Jump to content

Pup infection keeps coming back, fear I have remote attack/tracking beacons


Recommended Posts

Hi,

 

I am virtually a noob when it comes to online help, my very fist post is right here, and also when it comes to computers,(the back end)  but recently I have begun to dig into my computer folders and files to learn more it all and have reformatted several times, last time being about 4-6 weeks ago.

 

Seems my problem comes from Google chrome extensions but Roguekiller has them shown as all green. My computer shut down my events viewer, and stopped the notifications coming to me mid June, so I had no idea until mid last week I dug further that something was very bad.

 

I removed MSE while back and started using Baidu and all hell broke loose, as I can see it tracking or setting tracking beacons to China and Russia, which I found very shocking and disturbing. I have since removed that, and it seemed to have placed itself in front of every single object/file on my computer.

 

I work from home so I need my computer to be always tip top shape so I began to start a Virus/malware kit and have gathered a few programs and started with Mbar removal, then Roguekiller, and I just did Rougekilleer again, days later and 2 pup infections found way back into my registry, but I feel something else is lurking, watching and tracking as a notepad file shows me all the tracking beacons tracking me. 

 

I really need to get my computer back to normal and return to work in 12 hours. 

 

Can I ask for assistance?  I don't mind a paypal donation once it's fixed and my account is full again after the weekend to whoever can help me fix this over the next few hours. I really greatly would appreciate it.

 

 

Steve

Link to post
Share on other sites

  • Replies 67
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Hi again,

 

I saved farbar to my desktop as you said, here are my results of frst text file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by McMillan (administrator) on SAHARA-PC on 31-07-2014 16:14:06
Running from C:\Users\McMillan\Desktop
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe
BootExecute: autocheck autochk * regdefrag
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.gmail.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]
CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]
CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]
CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]
CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]
CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]
CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]
CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]
CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]
CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]
CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]
CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]
CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]
CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
R3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)
S4 NVHDA; system32\drivers\nvhda32v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 16:14 - 2014-07-31 16:14 - 00010612 _____ () C:\Users\McMillan\Desktop\FRST.txt
2014-07-31 16:13 - 2014-07-31 16:14 - 00000000 ____D () C:\FRST
2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW
2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer
2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com
2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi
2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp
2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe
2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr
2014-07-31 10:16 - 2014-07-31 10:16 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe
2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms
2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe
2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe
2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe
2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe
2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe
2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe
2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe
2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe
2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe
2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe
2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe
2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe
2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe
2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe
2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat
2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState
2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO
2014-07-31 07:52 - 2014-07-31 15:58 - 00000692 _____ () C:\Windows\setupact.log
2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 07:44 - 2014-07-31 15:58 - 00036263 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe
2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe
2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe
2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe
2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe
2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB
2014-07-28 21:38 - 2014-07-28 21:38 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-28 21:37 - 2014-07-28 21:37 - 00866720 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-07-28 21:37 - 2014-07-28 21:37 - 00788896 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-07-28 21:37 - 2014-07-28 21:37 - 00263584 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00094112 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-28 21:35 - 2014-07-28 21:37 - 31666592 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\jre-7u21-windows-i586.exe
2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk
2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google
2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV
2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}
2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt
2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps
2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList
2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks
2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA
2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks
2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype
2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype
2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub
2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation
2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet
2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg
2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable
2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol
2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe
2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe
2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe
2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe
2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss
2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper
2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper
2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-03 04:52 - 2014-07-28 21:37 - 00000000 ____D () C:\Program Files\Java
2014-07-01 10:21 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-01 07:51 - 2014-05-08 17:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-01 07:51 - 2014-05-08 17:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-01 04:58 - 2014-07-01 04:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-07-01 02:20 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me
2014-07-01 02:20 - 2014-07-01 02:20 - 00001088 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00001082 _____ () C:\Users\McMillan\Desktop\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\join.me
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 16:14 - 2014-07-31 16:14 - 00010612 _____ () C:\Users\McMillan\Desktop\FRST.txt
2014-07-31 16:14 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST
2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve
2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW
2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer
2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms
2014-07-31 15:58 - 2014-07-31 07:52 - 00000692 _____ () C:\Windows\setupact.log
2014-07-31 15:58 - 2014-07-31 07:44 - 00036263 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-31 15:57 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com
2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi
2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub
2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp
2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe
2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr
2014-07-31 10:16 - 2014-07-31 10:16 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe
2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe
2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe
2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe
2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe
2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe
2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe
2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe
2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe
2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe
2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe
2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe
2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe
2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe
2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe
2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat
2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState
2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO
2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 07:49 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 07:49 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 07:42 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation
2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan
2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch
2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk
2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp
2014-07-31 06:34 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype
2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD
2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk
2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps
2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther
2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe
2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe
2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe
2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe
2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe
2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya
2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper
2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB
2014-07-28 21:38 - 2014-07-28 21:38 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-28 21:37 - 2014-07-28 21:37 - 00866720 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2014-07-28 21:37 - 2014-07-28 21:37 - 00788896 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-07-28 21:37 - 2014-07-28 21:37 - 00263584 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00174496 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-28 21:37 - 2014-07-28 21:37 - 00094112 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-28 21:37 - 2014-07-28 21:35 - 31666592 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\jre-7u21-windows-i586.exe
2014-07-28 21:37 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java
2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk
2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google
2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment
2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet
2014-07-27 21:07 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc
2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars
2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg
2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl
2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV
2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}
2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss
2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype
2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable
2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper
2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me
2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc
2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio
2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars
2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk
2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk
2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack
2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA
2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0
2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA
2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia
2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions
2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe
2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google
2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions
2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype
2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google
2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe
2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt
2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks
2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList
2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA
2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks
2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype
2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation
2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet
2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg
2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol
2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe
2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe
2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe
2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe
2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES
2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss
2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-01 04:58 - 2014-07-01 04:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-07-01 02:20 - 2014-07-01 02:20 - 00001088 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00001082 _____ () C:\Users\McMillan\Desktop\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\join.me
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-29 01:56
 
==================== End Of Log ============================
Link to post
Share on other sites

Here are the results for the Addition text file

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by McMillan at 2014-07-31 16:14:42
Running from C:\Users\McMillan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Damn oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)
Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
join.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)
magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Poker fukin Stars (HKLM\...\PokerStars) (Version:  - PokerStars)
Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)
Ringio (Version: 2.4 - Ringio) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-07-2014 00:16:15 Windows Modules Installer
23-07-2014 05:05:23 Windows Modules Installer
24-07-2014 15:46:34 Restore Operation
24-07-2014 20:52:25 July 25th, back to normal again
28-07-2014 13:31:48 Removed Java 7 Update 60
28-07-2014 13:37:25 Installed Java 7 Update 21
30-07-2014 17:04:37 Windows Backup
30-07-2014 21:06:50 Windows Update
30-07-2014 22:33:38 Restore Operation
30-07-2014 23:03:17 Windows Modules Installer
30-07-2014 23:33:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-15 14:27 - 2014-05-20 08:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-28 21:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-28 21:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WSearch => 3
MSCONFIG\Services: wuauserv => 3
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
 
System errors:
=============
Error: (07/31/2014 03:54:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/31/2014 03:54:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/31/2014 03:54:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/31/2014 03:54:07 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/31/2014 03:54:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (07/31/2014 10:43:43 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (07/31/2014 05:14:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (07/25/2014 03:09:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (07/25/2014 03:07:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
Error: (07/25/2014 03:07:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 42%
Total physical RAM: 3327.23 MB
Available physical RAM: 1925.02 MB
Total Pagefile: 5825.52 MB
Available Pagefile: 4645.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:171.29 GB) (Free:133.96 GB) NTFS
Drive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.59 GB) NTFS
Drive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
I am concerned, can anyone use this information to gain access to my computer now though?
Link to post
Share on other sites

I made changes and computer was supposed to be rebooted, I think I ran some tools like TSSD, cccleaner- That's how I modified some of the program names fooling around earlier. Should I have rebooted and  see what those programs did before running the farbar recovery scan tool?

 

Thanks for your help and also speedy service Jurgen!

Link to post
Share on other sites

I am concerned, can anyone use this information to gain access to my computer now though?

Hi,

No! :)

Download mbar.PNGMalwarebytes Anti-Rootkit to your desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
Link to post
Share on other sites

As per your request, here is mbar system-log txt file

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17126
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, L:\ DRIVE_FIXED
CPU speed: 3.159000 GHz
Memory total: 3488849920, free: 1887526912
 
Downloaded database version: v2014.07.31.03
Downloaded database version: v2014.07.17.01
=======================================
Initializing...
------------ Kernel report ------------
     07/31/2014 16:53:01
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nvm62x32.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\System32\drivers\TrueSight.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\psapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\wininet.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msctf.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86dcfac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff86cac460
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8655dac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000055\
Lower Device Object: 0xffffffff86250948
Lower Device Driver Name: \Driver\nvstor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8655dac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8655d700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8655dac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8557b7d8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86250948, DeviceName: \Device\00000055\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1457E526
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 359219200
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 359426048  Numsec = 617342976
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86dcfac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85f57020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86dcfac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86cac460, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16A1C0B4
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 64  Numsec = 1953525056
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
Link to post
Share on other sites

And the mbar log (date x-x-x-x) txt file

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.07.31.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17126
McMillan :: SAHARA-PC [administrator]
 
7/31/2014 4:53:09 PM
mbar-log-2014-07-31 (16-53-09).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 288910
Time elapsed: 5 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
Link to post
Share on other sites

Hi Jurgen,

 

Hope your wide awake haha. It took a while but here is the result of the ESET Scan.

 I copied the log.txt file as well to my desktop.

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0a25e7d731dfa142ba209078de39c6b7
# engine=19434
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-31 10:49:47
# local_time=2014-07-31 06:49:47 (+0800, China Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 158434978 0 0
# scanned=91644
# found=23
# cleaned=0
# scan_time=5233
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\McMillan\Downloads\cccleanrersetup416.exe"
sh=6846208624831264162B0731D92BCC0D2A046A88 ft=1 fh=8f837d606a1040d7 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="C:\Users\McMillan\Downloads\old downloads\CodecPerformerSetup.exe"
sh=B4070B08C98B7AB1CE65F2C72BEC9F1BFA7AA0E4 ft=1 fh=8322719f776d7e97 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="C:\Users\McMillan\Downloads\old downloads\SoftonicDownloader_for_microsoft-net-framework-repair-tool.exe"
sh=9945E50B0C7C0DC27A0C285A4E892F64763E8709 ft=1 fh=a5f21a08404629b6 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="C:\Users\McMillan\Downloads\old downloads\SoftonicDownloader_for_vlc-media-player.exe"
sh=0B6402AC7481BC4135A659EB4F2178B5B9773A04 ft=1 fh=fc9b1583ac8c9634 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="C:\Users\McMillan\Downloads\old downloads\SoftonicDownloader_for_winrar.exe"
sh=9D8CDC0E2EC217CD48453BF5F87741AC36C19498 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-05-14 031720\Backup Files 2014-05-14 031720\Backup files 2.zip"
sh=10833619BE16DF8F0B83DC250596A0C64453E505 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-05-21 121406\Backup Files 2014-05-21 121406\Backup files 1.zip"
sh=67107CBC1DB60439C06860D446FB3FC78C3F2060 ft=0 fh=0000000000000000 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-05-21 121406\Backup Files 2014-05-21 121406\Backup files 2.zip"
sh=12F85F7C230DA2AF9ED63407F1FD244A36F03C72 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-05-21 121406\Backup Files 2014-05-25 190000\Backup files 3.zip"
sh=05A4F5CB0AA9BFE8D16B3DAC3E8B05FEB681DA74 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-06-01 190000\Backup Files 2014-06-01 190000\Backup files 2.zip"
sh=C24EB8518DF62F51AB69A8A431BBECAC49877381 ft=0 fh=0000000000000000 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-06-01 190000\Backup Files 2014-06-01 190000\Backup files 3.zip"
sh=82FCF3CB567859AE33E81D97627BBF176EB0BBED ft=0 fh=0000000000000000 vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-06-01 190000\Backup Files 2014-06-01 190000\Backup files 54.zip"
sh=EA0C21147E5587BBD57B8E4B9B2D42B70AA13B15 ft=0 fh=0000000000000000 vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-06-08 060513\Backup Files 2014-06-08 060513\Backup files 2.zip"
sh=9ABB6B3F652BD34AD6F9A2D28EC90D86E69B16E0 ft=0 fh=0000000000000000 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-1610499705-2313736671-1555703110-1000\$RT418IO\Backup Set 2014-06-08 060513\Backup Files 2014-06-08 060513\Backup files 3.zip"
sh=D5FD895DA4176F12D46A11375BDF571EBCA47FFF ft=0 fh=0000000000000000 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="E:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-06-17 085922\Backup files 5.zip"
sh=B2CC7894DC410835D716AA8BD5A50914973BA998 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="E:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-07-04 174419\Backup files 4.zip"
sh=AD67265017FBFD99568C6078D1B1995B9F4486E3 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="E:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-07-04 174419\Backup files 5.zip"
sh=99A2EB8AB51CBA9DA43F8AA78ED9B9F99794D390 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="E:\SAHARA-PC\Backup Set 2014-07-31 010432\Backup Files 2014-07-31 010432\Backup files 2.zip"
sh=322379897AA125B1DA8881057BEDE161FA189C9C ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="E:\SAHARA-PC\Backup Set 2014-07-31 010432\Backup Files 2014-07-31 010432\Backup files 3.zip"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="E:\Steve\Virus removal programs\cccleanrersetup416.exe"
sh=D5FD895DA4176F12D46A11375BDF571EBCA47FFF ft=0 fh=0000000000000000 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="L:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-06-17 085922\Backup files 5.zip"
sh=B2CC7894DC410835D716AA8BD5A50914973BA998 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallBrain.CF potentially unwanted application" ac=I fn="L:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-07-04 174419\Backup files 4.zip"
sh=AD67265017FBFD99568C6078D1B1995B9F4486E3 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="L:\SAHARA-PC\Backup Set 2014-06-17 085922\Backup Files 2014-07-04 174419\Backup files 5.zip"
Link to post
Share on other sites

Closing security holes

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Java 7 Update 21
  • Reboot your computer.
Download and install Java 7 Update 65

www.java.com

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Addition.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by McMillan at 2014-07-31 21:05:04
Running from C:\Users\McMillan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Damn oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden
join.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)
magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Poker fukin Stars (HKLM\...\PokerStars) (Version:  - PokerStars)
Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)
Ringio (Version: 2.4 - Ringio) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
23-07-2014 05:05:23 Windows Modules Installer
24-07-2014 15:46:34 Restore Operation
24-07-2014 20:52:25 July 25th, back to normal again
28-07-2014 13:31:48 Removed Java 7 Update 60
28-07-2014 13:37:25 Installed Java 7 Update 21
30-07-2014 17:04:37 Windows Backup
30-07-2014 21:06:50 Windows Update
30-07-2014 22:33:38 Restore Operation
30-07-2014 23:03:17 Windows Modules Installer
30-07-2014 23:33:05 Windows Update
31-07-2014 11:37:41 Removed Java 7 Update 21
31-07-2014 12:40:31 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-06-15 14:27 - 2014-05-20 08:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-31 20:40 - 2014-07-31 20:40 - 00018856 _____ () C:\Program Files\Java\jre7\bin\jp2native.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WSearch => 3
MSCONFIG\Services: wuauserv => 3
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
 
System errors:
=============
Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
Error: (07/31/2014 08:19:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cryptographic Services service failed to start due to the following error: 
%%1079
 
 
Microsoft Office Sessions:
=========================
Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
 
Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 
Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )
Description: Unknown Error, 0x80004003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 3327.23 MB
Available physical RAM: 2173.18 MB
Total Pagefile: 5825.52 MB
Available Pagefile: 4214.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:171.29 GB) (Free:134.23 GB) NTFS
Drive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.56 GB) NTFS
Drive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.43 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
FRST txt file results
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by McMillan (administrator) on SAHARA-PC on 31-07-2014 21:04:36
Running from C:\Users\McMillan\Desktop
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe
BootExecute: autocheck autochk * regdefrag
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
 
Chrome: 
=======
CHR StartupUrls: "hxxp://www.gmail.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]
CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]
CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]
CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]
CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]
CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]
CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]
CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]
CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]
CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]
CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]
CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]
CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]
CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]
CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)
S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)
S4 NVHDA; system32\drivers\nvhda32v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 21:04 - 2014-07-31 21:04 - 00011353 _____ () C:\Users\McMillan\Desktop\FRST.txt
2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe
2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log
2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe
2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-31 19:31 - 2014-07-31 20:20 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe
2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe
2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar
2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe
2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt
2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt
2014-07-31 16:13 - 2014-07-31 21:04 - 00000000 ____D () C:\FRST
2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW
2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer
2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com
2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi
2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp
2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe
2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr
2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms
2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe
2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe
2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe
2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe
2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe
2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe
2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe
2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe
2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe
2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe
2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe
2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe
2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe
2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe
2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat
2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState
2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO
2014-07-31 07:52 - 2014-07-31 20:19 - 00000748 _____ () C:\Windows\setupact.log
2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 07:44 - 2014-07-31 20:23 - 00044888 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe
2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe
2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe
2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe
2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe
2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB
2014-07-28 21:35 - 2014-07-28 21:37 - 31666592 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\jre-7u21-windows-i586.exe
2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk
2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google
2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV
2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}
2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt
2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps
2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList
2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks
2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA
2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks
2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype
2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype
2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub
2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation
2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet
2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg
2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable
2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol
2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe
2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe
2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe
2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe
2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss
2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper
2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper
2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk
2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun
2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java
2014-07-01 10:21 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-01 07:51 - 2014-05-08 17:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-01 07:51 - 2014-05-08 17:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-01 04:58 - 2014-07-01 04:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-07-01 02:20 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me
2014-07-01 02:20 - 2014-07-01 02:20 - 00001088 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00001082 _____ () C:\Users\McMillan\Desktop\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\join.me
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 21:04 - 2014-07-31 21:04 - 00011353 _____ () C:\Users\McMillan\Desktop\FRST.txt
2014-07-31 21:04 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST
2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java
2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe
2014-07-31 20:26 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 20:26 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 20:24 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-31 20:23 - 2014-07-31 07:44 - 00044888 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 20:20 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware
2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-31 20:19 - 2014-07-31 07:52 - 00000748 _____ () C:\Windows\setupact.log
2014-07-31 20:19 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log
2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe
2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe
2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype
2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe
2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar
2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe
2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt
2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt
2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve
2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe
2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery
2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW
2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer
2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms
2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe
2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com
2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi
2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub
2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp
2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe
2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr
2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe
2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe
2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe
2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe
2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe
2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe
2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe
2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe
2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe
2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe
2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe
2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe
2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe
2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe
2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat
2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState
2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO
2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation
2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan
2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch
2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk
2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp
2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD
2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk
2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps
2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther
2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe
2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe
2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe
2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe
2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe
2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya
2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper
2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB
2014-07-28 21:37 - 2014-07-28 21:35 - 31666592 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\jre-7u21-windows-i586.exe
2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk
2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google
2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment
2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet
2014-07-27 21:07 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc
2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars
2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg
2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl
2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV
2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}
2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss
2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security
2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype
2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable
2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper
2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me
2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc
2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio
2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars
2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk
2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk
2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack
2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA
2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0
2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr
2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell
2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources
2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA
2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization
2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding
2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia
2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions
2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe
2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google
2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions
2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype
2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google
2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT
2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe
2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines
2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt
2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks
2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList
2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList
2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA
2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks
2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype
2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation
2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet
2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg
2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol
2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe
2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe
2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe
2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe
2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES
2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss
2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk
2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun
2014-07-01 04:58 - 2014-07-01 04:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-07-01 02:20 - 2014-07-01 02:20 - 00001088 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00001082 _____ () C:\Users\McMillan\Desktop\join.me.lnk
2014-07-01 02:20 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\join.me
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-07-29 01:56
 
==================== End Of Log ============================
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.