Pup infection keeps coming back, fear I have remote attack/tracking beacons

[deeprybka]

You drive me crazy...

 

Please doubleklick exactly where the "bluepoint" is.... (is this English?)

 

 

 

 

 

 

Please reboot your PC for fresh FRST-Logs:

Start FRST with administator privileges.

• Make sure the following option is checked:
• Press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

  Please copy and paste these logs in your next reply.

[StanleyBeast]

hahaha , Omg, I am a retard, I didn't know I could do that.

 

Yeah, paying customers can drive you crazy:P Don't I KNOW it lol. Rebooting, then running FRST. BRB

[StanleyBeast]

Here is the addition txt file

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01

Ran by McMillan at 2014-08-01 04:03:02

Running from C:\Users\McMillan\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Damn oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)

Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)

Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden

join.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)

magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

Poker fukin Stars (HKLM\...\PokerStars) (Version:  - PokerStars)

Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)

Ringio (Version: 2.4 - Ringio) Hidden

SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden

Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

23-07-2014 05:05:23 Windows Modules Installer

24-07-2014 15:46:34 Restore Operation

24-07-2014 20:52:25 July 25th, back to normal again

28-07-2014 13:31:48 Removed Java 7 Update 60

28-07-2014 13:37:25 Installed Java 7 Update 21

30-07-2014 17:04:37 Windows Backup

30-07-2014 21:06:50 Windows Update

30-07-2014 22:33:38 Restore Operation

30-07-2014 23:03:17 Windows Modules Installer

30-07-2014 23:33:05 Windows Update

31-07-2014 11:37:41 Removed Java 7 Update 21

31-07-2014 12:40:31 Installed Java 7 Update 65

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-07-25 03:18 - 2014-07-25 03:18 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WSearch => 3

MSCONFIG\Services: wuauserv => 3

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )

Description: Unknown Error, 0x80004003

 

 

System errors:

=============

Error: (08/01/2014 03:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

 

Microsoft Office Sessions:

=========================

Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )

Description: Unknown Error, 0x80004003

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 30%

Total physical RAM: 3327.23 MB

Available physical RAM: 2309 MB

Total Pagefile: 5825.52 MB

Available Pagefile: 4401.5 MB

Total Virtual: 2047.88 MB

Available Virtual: 1937.96 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:171.29 GB) (Free:134.1 GB) NTFS

Drive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.56 GB) NTFS

Drive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.43 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

and FRST txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01

Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 04:02:35

Running from C:\Users\McMillan\Desktop

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe

BootExecute: autocheck autochk * regdefrag

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

 

Chrome: 

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.gmail.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File

CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]

CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]

CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]

CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]

CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]

CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]

CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]

CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]

CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]

CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]

CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]

CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]

CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]

CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]

CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)

S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 04:02 - 2014-08-01 04:02 - 00011007 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:31 - 2014-08-01 03:58 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-08-01 04:02 - 00000000 ____D () C:\FRST

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 07:52 - 2014-08-01 03:55 - 00000804 _____ () C:\Windows\setupact.log

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:44 - 2014-08-01 03:58 - 00060596 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub

2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 04:02 - 2014-08-01 04:02 - 00011007 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:02 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-01 03:58 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-01 03:58 - 2014-07-31 07:44 - 00060596 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 03:55 - 2014-07-31 07:52 - 00000804 _____ () C:\Windows\setupact.log

2014-08-01 03:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc

2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation

2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan

2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch

2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk

2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp

2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD

2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk

2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther

2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya

2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment

2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet

2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars

2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg

2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss

2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me

2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc

2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio

2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk

2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA

2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0

2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA

2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding

2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia

2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions

2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe

2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google

2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions

2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype

2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN

2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe

2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines

2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-07-29 01:56

 

==================== End Of Log ============================

[StanleyBeast]

My Apologies, I had my virus program on. Here is the scan again with it off.

 

FRST txt file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01

Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 04:13:51

Running from C:\Users\McMillan\Desktop

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe

BootExecute: autocheck autochk * regdefrag

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

 

Chrome: 

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.gmail.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File

CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]

CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]

CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]

CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]

CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]

CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]

CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]

CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]

CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]

CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]

CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]

CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]

CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]

CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]

CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)

S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 04:13 - 2014-08-01 04:14 - 00011008 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:31 - 2014-08-01 04:12 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-08-01 04:13 - 00000000 ____D () C:\FRST

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 07:52 - 2014-08-01 03:55 - 00000804 _____ () C:\Windows\setupact.log

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:44 - 2014-08-01 03:58 - 00060596 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub

2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 04:14 - 2014-08-01 04:13 - 00011008 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:13 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST

2014-08-01 04:12 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-01 03:58 - 2014-07-31 07:44 - 00060596 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 03:55 - 2014-07-31 07:52 - 00000804 _____ () C:\Windows\setupact.log

2014-08-01 03:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc

2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation

2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan

2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch

2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk

2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp

2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD

2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk

2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther

2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya

2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment

2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet

2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars

2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg

2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss

2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me

2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc

2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio

2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk

2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA

2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0

2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA

2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding

2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia

2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions

2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe

2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google

2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions

2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype

2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN

2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe

2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines

2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-07-29 01:56

 

==================== End Of Log ============================

 

 

and the addition.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01

Ran by McMillan at 2014-08-01 04:14:13

Running from C:\Users\McMillan\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Damn oDesk Team (HKCU\...\oDVT) (Version:  - oDesk Corporation)

Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)

Google Chrome Bitch (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (Version: 2.1.65.20 - Oracle, Inc.) Hidden

join.me, I'm Gay! (HKCU\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)

magicJackOFF (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

Poker fukin Stars (HKLM\...\PokerStars) (Version:  - PokerStars)

Ringio (HKLM\...\Ringio.FE833F21A5E41A0F2AD24347AACCB5A50596C79D.1) (Version: v-2.4 - Ringio)

Ringio (Version: 2.4 - Ringio) Hidden

SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden

Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

VLC Hack me PLZ vs 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)

WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

Zoiper (HKLM\...\Zoiper) (Version: 3.2 - Securax LTD)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

23-07-2014 05:05:23 Windows Modules Installer

24-07-2014 15:46:34 Restore Operation

24-07-2014 20:52:25 July 25th, back to normal again

28-07-2014 13:31:48 Removed Java 7 Update 60

28-07-2014 13:37:25 Installed Java 7 Update 21

30-07-2014 17:04:37 Windows Backup

30-07-2014 21:06:50 Windows Update

30-07-2014 22:33:38 Restore Operation

30-07-2014 23:03:17 Windows Modules Installer

30-07-2014 23:33:05 Windows Update

31-07-2014 11:37:41 Removed Java 7 Update 21

31-07-2014 12:40:31 Installed Java 7 Update 65

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 10:04 - 2014-07-04 16:27 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {D59E24B9-5425-4BE2-878F-1EE57E154F4D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-31 19:31 - 2014-06-18 15:50 - 00703800 _____ () C:\Program Files\Emsisoft Anti-Malware\fw32.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-28 20:45 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2014-07-28 21:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-07-28 21:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WSearch => 3

MSCONFIG\Services: wuauserv => 3

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )

Description: Unknown Error, 0x80004003

 

 

System errors:

=============

Error: (08/01/2014 03:55:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:41:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:40:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

Error: (07/31/2014 08:38:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Cryptographic Services service failed to start due to the following error: 

%%1079

 

 

Microsoft Office Sessions:

=========================

Error: (08/01/2014 03:56:51 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:20:43 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 08:17:57 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )

Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

 

Error: (07/31/2014 00:56:29 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

 

Error: (07/31/2014 07:44:15 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:37:29 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 06:18:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:40:12 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:25:22 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (07/31/2014 05:01:58 AM) (Source: Sound Recorder) (EventID: 32767) (User: )

Description: Unknown Error, 0x80004003

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 30%

Total physical RAM: 3327.23 MB

Available physical RAM: 2312.81 MB

Total Pagefile: 5825.52 MB

Available Pagefile: 4300.82 MB

Total Virtual: 2047.88 MB

Available Virtual: 1925.96 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:171.29 GB) (Free:134.09 GB) NTFS

Drive e: (HD-PCTU3) (Fixed) (Total:931.51 GB) (Free:214.56 GB) NTFS

Drive l: (Z) (Fixed) (Total:294.37 GB) (Free:222.43 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1457E526)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=171 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=294 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 932 GB) (Disk ID: 16A1C0B4)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[StanleyBeast]

So what;s next? Been at this 12 hours now and would love to have a good sleep knowing its done.

 

Jurgen, Please help me get to the end of this fast:)

 

 OH

 

I notice 12 svchost running and 4 google chrome.exe running is task mgr...

csrss.exe PID 452 and also 368  C:\windows\system32\csrss.exe - Client server runtime process

 

If it means anything

[deeprybka]

Why you always stare into taskmanager?

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

• Start FRST with Administrator privileges.
• Press the Fix button.
• When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

  Please copy and paste its contents in your next reply.

fixlist.txt

After Reboot:

Post up Fixlog and after run FRST the FRST.txt please:

Start FRST with administator privileges.

• Press the Scan button.
• When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

  Please copy and paste the log in your next reply.

[StanleyBeast]

Maybe because I have no life without my pc like you:P

 

I don't know where it is. I have kept all frst files on my desktop as per your orders.So the dir is desktop? I dont see frst in c program data or program files either

[deeprybka]

Yes, Desktop...

[StanleyBeast]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01

Ran by McMillan at 2014-08-01 05:30:49 Run:1

Running from C:\Users\McMillan\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe

C:\ProgramData\6XDvn37n

S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

*****************

 

HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-3655513571-3204461518-4247198270-1000\...\Run: [AS2014] - C:\ProgramData\6XDvn37n\6XDvn37n.exe => Value not found.

"C:\ProgramData\6XDvn37n" => File/Directory not found.

vToolbarUpdater18.0.0 => Service not found.

 

==== End of Fixlog ====

[deeprybka]

Please try the download again...This was the wrong fixlist... I had this now a few times, that users get not the right fixlist...???

[StanleyBeast]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:31-07-2014 01

Ran by McMillan at 2014-08-01 05:33:42 Run:2

Running from C:\Users\McMillan\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

cmd: sc config cryptsvc start= auto

cmd: net start cryptsvc

Reboot:

*****************

 

 

=========  sc config cryptsvc start= auto =========

 

[sC] ChangeServiceConfig SUCCESS

 

========= End of CMD: =========

 

 

=========  net start cryptsvc =========

 

System error 1079 has occurred.

 

The account specified for this service is different from the account specified for other services running in the same process.

 

 

========= End of CMD: =========

 

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

[StanleyBeast]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01

Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 05:37:59

Running from C:\Users\McMillan\Desktop

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe

BootExecute: autocheck autochk * regdefrag

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

 

Chrome: 

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.gmail.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File

CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]

CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]

CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]

CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]

CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]

CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]

CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]

CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]

CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]

CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]

CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]

CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]

CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]

CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]

CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)

S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:13 - 2014-08-01 05:37 - 00011088 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:31 - 2014-08-01 05:35 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-08-01 05:38 - 00000000 ____D () C:\FRST

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 07:52 - 2014-08-01 05:34 - 00000860 _____ () C:\Windows\setupact.log

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:44 - 2014-08-01 05:33 - 00064726 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub

2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 05:38 - 2014-08-01 04:13 - 00011088 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 05:38 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST

2014-08-01 05:37 - 2014-07-31 07:44 - 00064726 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 05:35 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-01 05:34 - 2014-07-31 07:52 - 00000860 _____ () C:\Windows\setupact.log

2014-08-01 05:34 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-01 04:02 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-01 03:59 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc

2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation

2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan

2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch

2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk

2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp

2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD

2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk

2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther

2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya

2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment

2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet

2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars

2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg

2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss

2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me

2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc

2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio

2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk

2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA

2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0

2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA

2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding

2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia

2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions

2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe

2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google

2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions

2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype

2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN

2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe

2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines

2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-07-29 01:56

 

==================== End Of Log ============================

[deeprybka]

Please try this:

 

http://support.microsoft.com/kb/2478117

 

Reboot the PC and run FRST again.

[StanleyBeast]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01

Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 05:50:21

Running from C:\Users\McMillan\Desktop

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe

BootExecute: autocheck autochk * regdefrag

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

 

Chrome: 

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.gmail.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File

CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]

CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]

CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]

CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]

CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]

CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]

CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]

CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]

CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]

CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]

CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]

CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]

CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]

CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]

CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)

S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi

2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:13 - 2014-08-01 05:50 - 00011169 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:31 - 2014-08-01 05:49 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-08-01 05:50 - 00000000 ____D () C:\FRST

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 07:52 - 2014-08-01 05:48 - 00000916 _____ () C:\Windows\setupact.log

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:44 - 2014-08-01 05:47 - 00065509 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub

2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 05:50 - 2014-08-01 04:13 - 00011169 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 05:50 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST

2014-08-01 05:49 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-01 05:48 - 2014-07-31 07:52 - 00000916 _____ () C:\Windows\setupact.log

2014-08-01 05:48 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 05:47 - 2014-07-31 07:44 - 00065509 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 05:47 - 2009-07-14 12:53 - 00018744 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi

2014-08-01 05:41 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-01 05:41 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt

2014-08-01 05:39 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc

2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 14:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation

2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan

2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch

2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk

2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp

2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD

2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk

2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther

2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya

2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment

2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet

2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars

2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg

2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss

2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me

2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc

2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio

2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk

2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA

2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0

2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA

2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding

2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia

2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions

2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe

2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google

2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions

2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype

2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN

2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe

2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines

2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-07-29 01:56

 

==================== End Of Log ============================

[StanleyBeast]

I can open services and change the log on user manually if that helps.. It says its in wrong log on as other services that use it

[deeprybka]

However or try this...

 

http://computerstepbystep.com/cryptographic_services.html

 

So I must go offline now. Please post the FRST if after reboot these logline ins missing

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

[StanleyBeast]

Okay, I started it in network service. It was under local service. I'll reboot, run FRST and post it.

 

I will be back here to finish up in 12-13 hours:)

 

See you Jurgen, thanks so far!

[deeprybka]

OK...

[StanleyBeast]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01

Ran by McMillan (administrator) on SAHARA-PC on 01-08-2014 06:09:22

Running from C:\Users\McMillan\Desktop

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-21-2454762815-89852866-1431263164-1000\...\MountPoints2: {525512c7-f299-11e3-b032-806e6f6e6963} - D:\setup.exe

BootExecute: autocheck autochk * regdefrag

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x40B9BCAD2B86CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKCU - DefaultScope {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {E5F8506C-6220-48CE-AF75-8BBC691CDBFC} URL = https://www.google.com/search?q={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\McMillan\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers

 

Chrome: 

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.gmail.com/"

CHR Plugin: (Widevine Content Decryption Module) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll No File

CHR Extension: (Google Drive) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]

CHR Extension: (Presentme) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckpbiomcikhplplfddlbcikdhlnoibgf [2014-07-31]

CHR Extension: (Google Search) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-25]

CHR Extension: (Gmail Offline) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-07-28]

CHR Extension: (Pin It Button) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-07-31]

CHR Extension: (PDF Mergy) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-07-31]

CHR Extension: (Excel Online) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2014-07-28]

CHR Extension: (Zoho Sheet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhegddohmncgelkehhnigphmloinkinj [2014-07-31]

CHR Extension: (Zoho CRM) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn [2014-07-31]

CHR Extension: (Skype Status Detector) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiiaejmgghgpmppnkiloijccihddjdj [2014-07-31]

CHR Extension: (Lazarus: Form Recovery) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-07-28]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-07-31]

CHR Extension: (Easy SEO Tools) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnlboglefdlldiioafkgbbdfihdoicam [2014-07-31]

CHR Extension: (Google Wallet) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]

CHR Extension: (Instagram for Chrome) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-07-31]

CHR Extension: (Zoho Projects) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\peldkgicldgmbampajgepnigbpkhomoh [2014-07-31]

CHR Extension: (Gmail) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-25]

CHR Extension: (SEO Competitor Analysis Tool) - C:\Users\McMillan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpafbknegcefgoojplahellhohoklbj [2014-07-31]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4741384 2014-07-09] (Emsisoft GmbH)

S3 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)

S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [58200 2014-05-12] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [18552 2014-05-12] (Emsisoft GmbH)

R3 cleanhlp; C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [50200 2013-12-04] (Emsisoft GmbH)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-04-01] (NVIDIA Corporation)

S4 NVHDA; system32\drivers\nvhda32v.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt

2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi

2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:13 - 2014-08-01 06:09 - 00010910 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:02 - 2014-08-01 04:03 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:05 - 2014-07-31 21:30 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:04 - 2014-07-31 21:05 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-31 20:40 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:18 - 2014-07-31 20:19 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:31 - 2014-08-01 06:08 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-07-31 19:13 - 2014-07-31 19:23 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 16:53 - 2014-07-31 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 17:03 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:49 - 2014-07-31 16:50 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:14 - 2014-07-31 16:15 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:14 - 2014-07-31 16:15 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-08-01 06:09 - 00000000 ____D () C:\FRST

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:01 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:46 - 2014-07-31 15:57 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:26 - 2014-07-31 10:27 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:13 - 2014-07-31 15:58 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:40 - 2014-07-31 09:41 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:32 - 2014-07-31 09:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:32 - 2014-07-31 08:41 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 07:52 - 2014-08-01 06:08 - 00000972 _____ () C:\Windows\setupact.log

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:44 - 2014-08-01 06:07 - 00069639 _____ () C:\Windows\WindowsUpdate.log

2014-07-30 11:53 - 2014-07-30 11:55 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:50 - 2014-07-30 11:56 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:45 - 2014-07-30 11:46 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:40 - 2014-07-30 11:41 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-28 22:39 - 2014-07-28 22:54 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:42 - 2014-07-28 20:45 - 00000000 ____D () C:\Program Files\Google

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:03 - 2014-07-25 02:09 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-25 00:25 - 2014-07-30 15:59 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-24 23:48 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:05 - 2014-07-31 14:30 - 00000000 ____D () C:\inetpub

2014-07-23 10:32 - 2014-07-23 13:04 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:18 - 2014-07-23 10:26 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 08:50 - 2014-07-25 02:24 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:25 - 2014-07-04 16:26 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:44 - 2014-07-31 08:16 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-04 13:44 - 2014-07-25 02:24 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-04 13:30 - 2014-07-04 13:42 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:18 - 2014-07-04 13:19 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 19:07 - 2014-05-20 07:11 - 00603592 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 05:00 - 2014-07-30 00:41 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-03 05:00 - 2014-07-25 02:24 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-31 20:41 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

2014-07-03 04:52 - 2014-07-31 20:40 - 00000000 ____D () C:\Program Files\Java

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-01 06:10 - 2014-08-01 04:13 - 00010910 _____ () C:\Users\McMillan\Desktop\FRST.txt

2014-08-01 06:09 - 2014-07-31 16:13 - 00000000 ____D () C:\FRST

2014-08-01 06:08 - 2014-07-31 19:31 - 00000000 ____D () C:\Program Files\Emsisoft Anti-Malware

2014-08-01 06:08 - 2014-07-31 07:52 - 00000972 _____ () C:\Windows\setupact.log

2014-08-01 06:08 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-01 06:07 - 2014-07-31 07:44 - 00069639 _____ () C:\Windows\WindowsUpdate.log

2014-08-01 06:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2014-08-01 05:56 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-01 05:56 - 2009-07-14 12:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-01 05:53 - 2010-11-21 05:01 - 00736438 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-01 05:51 - 2014-08-01 05:51 - 00046588 _____ () C:\Users\McMillan\Desktop\FRSTaftermicrosoftFIX.txt

2014-08-01 05:47 - 2009-07-14 12:53 - 00018992 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-01 05:46 - 2014-08-01 05:46 - 00683008 _____ () C:\Users\McMillan\Desktop\MicrosoftFixit50671.msi

2014-08-01 05:39 - 2014-08-01 05:39 - 00045992 _____ () C:\Users\McMillan\Desktop\FRSTAFTERjorgensfix.txt

2014-08-01 04:14 - 2014-08-01 04:14 - 00016012 _____ () C:\Users\McMillan\Desktop\Addition.txt

2014-08-01 04:03 - 2014-08-01 04:03 - 00015821 _____ () C:\Users\McMillan\Desktop\Addition3.txt

2014-08-01 04:03 - 2014-08-01 04:02 - 00045339 _____ () C:\Users\McMillan\Desktop\FRST3.txt

2014-08-01 02:02 - 2014-08-01 02:02 - 00136409 _____ () C:\Users\McMillan\Desktop\events that started it all.txt

2014-07-31 21:57 - 2014-06-13 01:01 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\vlc

2014-07-31 21:30 - 2014-07-31 21:05 - 00015685 _____ () C:\Users\McMillan\Desktop\Addition2.txt

2014-07-31 21:05 - 2014-07-31 21:04 - 00046684 _____ () C:\Users\McMillan\Desktop\FRST2.txt

2014-07-31 20:41 - 2014-07-31 20:41 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-07-31 20:41 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-31 20:40 - 2014-07-31 20:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-07-31 20:40 - 2014-07-31 20:40 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-07-31 20:40 - 2014-07-31 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-31 20:40 - 2014-07-03 04:52 - 00000000 ____D () C:\Program Files\Java

2014-07-31 20:36 - 2014-07-31 20:36 - 00918952 _____ (Oracle Corporation) C:\Users\McMillan\Downloads\chromeinstall-7u65.exe

2014-07-31 20:19 - 2014-07-31 20:18 - 00259112 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-31 20:18 - 2014-07-31 20:18 - 00000588 _____ () C:\Windows\PFRO.log

2014-07-31 20:15 - 2014-07-31 20:15 - 00415232 _____ (Farbar) C:\Users\McMillan\Downloads\FarbarServiceScannerDSLissues.exe

2014-07-31 20:10 - 2014-07-31 20:10 - 00000000 ____D () C:\ProgramData\Emsisoft

2014-07-31 19:32 - 2014-07-31 19:32 - 00001049 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2014-07-31 19:32 - 2014-07-31 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

2014-07-31 19:23 - 2014-07-31 19:13 - 215880376 _____ (Emsisoft GmbH ) C:\Users\McMillan\Desktop\EmsisoftAntiMalwareSetup.exe

2014-07-31 17:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Skype

2014-07-31 17:13 - 2014-07-31 17:13 - 02347384 _____ (ESET) C:\Users\McMillan\Desktop\esetsmartinstaller_enu.exe

2014-07-31 17:03 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-31 17:03 - 2014-07-31 16:50 - 00000000 ____D () C:\Users\McMillan\Desktop\mbar

2014-07-31 16:53 - 2014-07-31 16:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-31 16:53 - 2014-07-31 16:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-31 16:50 - 2014-07-31 16:50 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-31 16:50 - 2014-07-31 16:49 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Desktop\mbar-1.07.0.1012.exe

2014-07-31 16:15 - 2014-07-31 16:14 - 00042669 _____ () C:\Users\McMillan\Desktop\FRST1.txt

2014-07-31 16:15 - 2014-07-31 16:14 - 00014581 _____ () C:\Users\McMillan\Desktop\addition1 .txt

2014-07-31 16:13 - 2014-06-13 01:05 - 00000000 ___RD () C:\Users\McMillan\Desktop\Steve

2014-07-31 16:12 - 2014-07-31 16:12 - 01084928 _____ (Farbar) C:\Users\McMillan\Desktop\FRST.exe

2014-07-31 16:04 - 2014-07-31 16:04 - 00000000 ____D () C:\Users\McMillan\Downloads\testdickharddiskfixbootrecovery

2014-07-31 16:03 - 2014-07-31 16:03 - 00000000 ____D () C:\Users\McMillan\Downloads\TCPVIEW

2014-07-31 16:03 - 2014-07-31 16:01 - 00000000 ____D () C:\Users\McMillan\Downloads\ProcessExplorer

2014-07-31 15:58 - 2014-07-31 10:13 - 00000000 ____D () C:\Users\McMillan\Downloads\GrantPerms

2014-07-31 15:57 - 2014-07-31 15:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\McMillan\Downloads\EmsisoftAntiMalwareSetup.exe

2014-07-31 15:52 - 2014-07-31 15:52 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\McMillan\Downloads\rkill.com

2014-07-31 15:38 - 2014-07-31 15:38 - 01402880 _____ () C:\Users\McMillan\Downloads\HiJackThis.msi

2014-07-31 14:30 - 2014-07-23 13:05 - 00000000 ____D () C:\inetpub

2014-07-31 13:35 - 2014-07-31 13:35 - 00000000 ____H () C:\Users\McMillan\Documents\Default.rdp

2014-07-31 12:15 - 2014-07-31 12:15 - 00058016 _____ () C:\Users\McMillan\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-31 10:32 - 2014-07-31 10:32 - 01156136 _____ (Ruiware) C:\Users\McMillan\Downloads\winpatrolstartupPrograms.exe

2014-07-31 10:27 - 2014-07-31 10:26 - 00688992 _____ (Swearware) C:\Users\McMillan\Downloads\ddsscancompfindoutwhatswrong.scr

2014-07-31 10:11 - 2014-07-31 10:11 - 00401920 _____ (Farbar) C:\Users\McMillan\Downloads\MiniToolBoxinternetissueshijacking.exe

2014-07-31 10:10 - 2014-07-31 10:10 - 01084928 _____ (Farbar) C:\Users\McMillan\Downloads\Farbarrecoveryscantool.exe

2014-07-31 09:41 - 2014-07-31 09:40 - 01361309 _____ () C:\Users\McMillan\Downloads\adwcleaner_3.302.exe

2014-07-31 09:40 - 2014-07-31 09:40 - 00709564 _____ () C:\Users\McMillan\Downloads\delfix2useafterdisinfection10.8.exe

2014-07-31 09:36 - 2014-07-31 09:36 - 00695920 _____ (RaMMicHaeL) C:\Users\McMillan\Downloads\unchecky_setup.exe

2014-07-31 09:35 - 2014-07-31 09:35 - 00914016 _____ (Foolish IT LLC ) C:\Users\McMillan\Downloads\CryptoPreventSetup.exe

2014-07-31 09:33 - 2014-07-31 09:33 - 02650408 _____ (Malwarebytes ) C:\Users\McMillan\Downloads\Mbytes Anit Exploit-setup-1.03.1.1220.exe

2014-07-31 09:33 - 2014-07-31 09:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\McMillan\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-31 09:31 - 2014-07-31 09:31 - 00448512 _____ (OldTimer Tools) C:\Users\McMillan\Downloads\TFCremoveALLtempfiles.exe

2014-07-31 09:29 - 2014-07-31 09:29 - 02856736 _____ (MyCity) C:\Users\McMillan\Downloads\MCShield-Setup.exe

2014-07-31 08:50 - 2014-07-31 08:50 - 05563986 _____ (Swearware) C:\Users\McMillan\Downloads\ComboFix.exe

2014-07-31 08:49 - 2014-07-31 08:49 - 00368256 _____ (RegNow.com) C:\Users\McMillan\Downloads\Download_MaxSDDMnew.exe

2014-07-31 08:41 - 2014-07-31 08:32 - 149623616 _____ () C:\Users\McMillan\Downloads\kasperskyvirusremoval.exe

2014-07-31 08:35 - 2014-07-31 08:35 - 00442464 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\capperkiller.exe

2014-07-31 08:33 - 2014-07-31 08:33 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\McMillan\Downloads\tdsskiller malware virus removal.exe

2014-07-31 08:16 - 2014-07-04 13:44 - 00035152 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-07-31 08:12 - 2014-07-31 08:12 - 00001930 _____ () C:\Windows\hiveList.dat

2014-07-31 08:12 - 2014-07-31 08:12 - 00000004 _____ () C:\Windows\CSCCompactState

2014-07-31 08:08 - 2014-07-31 08:08 - 00000000 ____D () C:\Program Files\COMODO

2014-07-31 08:00 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-07-31 07:52 - 2014-07-31 07:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-31 07:42 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-07-31 07:03 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-07-31 07:03 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2014-07-31 06:44 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-31 06:38 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA Corporation

2014-07-31 06:36 - 2014-06-12 18:35 - 00000000 ____D () C:\Users\McMillan

2014-07-31 06:35 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-07-31 06:34 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch

2014-07-31 06:34 - 2014-06-16 19:40 - 00000000 ____D () C:\Users\McMillan\AppData\Local\oDesk

2014-07-31 06:34 - 2014-06-16 19:07 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\mjusbsp

2014-07-31 00:58 - 2014-06-13 01:05 - 00000000 ____D () C:\Users\McMillan\Desktop\BD

2014-07-30 18:13 - 2014-06-16 19:29 - 00001001 _____ () C:\Users\McMillan\Desktop\magicJack.lnk

2014-07-30 18:13 - 2014-06-16 19:29 - 00000987 _____ () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2014-07-30 15:59 - 2014-07-25 00:25 - 00000000 ____D () C:\Users\McMillan\AppData\Local\CrashDumps

2014-07-30 15:59 - 2014-06-13 10:21 - 00000000 ____D () C:\Windows\Panther

2014-07-30 11:56 - 2014-07-30 11:50 - 107934464 _____ (Microsoft Corporation) C:\Users\McMillan\Downloads\microsofts one time security tool.exe

2014-07-30 11:55 - 2014-07-30 11:53 - 14863480 _____ (Comodo Security Solutions, Inc.) C:\Users\McMillan\Downloads\comodregistrycleanerptsetup.exe

2014-07-30 11:53 - 2014-07-30 11:53 - 04813544 _____ (Piriform Ltd) C:\Users\McMillan\Downloads\cccleanrersetup416.exe

2014-07-30 11:46 - 2014-07-30 11:45 - 19598528 _____ (SUPERAntiSpyware) C:\Users\McMillan\Downloads\SUPERAntiSpyware.exe

2014-07-30 11:41 - 2014-07-30 11:40 - 07222504 _____ (TweakNow.com ) C:\Users\McMillan\Downloads\tweaknowRegCleaner731.exe

2014-07-30 11:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-07-30 10:02 - 2014-06-16 21:37 - 00000000 ____D () C:\Users\McMillan\Desktop\Tanya

2014-07-30 00:41 - 2014-07-03 05:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Zoiper

2014-07-28 22:54 - 2014-07-28 22:39 - 00000000 ____D () C:\Users\McMillan\Desktop\BOB

2014-07-28 20:48 - 2014-07-28 20:48 - 00014398 _____ () C:\Users\McMillan\Desktop\chrome - Shortcut.lnk

2014-07-28 20:45 - 2014-07-28 20:42 - 00000000 ____D () C:\Program Files\Google

2014-07-28 20:42 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Deployment

2014-07-28 05:55 - 2014-06-25 17:05 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\BitComet

2014-07-25 07:19 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Local\PokerStars

2014-07-25 05:30 - 2014-06-22 00:52 - 00007627 _____ () C:\Users\McMillan\AppData\Local\Resmon.ResmonCfg

2014-07-25 05:30 - 2009-07-14 12:34 - 00064512 _____ () C:\Windows\system32\umstartup.etl

2014-07-25 03:18 - 2014-07-25 03:18 - 00024825 _____ () C:\Users\McMillan\Downloads\msg0001.WAV

2014-07-25 03:18 - 2014-06-13 00:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-07-25 03:18 - 2014-06-13 00:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-07-25 02:28 - 2014-07-25 02:28 - 00000000 _____ () C:\Users\McMillan\AppData\Local\{C9A256ED-41A5-49FE-959F-3AEA296345F8}

2014-07-25 02:26 - 2014-06-13 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-07-25 02:25 - 2014-06-17 09:48 - 00000000 ____D () C:\Windows\pss

2014-07-25 02:25 - 2014-06-13 17:49 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-25 02:25 - 2014-06-13 00:27 - 00000000 ____D () C:\Windows\system32\Macromed

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\TAPI

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Msdtc

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\security

2014-07-25 02:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-07-25 02:24 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Skype

2014-07-25 02:24 - 2014-07-23 08:50 - 00000000 ____D () C:\Users\McMillan\Desktop\Fix it portable

2014-07-25 02:24 - 2014-07-04 13:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-07-25 02:24 - 2014-07-03 05:00 - 00000000 ____D () C:\Program Files\Zoiper

2014-07-25 02:24 - 2014-07-01 02:20 - 00000000 ____D () C:\Users\McMillan\AppData\Local\join.me

2014-07-25 02:24 - 2014-06-24 20:11 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\vlc

2014-07-25 02:24 - 2014-06-22 09:27 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-22 07:15 - 00000000 ___RD () C:\Users\Butch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Ringio

2014-07-25 02:24 - 2014-06-20 23:00 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2014-07-25 02:24 - 2014-06-20 22:59 - 00000000 ____D () C:\Program Files\PokerStars

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oDesk

2014-07-25 02:24 - 2014-06-16 19:40 - 00000000 ____D () C:\Program Files\oDesk

2014-07-25 02:24 - 2014-06-16 19:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\magicJack

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-07-25 02:24 - 2014-06-16 17:14 - 00000000 ____D () C:\Program Files\WinRAR

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-16 02:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-25 02:24 - 2014-06-15 14:29 - 00000000 ____D () C:\Users\McMillan\AppData\Local\NVIDIA

2014-07-25 02:24 - 2014-06-15 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-15 14:27 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ___RD () C:\Program Files\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Skype

2014-07-25 02:24 - 2014-06-13 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-07-25 02:24 - 2014-06-12 18:48 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Apps\2.0

2014-07-25 02:24 - 2014-06-12 18:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2014-07-25 02:24 - 2014-06-12 18:35 - 00000000 ___RD () C:\Users\McMillan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2014-07-25 02:24 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\winrm

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\WCN

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\slmgr

2014-07-25 02:23 - 2011-04-12 10:16 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WindowsPowerShell

2014-07-25 02:23 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Web

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Vss

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spp

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Speech

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\SMI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\MUI

2014-07-25 02:23 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-07-25 02:22 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\Performance

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\IME

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\com

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Speech

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\schemas

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Resources

2014-07-25 02:22 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\PLA

2014-07-25 02:21 - 2009-07-14 10:37 - 00000000 __RSD () C:\Windows\Media

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization

2014-07-25 02:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Branding

2014-07-25 02:19 - 2014-06-16 18:17 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Macromedia

2014-07-25 02:19 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Moonchild Productions

2014-07-25 02:19 - 2014-06-15 13:49 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\Adobe

2014-07-25 02:19 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2014-07-25 02:18 - 2014-06-22 07:16 - 00000000 ____D () C:\Users\Butch\AppData\Local\Google

2014-07-25 02:18 - 2014-06-22 07:15 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-21 01:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2014-07-25 02:18 - 2014-06-16 17:31 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Moonchild Productions

2014-07-25 02:18 - 2014-06-13 01:03 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Skype

2014-07-25 02:18 - 2014-06-13 01:00 - 00000000 ____D () C:\Program Files\VideoLAN

2014-07-25 02:18 - 2014-06-12 18:49 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Google

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-07-25 02:18 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2014-07-25 02:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Windows NT

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR

2014-07-25 02:17 - 2014-06-21 01:01 - 00000000 ____D () C:\Program Files\Adobe

2014-07-25 02:17 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System

2014-07-25 02:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\SpeechEngines

2014-07-25 02:09 - 2014-07-25 02:03 - 00000000 ____D () C:\Users\McMillan\msdt

2014-07-24 23:48 - 2014-07-23 16:06 - 00000000 ____D () C:\Windows\system32\BlueStacks

2014-07-24 18:05 - 2014-07-24 18:05 - 00000000 ____D () C:\Users\McMillan\AppData\Local\Bluestacks

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieUserList

2014-07-23 17:21 - 2014-07-23 17:21 - 00000000 __SHD () C:\Users\Butch\AppData\Local\EmieSiteList

2014-07-23 16:06 - 2014-07-23 16:06 - 00000000 ____D () C:\Users\Butch\AppData\Roaming\NVIDIA

2014-07-23 16:01 - 2014-07-23 16:01 - 00000000 ____D () C:\Users\Butch\AppData\Local\Bluestacks

2014-07-23 13:10 - 2014-07-23 13:10 - 00000000 ____D () C:\Users\Butch\AppData\Local\Skype

2014-07-23 13:04 - 2014-07-23 10:32 - 00000000 ____D () C:\Users\Butch\AppData\Local\NVIDIA Corporation

2014-07-23 10:52 - 2014-06-12 19:03 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-07-23 10:31 - 2014-07-23 10:31 - 00000000 ____D () C:\Users\Butch\AppData\Local\tjnet

2014-07-23 10:26 - 2014-07-23 10:18 - 00007654 _____ () C:\Users\Butch\AppData\Local\resmon.resmoncfg

2014-07-23 06:49 - 2014-07-23 06:49 - 00000632 __RSH () C:\Users\McMillan\ntuser.pol

2014-07-04 16:26 - 2014-07-04 16:25 - 14349744 _____ (Malwarebytes Corp.) C:\Users\McMillan\Downloads\mbar-1.07.0.1012.exe

2014-07-04 13:42 - 2014-07-04 13:30 - 230403208 _____ (COMODO) C:\Users\McMillan\Downloads\cfw_installer_5732_83.exe

2014-07-04 13:19 - 2014-07-04 13:18 - 04721240 _____ () C:\Users\McMillan\Downloads\RogueKiller.exe

2014-07-04 11:09 - 2014-07-04 11:09 - 01291624 _____ (Baidu, Inc.) C:\Users\McMillan\Downloads\BavPro_Setup_Mini_GL.exe

2014-07-04 10:44 - 2014-06-30 16:12 - 00000000 ____D () C:\Users\McMillan\Downloads\MOVIES

2014-07-04 09:58 - 2014-07-04 09:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-07-03 15:31 - 2014-07-03 15:31 - 00000000 ____D () C:\Users\McMillan\AppData\Roaming\dvdcss

2014-07-03 15:29 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2014-07-03 05:00 - 2014-07-03 05:00 - 00000955 _____ () C:\Users\McMillan\Desktop\Zoiper.lnk

2014-07-03 04:53 - 2014-07-03 04:53 - 00000000 ____D () C:\ProgramData\Sun

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-29 01:56

 

==================== End Of Log ============================

[StanleyBeast]

Oh, yeah, I think we are done here? )

[deeprybka]

Yes!

Tomorrow the last steps (cleanup etc.)

[StanleyBeast]

Yeah, I have a clean up file from your site that says to use it after I remove the junk bad files disinfection. I'll log on in 12 hours and wait for you to 

order me some more. Long two days but I can feel the difference already and feel safe. Thanks to you! 

 

I just learned how to turn a note pad into cmd with admin privilidges, haha, cool. 

 

See you in a while crocodile;)

[deeprybka]

Yeah, I have a clean up file from your site that says to use it after I remove the junk bad files disinfection.

???

[StanleyBeast]

The one highlighted. I  edited its name when I downloaded it so I would know what it is for..

[deeprybka]

OK...

 

But remember: Do nothing without advice...