-05-29 19:59 - 2014-05-29 19:59 - 00071736 _____ () C:\Users\samuel\Downloads\AntiKick (1).rar

2014-05-29 19:50 - 2013-08-15 19:42 - 00000000 ____D () C:\Program Files (x86)\S4League

2014-05-29 19:49 - 2014-05-29 19:49 - 06004615 _____ () C:\Users\samuel\Downloads\[HS4L]-S4League_Hack_EU.rar

2014-05-29 18:33 - 2014-05-29 18:30 - 00000000 ____D () C:\Users\samuel\AppData\Local\ascend

2014-05-29 18:16 - 2014-05-29 18:16 - 00000222 _____ () C:\Users\samuel\Desktop\Ascend Hand of Kul.url

2014-05-29 18:00 - 2014-05-10 23:31 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Origin

2014-05-29 18:00 - 2013-08-23 20:13 - 00000000 ____D () C:\ProgramData\Origin

2014-05-29 17:58 - 2013-08-23 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-05-28 23:23 - 2014-05-28 23:23 - 00038540 _____ () C:\Users\samuel\Downloads\MaintenanceGui5 UPDATED.rbxm

2014-05-28 23:13 - 2014-05-28 23:13 - 03661824 _____ () C:\Users\samuel\Downloads\Roblox Trainer.EXE

2014-05-28 17:18 - 2014-05-28 17:18 - 00000222 _____ () C:\Users\samuel\Desktop\Fistful of Frags.url

2014-05-27 00:04 - 2014-05-27 00:04 - 01878295 _____ () C:\Users\samuel\Downloads\CR42_234.zip

2014-05-26 23:58 - 2014-05-26 23:58 - 14229643 _____ () C:\Users\samuel\Downloads\Fw-190 A-1 camo.zip

2014-05-26 21:29 - 2014-05-26 21:29 - 02868613 _____ () C:\Users\samuel\Downloads\bf_110c_4_a.zip

2014-05-26 12:14 - 2014-02-26 19:08 - 00000000 ____D () C:\Program Files (x86)\OBS

2014-05-25 00:10 - 2013-08-15 19:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-05-25 00:09 - 2014-02-12 23:26 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-05-25 00:08 - 2013-11-28 17:23 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

2014-05-25 00:08 - 2013-06-28 20:50 - 00000000 ____D () C:\AeriaGames

2014-05-24 23:45 - 2014-05-24 23:45 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\WizardWars

2014-05-24 23:40 - 2014-05-24 23:45 - 00093048 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe

2014-05-24 23:38 - 2014-05-24 23:38 - 00000222 _____ () C:\Users\samuel\Desktop\Magicka Wizard Wars.url

2014-05-24 23:36 - 2014-05-10 22:30 - 00000138 _____ () C:\Users\samuel\Desktop\New Text Document.txt

2014-05-24 21:33 - 2014-05-24 18:05 - 00000000 ____D () C:\Users\samuel\AppData\Local\NexonLauncher

2014-05-24 21:30 - 2014-05-24 21:30 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Shooter

2014-05-24 18:03 - 2014-05-24 18:03 - 10117136 _____ () C:\Users\samuel\Downloads\NexonLauncherSetup.exe

2014-05-24 10:30 - 2014-05-24 10:30 - 00001691 _____ () C:\Users\samuel\Desktop\oldconfig.txt

2014-05-24 10:27 - 2014-05-24 10:27 - 00003292 _____ () C:\Users\samuel\Downloads\Custom Warthunder SLI 32XCSAA.nip

2014-05-24 10:19 - 2014-05-24 10:19 - 00000222 _____ () C:\Users\samuel\Desktop\War Thunder.url

2014-05-24 10:18 - 2014-05-24 10:18 - 07126385 _____ () C:\Users\samuel\Downloads\War Thunder Hack[www.mpgh.net]_mpgh.net.rar

2014-05-23 16:30 - 2014-05-23 16:30 - 11121600 _____ () C:\Users\samuel\Downloads\Crazy_mpgh.net (1).zip

2014-05-23 14:59 - 2014-05-23 14:59 - 11121600 _____ () C:\Users\samuel\Downloads\Crazy_mpgh.net.zip

2014-05-23 09:16 - 2014-03-04 07:21 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-05-23 09:16 - 2013-08-14 19:56 - 00000000 ____D () C:\ProgramData\Skype

2014-05-23 07:06 - 2014-05-23 07:06 - 00000000 ____D () C:\Program Files (x86)\Snail Games USA

2014-05-23 05:29 - 2013-10-17 21:46 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-22 22:41 - 2014-05-22 21:46 - 2474812150 _____ () C:\Users\samuel\Downloads\BackGoldInstallSetup_0.0.1.008.rar

2014-05-22 10:38 - 2014-05-02 23:17 - 00000000 _____ () C:\dfu.log

2014-05-22 07:26 - 2014-05-15 15:22 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2014-05-22 07:25 - 2014-05-15 15:20 - 00000000 ____D () C:\Users\samuel\AppData\Local\Battle.net

2014-05-21 06:57 - 2013-08-14 16:31 - 00000000 ____D () C:\Users\samuel

2014-05-20 19:21 - 2014-05-20 19:21 - 01654470 _____ () C:\Users\samuel\Downloads\background_changer_v2.5_2_mpgh.net.rar

2014-05-20 19:18 - 2014-05-20 19:18 - 00690024 _____ () C:\Users\samuel\Downloads\BLOPS II Backround_mpgh.net.zip

2014-05-20 18:50 - 2013-08-26 22:43 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\vlc

2014-05-20 15:48 - 2014-05-20 15:48 - 00794541 _____ () C:\Users\samuel\Downloads\Rookie v2.0.0 [18.05.2014].rar

2014-05-20 15:48 - 2014-05-20 15:47 - 00524598 _____ () C:\Users\samuel\Downloads\Faith Injector (1).rar

2014-05-20 15:46 - 2014-05-20 15:46 - 00524598 _____ () C:\Users\samuel\Downloads\Faith Injector.rar

2014-05-20 15:44 - 2014-05-20 15:44 - 00076379 _____ () C:\Users\samuel\Downloads\AntiKick.rar

2014-05-19 17:32 - 2013-08-15 20:19 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\.minecraft

2014-05-19 16:01 - 2014-05-19 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi

2014-05-19 16:01 - 2014-05-19 16:01 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi

2014-05-19 14:08 - 2014-05-19 14:08 - 03097796 _____ () C:\Users\samuel\Downloads\MW3 ChromatiX.zip

2014-05-19 13:59 - 2014-05-19 13:59 - 00023033 _____ () C:\Users\samuel\Downloads\MW3 - Texture Hack [FINAL].rar

2014-05-19 13:36 - 2014-05-19 13:36 - 00322433 _____ () C:\Users\samuel\Downloads\ProScope.rar

2014-05-19 13:34 - 2014-05-19 13:34 - 00583778 _____ () C:\Users\samuel\Downloads\MW3 QScope incl. Crosshair + Rapidknife.rar

2014-05-19 13:23 - 2014-05-19 13:23 - 01195434 _____ () C:\Users\samuel\Downloads\Public Multihack by TheAp713_mpgh.net.rar

2014-05-19 00:40 - 2014-05-19 00:40 - 01508106 _____ () C:\Users\samuel\Downloads\morphgen-binary-master.zip

2014-05-19 00:14 - 2014-05-19 00:13 - 12984640 _____ () C:\Users\samuel\Downloads\ZygorGuidesViewer_mpgh.net (1).rar

2014-05-19 00:13 - 2014-05-19 00:13 - 12984640 _____ () C:\Users\samuel\Downloads\ZygorGuidesViewer_mpgh.net.rar

2014-05-18 22:24 - 2014-05-18 12:01 - 00000000 ____D () C:\Users\samuel\AppData\Local\Arma 3

2014-05-18 12:03 - 2014-05-18 12:01 - 00000000 ____D () C:\Users\samuel\Documents\Arma 3

2014-05-18 12:01 - 2014-05-18 12:01 - 00000000 ____D () C:\ProgramData\Bohemia Interactive

2014-05-17 20:06 - 2013-10-29 15:23 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment

2014-05-17 17:16 - 2014-05-17 17:16 - 00675988 _____ () C:\Users\samuel\Downloads\Minecraft (1).exe

2014-05-16 10:00 - 2014-05-16 10:00 - 00216754 _____ () C:\Users\samuel\Downloads\tMorph.zip

2014-05-16 00:21 - 2014-05-16 00:21 - 04749738 _____ () C:\Users\samuel\Downloads\TheNoobBot-3.1.0.rar

2014-05-15 23:57 - 2013-10-29 15:29 - 00000000 ___HD () C:\ArcTemp

2014-05-15 22:57 - 2013-10-29 15:27 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Arc

2014-05-15 22:56 - 2014-05-15 22:56 - 09514088 _____ (Perfect World Entertainment) C:\Users\samuel\Downloads\ArcInstall_v20140404a.exe

2014-05-15 21:20 - 2014-05-15 15:19 - 00000000 ____D () C:\ProgramData\Battle.net

2014-05-15 21:13 - 2014-05-15 21:13 - 00968783 _____ () C:\Users\samuel\Downloads\WowAP_3.3.5.a._mpgh.net.zip

2014-05-15 15:26 - 2014-05-15 15:20 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Battle.net

2014-05-15 15:23 - 2014-05-15 15:23 - 00001252 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk

2014-05-15 15:23 - 2014-05-15 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

2014-05-15 15:20 - 2014-05-15 15:20 - 00001160 _____ () C:\Users\Public\Desktop\Battle.net.lnk

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\Users\samuel\AppData\Local\Blizzard Entertainment

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2014-05-15 15:20 - 2014-05-15 15:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-05-15 15:19 - 2014-05-15 15:18 - 02942368 _____ (Blizzard Entertainment) C:\Users\samuel\Downloads\World-of-Warcraft-Setup-enUS.exe

2014-05-15 14:58 - 2013-12-29 23:49 - 00466520 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll

2014-05-15 14:58 - 2013-12-29 23:49 - 00445016 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll

2014-05-15 14:58 - 2013-12-29 23:49 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll

2014-05-15 14:58 - 2013-12-29 23:49 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll

2014-05-13 18:48 - 2014-05-13 18:48 - 00262144 _____ () C:\Windows\Minidump\051314-23306-01.dmp

2014-05-13 18:48 - 2014-02-13 02:45 - 244031470 _____ () C:\Windows\MEMORY.DMP

2014-05-13 18:48 - 2014-02-13 02:45 - 00000000 ____D () C:\Windows\Minidump

2014-05-13 18:42 - 2014-05-13 18:42 - 00995008 _____ () C:\Users\samuel\Downloads\Firefox.exe

2014-05-13 18:40 - 2014-05-13 18:37 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\samuel\Downloads\SandboxieInstall.exe

2014-05-13 18:38 - 2014-05-13 18:38 - 00000000 ___RD () C:\Sandbox

2014-05-13 18:37 - 2014-05-13 18:37 - 02605768 _____ (Sandboxie Holdings, LLC) C:\Users\samuel\Downloads\SandboxieInstall (1).exe

2014-05-13 15:33 - 2014-05-13 15:33 - 00002544 _____ () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Landmark Beta.lnk

2014-05-13 15:26 - 2014-05-13 15:26 - 19793296 _____ () C:\Users\samuel\Downloads\LM_Beta_setup.exe

2014-05-13 13:14 - 2013-09-28 14:52 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-13 12:19 - 2014-05-13 12:18 - 29580676 _____ () C:\Users\samuel\Downloads\Module 28-1 w Narration.wmv

2014-05-13 11:01 - 2014-05-13 11:01 - 00012175 _____ () C:\Users\samuel\Downloads\Chapter 24 Digestive Diseases Summary.xlsx

2014-05-13 11:01 - 2014-05-13 11:01 - 00012175 _____ () C:\Users\samuel\Downloads\Chapter 24 Digestive Diseases Summary (1).xlsx

2014-05-12 23:15 - 2014-05-12 23:15 - 00262144 _____ () C:\Windows\Minidump\051214-17643-01.dmp

2014-05-12 22:54 - 2014-05-12 22:54 - 00262144 _____ () C:\Windows\Minidump\051214-19640-01.dmp

2014-05-12 07:26 - 2014-04-13 01:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-12 07:26 - 2014-04-13 01:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-12 07:25 - 2013-08-15 18:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-12 00:37 - 2013-10-12 15:54 - 00000000 ____D () C:\ProgramData\HappyCloud

2014-05-11 20:54 - 2014-05-11 20:54 - 00001441 _____ () C:\Users\samuel\Downloads\bf3fpsconfig.zip

2014-05-11 20:38 - 2014-05-11 20:38 - 41954352 _____ (Razer Inc. ) C:\Users\samuel\Downloads\RazerGameBoosterSetup_4.2.45.0.exe

2014-05-11 19:44 - 2014-05-11 19:44 - 00086834 _____ () C:\Users\samuel\Downloads\MOH_BETA_PUBLIC_[www.unknowncheats.me]_.rar

2014-05-11 14:49 - 2014-05-11 14:49 - 00001070 _____ () C:\Users\Administrator\Desktop\Build and Shoot Launcher.lnk

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build and Shoot

2014-05-11 14:49 - 2014-05-11 14:49 - 00000000 ____D () C:\Program Files (x86)\Build and Shoot

2014-05-11 14:48 - 2014-05-11 14:48 - 00673002 _____ () C:\Users\samuel\Downloads\Build and Shoot 1.2 Setup (1).exe

2014-05-11 12:55 - 2014-05-11 12:55 - 00139264 _____ (sun.the9.com) C:\Users\samuel\Downloads\9yin_MD5Check (1).exe

2014-05-11 12:53 - 2014-05-11 12:53 - 00139264 _____ (sun.the9.com) C:\Users\samuel\Downloads\9yin_MD5Check.exe

2014-05-11 10:17 - 2014-05-11 10:17 - 00172046 _____ () C:\Users\samuel\Downloads\MohHookv15Rev2_[www.unknowncheats.me]_.zip

2014-05-11 00:21 - 2014-05-11 00:21 - 00000000 ____D () C:\Program Files\Adblock Plus for IE

2014-05-11 00:21 - 2013-08-15 22:19 - 00000000 ____D () C:\ProgramData\Package Cache

2014-05-10 23:40 - 2014-02-13 00:53 - 00000000 ____D () C:\Users\samuel\Documents\EA Games

2014-05-10 23:34 - 2014-05-10 23:31 - 00000000 ____D () C:\Users\samuel\AppData\Local\Origin

2014-05-10 23:29 - 2014-05-10 23:29 - 17009768 _____ (Electronic Arts, Inc.) C:\Users\samuel\Downloads\OriginThinSetup.exe

2014-05-10 23:29 - 2014-05-10 23:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

2014-05-10 22:28 - 2013-08-20 23:22 - 00000000 ____D () C:\Users\samuel\AppData\Local\PunkBuster

2014-05-10 22:14 - 2014-04-28 22:03 - 00000000 ____D () C:\Users\samuel\Desktop\Moms Work

2014-05-10 21:51 - 2014-05-10 21:51 - 00000000 __SHD () C:\ProgramData\DSS

2014-05-10 18:32 - 2014-05-10 18:32 - 00408405 _____ () C:\Users\samuel\Downloads\Crysis2AdvancedGraphicsOptions_2_0_1_Beta (1).zip

2014-05-10 17:04 - 2014-05-10 17:04 - 00336209 _____ () C:\Users\samuel\Downloads\SmX-1 CRYNET 2.0 MATTHACK.rar

2014-05-10 17:01 - 2014-05-10 17:01 - 01704543 _____ () C:\Users\samuel\Downloads\Crysis2PAKUtility.rar

2014-05-10 16:10 - 2014-05-10 16:09 - 00000732 _____ () C:\Users\samuel\Downloads\autoexec.cfg

2014-05-10 16:03 - 2014-05-10 16:03 - 00408405 _____ () C:\Users\samuel\Downloads\Crysis2AdvancedGraphicsOptions_2_0_1_Beta.zip

2014-05-10 15:10 - 2014-05-10 15:10 - 00005026 _____ () C:\Users\samuel\Downloads\Ragnos1997-Crysis2Final1-5Patch.rar

2014-05-10 14:46 - 2014-05-10 14:46 - 03337480 _____ () C:\Users\samuel\Downloads\advisorinstaller.exe

2014-05-10 14:46 - 2014-05-10 14:46 - 00002146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

2014-05-10 14:46 - 2014-05-10 14:46 - 00000000 ____D () C:\Program Files (x86)\Belarc

2014-05-10 14:08 - 2014-05-10 14:08 - 00000431 _____ () C:\Users\samuel\Downloads\CryBOOST by DizturbedFan version 1.0

2014-05-10 11:42 - 2014-05-10 11:42 - 00074847 _____ () C:\Users\samuel\Downloads\crysis2configv5.2.zip

2014-05-09 20:52 - 2014-05-09 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends

2014-05-09 20:52 - 2014-05-09 20:41 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2014-05-09 20:40 - 2014-05-09 20:39 - 32229024 _____ (Riot Games) C:\Users\samuel\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe

2014-05-09 20:17 - 2014-05-09 20:17 - 00000000 ____D () C:\Users\samuel\AppData\Local\Realmware

2014-05-09 20:16 - 2014-05-09 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realmware BF3 Tools

2014-05-09 20:16 - 2014-05-09 20:16 - 00000000 ____D () C:\Program Files\Realmware

2014-05-09 20:15 - 2014-05-09 20:15 - 03276413 _____ (Realmware) C:\Users\samuel\Downloads\BF3SE-2.3.exe

2014-05-09 17:38 - 2014-05-09 17:38 - 00711649 _____ () C:\Users\samuel\Downloads\pbsetup.zip

2014-05-09 17:33 - 2014-05-09 17:33 - 00094057 _____ () C:\Users\samuel\Downloads\bf3lang.torrent

2014-05-09 07:29 - 2014-05-09 07:29 - 00857600 _____ () C:\Users\samuel\Downloads\LauncherClient.exe

2014-05-09 07:28 - 2014-05-09 07:28 - 00345088 _____ (ZLOFENIX) C:\Users\samuel\Downloads\Launcher.dll

2014-05-09 07:27 - 2014-05-09 07:27 - 08229465 _____ () C:\Users\samuel\Downloads\BF3_Client.rar

2014-05-09 07:24 - 2014-05-09 07:24 - 04574974 _____ () C:\Users\samuel\Downloads\Despo_Launcher_v1.2.rar

2014-05-09 07:12 - 2014-05-09 07:12 - 00000000 ____D () C:\Users\samuel\AppData\Local\ESN

2014-05-09 07:12 - 2014-05-09 07:11 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins

2014-05-09 07:11 - 2014-05-09 07:11 - 03822544 _____ () C:\Users\samuel\Downloads\battlelog-web-plugins_2.3.2_134.exe

2014-05-08 15:54 - 2014-05-08 15:24 - 00000000 ____D () C:\Users\samuel\AppData\Roaming\TeamViewer

2014-05-08 15:23 - 2014-05-08 15:23 - 06171848 _____ (TeamViewer GmbH) C:\Users\samuel\Downloads\TeamViewer_Setup_en.exe

2014-05-07 02:12 - 2013-10-17 21:45 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-07 02:12 - 2013-10-17 21:45 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-06 06:24 - 2014-05-06 06:24 - 430097582 _____ () C:\Users\samuel\Downloads\KSP 0.22  { mp88p }.zip

2014-05-05 21:51 - 2014-05-05 21:51 - 00000100 _____ () C:\Users\samuel\Downloads\NoclipBytesAfterPatch.txt

2014-05-05 21:44 - 2014-05-05 21:44 - 00000109 _____ () C:\Users\samuel\Downloads\NewNoclipBytes2014.txt

2014-05-04 21:16 - 2014-05-04 20:52 - 00000000 ____D () C:\Users\samuel\Documents\Fiddler2

2014-05-04 20:51 - 2014-05-04 20:51 - 00001902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk

2014-05-04 20:51 - 2014-05-04 20:51 - 00000000 ____D () C:\Program Files (x86)\Fiddler2

2014-05-04 20:50 - 2014-05-04 20:50 - 00969432 _____ (Telerik) C:\Users\samuel\Downloads\fiddler4setup.exe

2014-05-04 16:34 - 2014-05-04 16:34 - 00279664 _____ () C:\Windows\Minidump\050414-23056-01.dmp

2014-05-03 10:00 - 2014-05-03 10:00 - 00263861 _____ () C:\Users\samuel\Downloads\FataL_v3_1.rar

 

Files to move or delete:

====================

C:\ProgramData\ISTask.dll

 

 

Some content of TEMP:

====================

C:\Users\samuel\AppData\Local\Temp\tmp2B98.exe

C:\Users\samuel\AppData\Local\Temp\tmp4ADB.exe

C:\Users\samuel\AppData\Local\Temp\tmp573B.exe

C:\Users\samuel\AppData\Local\Temp\tmp720C.exe

C:\Users\samuel\AppData\Local\Temp\USkinDLL.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-27 05:52

 

==================== End Of Log ============================

 

RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : samuel [Admin rights]

Mode : Scan -- Date : 06/02/2014  11:48:51

 

¤¤¤ Bad processes : 2 ¤¤¤

[suspicious.Path] (SVC) FairplayKD -- \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys[x] -> STOPPED

[suspicious.Path] (SVC) xhunter1 -- \??\C:\Windows\xhunter1.sys[x] -> STOPPED

 

¤¤¤ Registry Entries : 18 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Run | GameCenterMailRu : "C:\Users\samuel\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart  -> FOUND

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Run | GameCenterMailRu : "C:\Users\samuel\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe" -autostart  -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 -> FOUND

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3631150188-1442477864-1940474469-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 1 ¤¤¤

[FORGED!][File] hidkmdf.sys -- C:\Windows\System32\Drivers\hidkmdf.sys -> FOUND

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 355 ¤¤¤

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoTaskMemFree : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c4d1130

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoCreateInstance : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c4e2100

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoDisableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c50ac98

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CreateStreamOnHGlobal : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c505e40

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoEnableCallCancellation : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c50ace0

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoRegisterClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c50e424

[iAT:Addr] (explorer.exe) api-ms-win-core-com-l1-1-0.dll - CoRevokeClassObject : C:\Windows\SYSTEM32\combase.dll @ 0x7ff7c512978

[Uviation123]

I couldn't figure out how to attach a file, so I Copy and Past the Addition file here, thanks

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01

Ran by samuel at 2014-06-02 11:30:34

Running from C:\Users\samuel\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden

AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)

Ascend: Hand of Kul (HKLM-x32\...\Steam App 233630) (Version:  - Signal Studios)

Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - Ubisoft Montreal)

Assassins Creed IV Black Flag Deluxe Edition (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware)

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)

Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)

Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)

Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )

Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)

Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)

DEFIANCE - Alpha Test (HKLM-x32\...\{3C45F112-F8A5-4136-B815-86B4C68E5BF3}_is1) (Version:  - Trion Worlds, Inc.)

DEFIANCE (HKLM-x32\...\{2BF4B6A7-9AB3-4A2B-A84E-91B5CBDC0000}_is1) (Version:  - Trion Worlds, Inc.)

DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)

Doom Warrior (HKLM-x32\...\{ECD05543-FB6F-45A9-8CA5-7BBF5FAABE31}_is1) (Version: 1.04 - Creaky Corpse Ltd)

Dragon Age™ II (HKLM-x32\...\{E1EB9F56-AFE2-4204-B28F-AD8DA793B9F4}) (Version: 1.04.8524.0 - Electronic Arts)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Elsword version v4.0429.5.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.0429.5.1 - Kill3rCombo)

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.4 - Echobit, LLC)

Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.8.0 - Telerik)

Firefall (HKLM-x32\...\{CFEF8DB5-B45E-4b05-90BE-D02AA6F45354}) (Version:  - Red 5 Studios)

Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Ghost Recon Phantoms - NA (HKCU\...\fc418bf9b18f76aa) (Version: 1.35.5979.1 - Ubisoft)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

Growtopia (remove only) (HKLM-x32\...\Growtopia) (Version:  - )

Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )

Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)

Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)

Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)

HiAlgoBoost for Far Cry 3 (HKLM-x32\...\HiAlgoBoostForFarCry3) (Version: 2.4 - HiAlgo Inc.)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

iTunes (HKLM\...\{A04DCB25-7040-4935-A30D-8E0A893ABF2D}) (Version: 11.1.2.32 - Apple Inc.)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

KUF2 (HKLM-x32\...\Kingdomunder Fire 2) (Version:  - )

Landmark Beta (HKCU\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

LEGO Minifigures Online (HKCU\...\423b93224c69643b) (Version: 1.0.0.0 - Funcom)

LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)

LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden

Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version:  - Paradox North)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Medal of Honor (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)

Moborobo 2.1.5.858 (HKLM-x32\...\{02B934E4-C574-4605-842B-01CD16295185}_is1) (Version: 2.1.5.858 - Moborobo Inc.)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MTA:SA v1.3.5 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)

Nether Launcher (HKLM\...\{BA92D323-2D01-407D-AA36-285413610376}) (Version: 16.22.0.0 - Nether Productions, LLC.)

Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )

Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.2 - Black Tree Gaming)

Nitronic Rush (2012-12-21 .2) version 20121221.1 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20121221.1 - DigiPen)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 3.0.0 - OGPlanet, Inc.)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30513 - Grinding Gear Games)

Planetside (HKCU\...\soe-Planetside) (Version: 1.0.3.183 - Sony Online Entertainment)

PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.7 - Power Software Ltd)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)

RaiderZ (HKLM-x32\...\RaiderZ) (Version:  - Perfect World Entertainment)

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )

Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)

Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)

Renegade X Black Dawn (HKLM\...\UDK-67c34398-2d51-4bfb-8f14-34f7ca6f6c68) (Version:  - Epic Games, Inc.)

ROBLOX Player for samuel (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

ROBLOX Studio 2013 for samuel (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)

S4 League_EU (HKLM-x32\...\{D203D2F9-BA82-4E4D-AA00-B13AECBD3B2D}) (Version: 1.00.0000 - )

Shadowgun: DeadZone (HKLM-x32\...\Shadowgun DeadZone) (Version: 2.2.2 - MADFINGER Games)

Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)

Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.34 - Bioware/EA)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

Tales Runner version 1.0 (HKLM-x32\...\{FB205A57-6847-4BAE-8854-ED09266CC221}_is1) (Version: 1.0 - OGPlanet, Inc)

TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)

TERA (HKCU\...\teraenmasse) (Version:  - )

UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.0.0.0 - Manuel Hoefs (Zottel))

Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{83661BA0-9CAD-48C4-AF53-E420C729ACC0}) (Version: 15.0.1157 - Microsoft Corporation)

Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)

Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)

Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{1D53FB73-9826-4541-B2E0-A239C6EBA718}) (Version:  - )

Update for Microsoft Office Word 2007 (KB974631) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{34726474-50D6-49FC-B8AC-35411459D27A}) (Version:  - )

Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

War Inc Battlezone version 1.0.0 (HKLM-x32\...\{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1) (Version: 1.0.0 - Arktos Entertainment Group LLC)

War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)

War Thunder Launcher 1.0.1.340 (HKLM-x32\...\{abc8eea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)

Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)

WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

XSplit Gamecaster (HKLM-x32\...\{0DD98D54-BF17-4490-963F-D34B5AB5ACF0}) (Version: 1.5.1402.1801 - SplitMediaLabs)

Yulgang2 (HKLM-x32\...\Yulgang2) (Version:  - Cubizone)

Игровой центр (HKCU\...\GameCenterMailRu) (Version: 2.378 - ООО "Мэйл.Ру Геймз")

微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{660E9893-1596-4CB9-ABA4-8916E108C0A9}) (Version: 15.0.1352 - Microsoft)

 

==================== Restore Points  =========================

 

15-05-2014 19:54:51 Installed DirectX

18-05-2014 16:59:38 Installed DirectX

23-05-2014 12:06:04 Installed BlackGold

25-05-2014 05:09:33 Removed BlackGold

30-05-2014 22:13:20 Installed DirectX

01-06-2014 19:09:16 Installed DirectX

 

==================== Hosts content: ==========================

 

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {4CEE677E-2B13-4A47-9358-DAB76C0C0D07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-17] (Google Inc.)

Task: {5E5FFAFF-13DD-4C05-AD28-229AF40D7F9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)

Task: {7A3590CF-26DD-4C51-A3F6-1BA3D414D1F7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-15] ()

Task: {8376770F-E86A-429F-AD41-C6C919540CC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-17] (Google Inc.)

Task: {8E5F47B8-6E99-40D5-8ABB-70566D74BFE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {BACF1C8C-1732-45A3-9998-721D7747A14C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {C23C7DF5-9737-4732-99AE-5168C86EFF0C} - System32\Tasks\SW.Booster-S-571884386 => c:\programdata\snowapp\sw.booster\SW.Booster.exe

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SW.Booster-S-571884386.job => c:\programdata\snowapp\sw.booster\SW.Booster.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-03-17 17:46 - 2014-01-14 15:12 - 00070952 _____ () C:\Program Files (x86)\Moborobo\MoboroboDeviceService.exe

2013-08-22 20:05 - 2014-06-01 18:14 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-11-16 15:27 - 2012-11-16 15:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-11-16 15:12 - 2012-11-16 15:12 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-03-17 17:45 - 2014-01-14 15:12 - 00940400 _____ () C:\Program Files (x86)\Moborobo\DriverInstall.dll

2014-04-30 20:13 - 2014-04-29 19:08 - 01135104 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll

2014-04-30 20:13 - 2014-04-29 19:08 - 00404992 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll

2014-01-07 21:09 - 2014-04-29 19:08 - 00340992 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll

2014-04-09 19:38 - 2014-04-29 19:08 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll

2013-07-01 10:20 - 2014-05-16 20:36 - 00756224 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2014-04-30 20:13 - 2014-05-29 12:37 - 02139840 _____ () C:\Program Files (x86)\Steam\video.dll

2014-04-30 20:13 - 2014-04-28 19:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll

2013-07-26 16:46 - 2014-05-29 12:36 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-07-15 16:32 - 2014-05-01 18:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-06-14 17:49 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2013-06-14 17:49 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2013-06-14 17:49 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2014-05-23 05:29 - 2014-05-13 18:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll

2014-05-23 05:29 - 2014-05-13 18:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll

2014-05-23 05:29 - 2014-05-13 18:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll

2014-05-23 05:29 - 2014-05-13 18:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll

2014-05-23 05:29 - 2014-05-13 18:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData:NT

AlternateDataStreams: C:\Users\All Users:NT

AlternateDataStreams: C:\ProgramData\Application Data:NT

AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT

AlternateDataStreams: C:\ProgramData\Temp:373E1720

AlternateDataStreams: C:\Users\samuel\Application Data:NT

AlternateDataStreams: C:\Users\samuel\AppData\Roaming:NT

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

 

==================== EXE Association (whitelisted) =============

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/02/2014 00:36:42 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LMO.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: db8

 

Start Time: 01cf7e21a8e67feb

 

Termination Time: 4294967295

 

Application Path: C:\Users\samuel\AppData\Local\Apps\2.0\5DXAGZ6P.D62\1JJWB3CR.QWG\lego...app_8c161902ccf9ca2a_0001.0000_42de1d5cb7e83a15\LMO.exe

 

Report Id: dd240711-ea17-11e3-bff8-6c626dabb32d

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (06/01/2014 11:20:20 PM) (Source: HiRezSoftwareManagerSvc) (EventID: 0) (User: )

Description: Service cannot be started. System.Xml.XmlException: Root element is missing.

   at System.Xml.XmlTextReaderImpl.Throw(Exception e)

   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()

   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)

   at System.Xml.XmlDocument.Load(XmlReader reader)

   at System.Xml.XmlDocument.Load(String filename)

   at Hirez.Utilities.HirezConfigSettings.LoadConfigDocument(String filePath)

   at Hirez.Utilities.HirezConfigSettings.ReadSetting(String filePath, String key)

   at Hirez.Patcher.PatchNetworkClient.(NewMessageCallback )

   at Hirez.Patcher.PatchNetworkClient..ctor(String appConfigFilePath, NewMessageCallback logCallback)

   at Hirez.Patcher.HiPatchService.InternalStart()

   at Hirez.Patcher.HiPatchService.OnStart(String[] badDontWorkMicrosoftBugArgs)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

 

Error: (06/01/2014 11:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f

Faulting module name: teknomw3.dll, version: 0.0.0.0, time stamp: 0x5389feca

Exception code: 0xc0000409

Fault offset: 0x0001e827

Faulting process id: 0x1718

Faulting application start time: 0xiw5mp.exe0

Faulting application path: iw5mp.exe1

Faulting module path: iw5mp.exe2

Report Id: iw5mp.exe3

Faulting package full name: iw5mp.exe4

Faulting package-relative application ID: iw5mp.exe5

 

Error: (06/01/2014 11:16:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f

Faulting module name: teknomw3.dll, version: 0.0.0.0, time stamp: 0x5389feca

Exception code: 0xc0000409

Fault offset: 0x0001e827

Faulting process id: 0xa00

Faulting application start time: 0xiw5mp.exe0

Faulting application path: iw5mp.exe1

Faulting module path: iw5mp.exe2

Report Id: iw5mp.exe3

Faulting package full name: iw5mp.exe4

Faulting package-relative application ID: iw5mp.exe5

 

Error: (06/01/2014 11:11:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f

Faulting module name: teknomw3.dll, version: 0.0.0.0, time stamp: 0x5389feca

Exception code: 0xc0000409

Fault offset: 0x0001e827

Faulting process id: 0x1020

Faulting application start time: 0xiw5mp.exe0

Faulting application path: iw5mp.exe1

Faulting module path: iw5mp.exe2

Report Id: iw5mp.exe3

Faulting package full name: iw5mp.exe4

Faulting package-relative application ID: iw5mp.exe5

 

Error: (06/01/2014 11:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iw5mp.exe, version: 0.0.0.0, time stamp: 0x4f186c8f

Faulting module name: teknomw3.dll, version: 0.0.0.0, time stamp: 0x5389feca

Exception code: 0xc0000409

Fault offset: 0x0001e827

Faulting process id: 0x14a0

Faulting application start time: 0xiw5mp.exe0

Faulting application path: iw5mp.exe1

Faulting module path: iw5mp.exe2

Report Id: iw5mp.exe3

Faulting package full name: iw5mp.exe4

Faulting package-relative application ID: iw5mp.exe5

 

Error: (06/01/2014 10:37:43 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program WWAHost.exe version 6.2.9200.16420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 760

 

Start Time: 01cf7e13ee25539a

 

Termination Time: 4294967295

 

Application Path: C:\Windows\System32\WWAHost.exe

 

Report Id: 39df305a-ea07-11e3-bff7-6c626dabb32d

 

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

 

Faulting package-relative application ID: Windows.Store

 

Error: (06/01/2014 10:37:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: KEKEFAMILYPC)

Description: Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy was terminated because it took too long to suspend.

 

Error: (06/01/2014 10:28:32 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LMO.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: a3c

 

Start Time: 01cf7e1286082e0e

 

Termination Time: 4294967295

 

Application Path: C:\Users\samuel\AppData\Local\Apps\2.0\5DXAGZ6P.D62\1JJWB3CR.QWG\lego...app_8c161902ccf9ca2a_0001.0000_42de1d5cb7e83a15\LMO.exe

 

Report Id: f63f227b-ea05-11e3-bff7-6c626dabb32d

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (06/01/2014 02:07:11 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: s4client.exe, version: 0.8.32.17099, time stamp: 0x535773d1

Faulting module name: s4client.exe, version: 0.8.32.17099, time stamp: 0x535773d1

Exception code: 0xc0000005

Fault offset: 0x00a95ba4

Faulting process id: 0x34

Faulting application start time: 0xs4client.exe0

Faulting application path: s4client.exe1

Faulting module path: s4client.exe2

Report Id: s4client.exe3

Faulting package full name: s4client.exe4

Faulting package-relative application ID: s4client.exe5

 

 

System errors:

=============

Error: (06/01/2014 11:20:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SW.Sustainer service to connect.

 

Error: (06/01/2014 11:19:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Sandboxie Service service failed to start due to the following error: 

%%2

 

Error: (06/01/2014 11:19:39 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 11:17:57 PM on ‎6/‎1/‎2014 was unexpected.

 

Error: (06/01/2014 01:01:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SW.Sustainer service to connect.

 

Error: (06/01/2014 01:00:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Sandboxie Service service failed to start due to the following error: 

%%2

 

Error: (05/30/2014 08:39:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (05/30/2014 08:39:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (05/30/2014 05:21:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the SW.Sustainer service to connect.

 

Error: (05/30/2014 05:21:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Sandboxie Service service failed to start due to the following error: 

%%2

 

Error: (05/30/2014 05:21:12 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 5:19:59 PM on ‎5/‎30/‎2014 was unexpected.

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 71%

Total physical RAM: 1791.18 MB

Available physical RAM: 511.38 MB

Total Pagefile: 3647.18 MB

Available Pagefile: 1687.87 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: (Main Drive) (Fixed) (Total:931.51 GB) (Free:163.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 84A299A6)

Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[kevinf80]

I cannot offer any further help as you have active illegal software on your system, if you want further confirmation contact one of the moderators..

 

Task: {7A3590CF-26DD-4C51-A3F6-1BA3D414D1F7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-15] ()

 

Kevin..

[Uviation123]

Is there anyway, you can continue to help, I honestly did not know that was there. I removed the file from my Computer

[kevinf80]

I do not have the authority to continue after illegal software is found, you will have to contact a moderator...

 

Kevin...

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

[Uviation123]

So, I used to have minerd.exe/cgminer.exe I removed thoose, now when  I check task manger, my CPU is at 98..., and the process that is causing this is task manager...

 

Here is a video..In the video it shows OBS using alot of cpu, then I continue to start task manager, and then the thing happens..

 

Video: 

[Uviation123]

How do I post a video?https://www.youtube.com/watch?v=Ao7nHJzIqmo&feature=youtu.be

[Uviation123]

How do I post a video?https://www.youtube.com/watch?v=Ao7nHJzIqmo&feature=youtu.be

Sorry, about that there is the video.

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

[AdvancedSetup]

Topic has been reopened. User says he has removed all pirated software.

 

If any further pirated, cracked software is found during scanning this topic will be closed and no further assistance provided.