Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with a virus possible svchost.exe help!


  • This topic is locked This topic is locked
27 replies to this topic

#1 imafool4u

imafool4u

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 14 September 2013 - 01:49 AM

My svchost.exe is using up a lot of resources I think more than usual so I believe it is infected. The first time I ran AVG antivirus it tried to close svchost.exe but my system got a message that it was going to reboot. A lot of my physical memory is being taken up (my cpu high usage light keeps coming up and staying on) and lately I've had blue screens about memory usage and my antivirus and windows firewall were uninstalled, both unable to be reinstalled. I need help before this virus eats up my computer guys!

 

I read that im supposed to attach these files and post this data so here it is. Thanks in advance

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Frank at 3:33:20 on 2013-09-14
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.2812.474 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.185\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.46\deploy\LolClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.247\deploy\League of Legends.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=7C4E180373687B86&affID=121146&tsp=4994
uProxyServer = 61.55.141.10:81
mWinlogon: Userinit = userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: GetSavin 5.0: {38779BCD-A3AA-49B1-A109-C31E6C5D701D} - 
BHO: RewardsArcade: {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707}\143786C616E6460234F6D6D6F6E6370275966496 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707}\34963736F60383334323 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707}\6416E63697758616C656D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{07DDE500-298B-47C7-BCFF-D48AA56A4707}\8454B4E45647 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{2638EB57-FCB4-47AA-9E0F-C4894D690D13} : DHCPNameServer = 192.168.0.2 192.168.0.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\
FF - prefs.js: browser.search.selectedEngine - Mixi.DJ Search
FF - prefs.js: browser.startup.homepage - hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=7C4E180373687B86&affID=121146&tsp=4994
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111222&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Frank\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Frank\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - 
FF - user.js: extentions.y2layers.installId - aa3c5c42-f2bc-429a-a6b6-0a51e6ca87a8
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-2-27 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-2-27 28800]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-8-22 192824]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-8-22 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-8-1 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-8-1 147768]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-8-22 241464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-8-22 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-4-6 254528]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-27 172704]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-27 76912]
S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2013-1-22 23312]
S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2013-1-22 23312]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
.
=============== File Associations ===============
.
FileExt: .reg: regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2013-09-14 06:33:53 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-09-14 06:33:47 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 06:32:46 -------- d-----w- C:\Users\Frank\AppData\Local\Programs
2013-09-14 03:10:34 -------- d-----w- C:\Users\Frank\AppData\Roaming\AVG2014
2013-09-14 03:07:28 -------- d--h--w- C:\$AVG
2013-09-14 03:07:26 -------- d-----w- C:\ProgramData\AVG2014
2013-09-14 03:05:25 -------- d-----w- C:\Program Files (x86)\AVG
2013-09-14 02:53:29 -------- d--h--w- C:\ProgramData\Common Files
2013-09-14 02:53:29 -------- d-----w- C:\Users\Frank\AppData\Local\MFAData
2013-09-14 02:53:29 -------- d-----w- C:\Users\Frank\AppData\Local\Avg2014
2013-09-14 02:53:29 -------- d-----w- C:\ProgramData\MFAData
2013-09-13 20:51:55 -------- d-----w- C:\Windows\Temp2CD8F996-F8C6-C2A9-9354-61A25F66D60C-Signatures
2013-09-13 20:42:14 -------- d-----w- C:\Users\Frank\AppData\Local\{98A714A0-849F-4412-A7F9-293061E6625F}
2013-09-12 02:23:38 -------- d-----w- C:\Users\Frank\AppData\Local\{4768681C-B7D0-4644-BA9B-9BB1BBF0F0C5}
2013-09-11 10:13:35 333424 ----a-r- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe
2013-09-11 10:13:35 333424 ----a-r- C:\Users\Frank\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\ARPPRODUCTICON.exe
2013-09-11 10:13:32 -------- d-----w- C:\ProgramData\BOINC
2013-09-11 10:13:32 -------- d-----w- C:\Program Files\BOINC
2013-09-11 10:11:06 -------- d-----w- C:\Windows\Downloaded Installations
2013-09-11 03:58:41 -------- d-----w- C:\Users\Frank\AppData\Roaming\Bitcoin
2013-09-11 03:58:20 -------- d-----w- C:\Program Files (x86)\Bitcoin
2013-09-11 01:59:47 -------- d-----w- C:\Users\Frank\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-09-11 01:59:45 -------- d-----w- C:\Users\Frank\AppData\Roaming\MarketSamurai
2013-09-11 01:59:25 -------- d-----w- C:\Program Files (x86)\Market Samurai
2013-09-10 08:56:36 1409 ----a-w- C:\Windows\vssetup.for
2013-09-10 08:54:51 -------- d-----w- C:\Users\Frank\AppData\Local\{64224A4B-7EFC-4E1A-94F4-2BE815FD0D4D}
2013-09-10 08:49:18 7311 ----a-w- C:\Windows\SysWow64\javasup.vxd
2013-09-10 08:49:18 46352 ----a-w- C:\Windows\setdebug.exe
2013-09-10 08:49:18 313856 ----a-w- C:\Windows\SysWow64\dx3j.dll
2013-09-10 08:49:18 170256 ----a-w- C:\Windows\SysWow64\jit.dll
2013-09-10 08:49:18 139536 ----a-w- C:\Windows\SysWow64\javaee.dll
2013-09-10 08:49:15 -------- d-----w- C:\Windows\Java
2013-09-09 07:04:59 173504 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2013-09-09 06:45:57 -------- d-----w- C:\Windows\Temp7532E3DF-F7A2-F6F2-8956-D038AD1F7E7D-Signatures
2013-09-09 04:08:34 109248 ----a-w- C:\Windows\System32\Mswinsck.ocx
2013-09-08 07:01:40 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2013-09-07 19:03:55 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B3D14E0-14B1-4677-93B2-F21B78CDAD7F}\offreg.dll
2013-09-07 05:40:41 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1B3D14E0-14B1-4677-93B2-F21B78CDAD7F}\mpengine.dll
2013-09-07 00:13:16 -------- d-----w- C:\Program Files (x86)\Red Alert 2 Yuri's Revenge
2013-09-06 16:49:10 -------- d-----r- C:\Program Files (x86)\Skype
2013-09-04 08:30:34 -------- d-----w- C:\Users\Frank\AppData\Local\{AC01418C-ABD8-429D-BE76-51D572EB38C3}
2013-09-03 18:23:21 -------- d-----w- C:\Users\Frank\AppData\Roaming\Spiritsoft
2013-09-03 02:00:46 -------- d-----w- C:\Users\Frank\AppData\Local\Bundled software uninstaller
2013-09-03 01:59:23 -------- d-----w- C:\Users\Frank\AppData\Local\avgchrome
2013-09-03 01:58:01 -------- d-----w- C:\Users\Frank\AppData\Roaming\BabSolution
2013-09-03 01:57:18 -------- d-----w- C:\ProgramData\Babylon
2013-09-03 01:57:17 -------- d-----w- C:\Users\Frank\AppData\Roaming\Babylon
2013-09-03 01:57:01 -------- d-----w- C:\Program Files (x86)\Subway Surfers
2013-08-30 22:30:23 -------- d-----w- C:\Users\Frank\AppData\Local\M2PD
2013-08-30 16:31:04 -------- d-----w- C:\Users\Frank\AppData\Local\{4636B745-9053-40ED-A86E-F0FDD78C26FB}
2013-08-27 22:43:01 1261 ----a-w- C:\c1ean2up.bat
2013-08-27 20:00:07 -------- d-----w- C:\Users\Frank\AppData\Local\{86CD57D9-0BA3-484D-9B18-99F0B72A95B0}
2013-08-27 17:25:21 -------- d-----w- C:\Users\Frank\AppData\Local\{77CAFEB0-82CE-4CC7-98DC-2FF631DF28BD}
2013-08-23 03:25:44 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-08-23 03:08:14 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-08-23 02:55:04 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-08-23 02:54:54 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-08-22 17:23:49 -------- d-----w- C:\Program Files (x86)\ADDiFF.com
2013-08-22 17:14:05 -------- d-----w- C:\Users\Frank\AppData\Local\SkinSoft
2013-08-22 17:12:56 -------- d-----w- C:\Program Files\Codejock Software
2013-08-22 17:12:55 -------- d-----w- C:\Windows\SysWow64\bot_gac
2013-08-22 17:12:51 -------- d-----w- C:\Program Files (x86)\MASS Gmail Account Creator
2013-08-22 16:40:54 -------- d-----w- C:\Program Files (x86)\MultiProxy
2013-08-22 01:04:37 -------- d-----w- C:\Users\Frank\AppData\Local\{3CF0944A-4223-4650-BC73-DC9ED2B08EC7}
2013-08-21 02:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-08-21 01:28:31 -------- d-----w- C:\Users\Frank\AppData\Local\{135D8074-992B-43E5-B9E9-170BFC85B1A4}
2013-08-17 02:32:05 -------- d-----w- C:\Users\Frank\AppData\Local\{B5D0482D-9F53-430F-BACE-A417DF9F869E}
2013-08-16 08:25:03 -------- d-----w- C:\Users\Frank\AppData\Local\{BC811430-76BE-454A-A884-C0D9FDCE7774}
2013-08-16 06:49:50 -------- d-----w- C:\Program Files (x86)\MacroGamer
.
==================== Find3M  ====================
.
2013-08-01 20:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-08-01 20:06:28 147768 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-08-01 20:04:56 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH:  3:42:16.03 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 14 September 2013 - 02:20 AM

I found out that the svchost.exe was running high CPU because of the service audiodg.exe. I then googled this result and found that disabling all sound effect enhancements stopped audiodg.exe from using such high CPU. I don't know if this is a virus or because of a glitch in the legitimate audiodg.exe file.

 

Nevertheless please look over my DDS logs; I probably have a virus installed because windows firewall and microsoft security essentials were both auto-uninstalled. I have since then run AVG Antivirus 2014 but I think it only picked up nonimportant items infecting my computer, not the culprit of the antimalware installations.

 

edit**
 

After disabling audiodg.exe the svchost.exe CPU usage went up again, this time using another audio service. I disabled the service "superfetch" to fix this, even though I would like to be able to enable superfetch as it says it improves system performance over time. No ideas.

 

edit**

 

Now svchost.exe is back to using 140,000K memory but is tied to 3 other services. How do I fix this? :'( It's so upsetting!!!


Edited by imafool4u, 14 September 2013 - 04:15 AM.


#3 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:03:06 AM

Posted 15 September 2013 - 02:41 PM

Hello imafool4u,

and welcome on Bleeping Computer.  :welcome:

 

I will be helping with your computer problems.

Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen

I'm analyzing your log, I will go back ASAP.  :)

 

 

Regards

 



#4 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 15 September 2013 - 07:05 PM

Thank you :) I await your response 



#5 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:03:06 AM

Posted 17 September 2013 - 06:00 AM

Hi imafool4u :)

 

we need to run some scan.

Please download  ComboFix and AdwCleaner, put them on your desktop then:

 

1- Run ComboFix

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

 

2- Run AdwCleaner

  1. Close all open programs and internet browsers
  2. Right click on the AdwCleaner icon and select Run As Administrator to run the tool
  3. Click on the Scan button
  4. Once the scan has finished, a log file will open in Notepad
  5. Close it and quit AdwCleaner

 

When done, please post the contents of the C:\AdwCleaner[R0].txt and C:\ComboFix.txt  files in your next reply.

 

 

Regards

 



#6 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 September 2013 - 03:08 PM

Hi and thank you for your response! :)

 

Unfortunately I could not get combofix to output a log, I ran it several times and it would complete it's scan then close without any information. Perhaps it is an effect of a virus I have on my computer?

I had to run ADWScanner twice to get it to finish scan without closing and below is the result. ADWScanner said pending and asked me if I wanted to clean files but I just clicked Report and got the following information. Did not clean anything.

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 16:06:17
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Frank - FRANK-PC
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\searchplugins\Babylon.xml
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\searchplugins\daemon-search.xml
File Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\user.js
Folder Found : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Found : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\Extensions\DTToolbar@toolbarnet.com
Folder Found C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found C:\Program Files (x86)\Trymedia
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\CodecCheck
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\Frank\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\Frank\AppData\Local\getsavin
Folder Found C:\Users\Frank\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\Frank\AppData\Roaming\BabSolution
Folder Found C:\Users\Frank\AppData\Roaming\Babylon
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Found : HKLM\Software\bflixtoolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mass-gmail-account-creator_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mass-gmail-account-creator_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=7C4E180373687B86&affID=121146&tsp=4994
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore] - my.daemon-search.com
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
[ File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\prefs.js ]
 
Line Found : user_pref("browser.startup.homepage", "hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=7C4E180373687B86&affID=121146&tsp=4994");
Line Found : user_pref("extensions.504b1aa8c421b.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Found : user_pref("extensions.crossrider.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Found : user_pref("extensions.crossriderapp435.435.active", true);
Line Found : user_pref("extensions.crossriderapp435.435.affid", "0");
Line Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n//------------------  PLUGIN resources_background START  ------------------\n(function(){appAPI.ready=function(a){appAPI.resources.isReady([...]
Line Found : user_pref("extensions.crossriderapp435.435.backgroundver", 9);
Line Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221347700983%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2282415%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxps%3A//www.mozilla.org/en-US/plugincheck/%22");
Line Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Line Found : user_pref("extensions.crossriderapp435.435.domain", "");
Line Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
Line Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
Line Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.group", 0);
Line Found : user_pref("extensions.crossriderapp435.435.homepage", "");
Line Found : user_pref("extensions.crossriderapp435.435.iframe", false);
Line Found : user_pref("extensions.crossriderapp435.435.js", "\n//------------------  PLUGIN base_monetization START  ------------------\nvar MonitizationPluginsBase=function(){var a=appAPI.internal&&appAPI.intern[...]
Line Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Line Found : user_pref("extensions.crossriderapp435.435.premium", true);
Line Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Line Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
Line Found : user_pref("extensions.crossriderapp435.435.ver", 75);
Line Found : user_pref("extensions.crossriderapp435.apps", "435");
Line Found : user_pref("extensions.crossriderapp435.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Found : user_pref("extensions.crossriderapp435.cid", 435);
Line Found : user_pref("extensions.crossriderapp435.firstrun", false);
Line Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp435.installationdate", 1347700956);
Line Found : user_pref("extensions.crossriderapp435.jsver", 3);
Line Found : user_pref("extensions.crossriderapp435.lastcheck", 22975521);
Line Found : user_pref("extensions.crossriderapp435.lastcheckitem", 22975614);
Line Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1378536950451");
Line Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1378536950451");
Line Found : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp498.498.InstallationTime", 1324555110);
Line Found : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp498.498.active", true);
Line Found : user_pref("extensions.crossriderapp498.498.addressbar", "");
Line Found : user_pref("extensions.crossriderapp498.498.affid", "0");
Line Found : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n//------------------  PLUGIN resources_background START  ------------------\n(function(){appAPI.ready=function(a){appAPI.resources.isReady([...]
Line Found : user_pref("extensions.crossriderapp498.498.backgroundver", 49);
Line Found : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp498.498.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1324555110");
Line Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22default%22%2C%22source_id%22%3A%224caa425a93dbdb1f6d0WP013%22%2C%22uzid%22%3A%2214300%26subid%3D%26pid%3[...]
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.value", "1324555110");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_installer_params.value", "%7B%22sub_id%22%3A%22default%22%2C%22source_id%22%3A%224caa425a93dbdb1f6d0WP013%22%2C%22uzid%22%3A%2214300%26subid%3D%2[...]
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.value", "%2214300%22");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_pc_20120828.value", "1347700990802");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_product_id.value", "%221061%22");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.value", "%2214323%22");
Line Found : user_pref("extensions.crossriderapp498.498.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp498.498.cookie.dbtest.value", "1347700983243");
Line Found : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows users to play amazing games against their friends on Facebook and other social platforms.");
Line Found : user_pref("extensions.crossriderapp498.498.domain", "");
Line Found : user_pref("extensions.crossriderapp498.498.emailsig", "");
Line Found : user_pref("extensions.crossriderapp498.498.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp498.498.exposesites", "");
Line Found : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp498.498.group", 0);
Line Found : user_pref("extensions.crossriderapp498.498.homepage", "");
Line Found : user_pref("extensions.crossriderapp498.498.iframe", false);
Line Found : user_pref("extensions.crossriderapp498.498.js", "\n\n//------------------ USER PLUGIN GPL Plugin (Loader) START  ------------------\nArray.prototype.indexOf||(Array.prototype.indexOf=function(B){if(vo[...]
Line Found : user_pref("extensions.crossriderapp498.498.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
Line Found : user_pref("extensions.crossriderapp498.498.newtab", "");
Line Found : user_pref("extensions.crossriderapp498.498.opensearch", "");
Line Found : user_pref("extensions.crossriderapp498.498.premium", true);
Line Found : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp498.498.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp498.498.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp498.498.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498");
Line Found : user_pref("extensions.crossriderapp498.498.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp498.498.ver", 167);
Line Found : user_pref("extensions.crossriderapp498.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp498.apps", "498");
Line Found : user_pref("extensions.crossriderapp498.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Found : user_pref("extensions.crossriderapp498.cid", 498);
Line Found : user_pref("extensions.crossriderapp498.firstrun", false);
Line Found : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp498.installationdate", 1347700957);
Line Found : user_pref("extensions.crossriderapp498.jsver", 3);
Line Found : user_pref("extensions.crossriderapp498.lastcheck", 22975614);
Line Found : user_pref("extensions.crossriderapp498.lastcheckitem", 22975614);
Line Found : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1378536950453");
Line Found : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1378536950452");
Line Found : user_pref("extensions.crossriderapp498.updating", true);
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : search_url
Found : keyword
 
*************************
 
AdwCleaner[R0].txt - [18143 octets] - [17/09/2013 16:01:51]
AdwCleaner[R1].txt - [17994 octets] - [17/09/2013 16:06:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [18055 octets] ##########


#7 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 September 2013 - 03:31 PM

I've still tried to get Combofix running:

 

Error opening file for writing:

C:/32788R22FWJFW/pev.3XE

 

http://s18.postimg.org/nd38wbdyx/error.jpg


Edited by imafool4u, 17 September 2013 - 03:31 PM.


#8 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:03:06 AM

Posted 18 September 2013 - 04:21 PM

Hi imafool4u:)

 

Please delete the previously downloaded copy of ComboFix, download Rkill and a fresh copy of ComboFix and save them to your desktop then:

  1. Double-click on the Rkill icon to run the tool
  2. black DOS box will briefly flash and then disappear; this is normal and indicates the tool ran successfully
  3. Do not reboot the computer or you will need to run the application again

If it does not work, repeat the process and attempt to use one of these remaining links until the tool runs.

After Rkill ran successfully, try again to run ComboFix as previously explained.

 

When done, post the contents of Rkill.txt (that you can find on your desktop) and C:\ComboFix.txt in your next reply.

 

 

Regards

 



#9 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 18 September 2013 - 08:23 PM

Hi and thanks for your response :)
 
Once again after running combofix the second time (rkill killed combofix.exe the first time) near the end of completion the combofix program closed and did not output a log. Sounds serious! :(
 
My rkill log
 
Rkill 2.6.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/18/2013 09:16:20 PM in x64 mode.
Windows Version: Windows 7 Home Premium 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\Frank\Desktop\ComboFix.exe (PID: 3104) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Frank\Desktop\rkill\rkill-09-18-2013-09-17-22.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\ [ZA Dir]
     * C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\ [ZA Dir]
 


#10 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 18 September 2013 - 09:09 PM

I have still been trying to get combofix to work. It does not run with the help of rkill and I can't boot into safe mode because my computer hangs when loading atipcie.sys. I am currently trying to uninstall my video card so that it might let me boot into safe mode, but I don't want to do too much without assistance so I don't mess anything up. 



#11 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:03:06 AM

Posted 20 September 2013 - 05:43 AM

Hello imafool4u :)
 
Trying to solve the trouble about the Safe Mode uninstalling the video card I think is not a good idea, anyway if in the meantime you succeeded to run ComboFix, please post the log.
 
If ComboFix has not worked, please download to your desktop Roguekiller then:

  • Quit all programs that you may have started
  • Please disconnect any external drives from the computer before you run this scan
  • Right-click on the RogueKiller icon and select Run as Administrator
  • Wait until Prescan has finished
  • Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Delete"
  • Wait until the Status box shows "Deleting Finished"
  • Close RogueKiller

When done, please try to run again ComboFix as previously explained.
 
In your next reply please post the contents of the RKreport[2].txt file that you can find on your desktop, and the C:\ComboFix.txt if ComboFix worked.

Please report any issues experienced, too.

 

 

Regards

 



#12 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 21 September 2013 - 12:43 AM

Roguekiller produced 2 logs but I think they are identical so here is that one. Once again after running Combofix it finished running without errors did but did produce a log.

 

Here is rkreport contents

 

RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Frank [Admin rights]
Mode : Remove -- Date : 09/21/2013 01:38:48
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\temp\CR_F3167.tmp\setup.exe [7] -> KILLED [TermProc]
[ZeroAccess][SERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" >) -> DELETED
[RUN][ZeroAccess] HKUS\S-1-5-21-219520508-3467411778-4029630514-1000\[...]\Run : Google Update ("C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" >) -> [0xc0000034] Unknown error
[SERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < [x]) -> DELETED
[SERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < [x]) -> [0x57] The parameter is incorrect. 
[SERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\   \...\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\GoogleUpdate.exe" < [x]) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> [0x3] The system cannot find the path specified. 
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 3 ¤¤¤
[Default][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> DELETED
[Default User][SUSP PATH] Best Buy pc app.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> [0x2] The system cannot find the file specified. 
[Mcx1-FRANK-PC][SUSP PATH] Best Buy pc app.lnk : C:\Users\Mcx1-FRANK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk @C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" [-][-][-] -> DELETED
 
¤¤¤ Web browsers : 3 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Antimalware : C:\Program Files\Microsoft Security Client\Antimalware >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] Backup : C:\Program Files\Microsoft Security Client\Backup >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] CleanUpPolicy.xml : C:\Program Files\Microsoft Security Client\CleanUpPolicy.xml >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] ConfigSecurityPolicy.exe : C:\Program Files\Microsoft Security Client\ConfigSecurityPolicy.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] en-us : C:\Program Files\Microsoft Security Client\en-us >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] eppmanifest.dll : C:\Program Files\Microsoft Security Client\eppmanifest.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSESysprep.dll : C:\Program Files\Microsoft Security Client\MSESysprep.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseces.exe : C:\Program Files\Microsoft Security Client\msseces.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseoobe.exe : C:\Program Files\Microsoft Security Client\msseoobe.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] msseooberes.dll : C:\Program Files\Microsoft Security Client\msseooberes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsseWat.dll : C:\Program Files\Microsoft Security Client\MsseWat.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] setup.exe : C:\Program Files\Microsoft Security Client\setup.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] setupres.dll : C:\Program Files\Microsoft Security Client\setupres.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] sqmapi.dll : C:\Program Files\Microsoft Security Client\sqmapi.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Folder] Install : C:\Users\Frank\AppData\Local\Google\Desktop\Install [-] --> DELETED
[ZeroAccess][Folder] L : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L [-] --> DELETED
[ZeroAccess][Folder] U : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U [-] --> DELETED
[ZeroAccess][Folder] {3b99f81f-31d5-dbab-1bcf-87d0107a285a} : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} [-] --> DELETED
[ZeroAccess][Folder] ???ﯹ๛ : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?��\???ﯹ๛ [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?��\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] ?��?��?�� : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\?��?��?�� [-] --> DELETED
[ZeroAccess][Folder] {3b99f81f-31d5-dbab-1bcf-87d0107a285a} : C:\Users\Frank\AppData\Local\Google\Desktop\Install\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} [-] --> DELETED
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD32 00BEVT-75A23T0 SATA Disk Device +++++
--- User ---
[MBR] 8c44cb8f4f7a6477969102d6c4297e9b
[BSP] 1ce4ce7d0ee3727df5f868cd33303e24 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_09212013_013848.txt >>
RKreport[0]_S_09212013_013807.txt


#13 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 21 September 2013 - 01:06 AM

I noticed strange things happening after a reboot. Things are running more slowly and I noticed suspicious processes cmd.3xe, wermgr.exe consent.exe, swsc.3xe running. consent.exe is running multiple processes. Also when I try to run combofix now it doesn't run and the window becomes unresponsive.  

 

After another reboot things are a little more responsive..but everything feels fragile. I don't know what is going to mess up. Physical memory usage seems a bit high and I don't have a lot of processes running on my user account that I feel are usually running. Also I keep getting a windows notification asking if a program is allowed to make system changes every time I open it like combofix or roguekiller.


Edited by imafool4u, 21 September 2013 - 01:18 AM.


#14 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:03:06 AM

Posted 21 September 2013 - 10:15 AM

Hi imafool4u,

 

Roguekiller did the job, and restored some security settings, too. The warning about system changes that you see when you launch a program is due to this.  :)

 

Now please download to your desktop:

  1. AdwCleaner
  2. Junkware Removal Tool
  3. Farbar Recovery Scan Tool 64bit

then:

 

1- Run AdwCleaner

  • Close all open programs and internet browsers
  • Right click on the AdwCleaner icon and select Run As Administrator to run the tool
  • Click on the Scan button
  • Once the scan has finished, click on the Clean button
  • Click on the OK button when asked to close all programs and follow the onscreen prompts
  • Click on the OK button to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, the log file AdwCleaner [S0]. txt will open automatically, please close it

 

2- Run JRT

  1. Shut down your protection software now to avoid potential conflicts
  2.  Right click on the JRT icon and select Run As Administrator to run the tool
  3. When the black windows open, press any key to continue
  4. On completion, the log file JRT.txt is saved to your desktop and will automatically open; close it

 

3- Run FRST

  1. Right click on the FRST icon and select Run As Administrator to run the tool
  2. When the tool opens click Yes to the disclaimer
  3. Press Scan button
  4. When the scan has finished, two logs called FRST.txt and Addition.txt are saved in the same directory the tool is running from
  5. Close the log files and quit FRST

 

In your next reply please post the contents of these files:

  • C:\AdwCleaner[S0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt

 

Regards

 



#15 imafool4u

imafool4u
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 21 September 2013 - 03:00 PM

I ran all the tools, hope they were successful.
 
ADWCleaner log
 
# AdwCleaner v3.004 - Report created 21/09/2013 at 14:59:52
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Frank - FRANK-PC
# Running from : C:\Users\Frank\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\CodecCheck
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\Trymedia
Folder Deleted : C:\Users\Frank\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Frank\AppData\Local\getsavin
Folder Deleted : C:\Users\Frank\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Frank\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Frank\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\Extensions\DTToolbar@toolbarnet.com
Folder Deleted : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\searchplugins\daemon-search.xml
File Deleted : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Value Deleted : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mass-gmail-account-creator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mass-gmail-account-creator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page Restore]
 
-\\ Mozilla Firefox v4.0.1 (en-US)
 
[ File : C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\prefs.js ]
 
Line Deleted : user_pref("browser.startup.homepage", "hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=7C4E180373687B86&affID=121146&tsp=4994");
Line Deleted : user_pref("extensions.504b1aa8c421b.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.crossrider.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Deleted : user_pref("extensions.crossriderapp435.435.active", true);
Line Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n//------------------  PLUGIN resources_background START  ------------------\n(function(){appAPI.ready=function(a){appAPI.resources.isReady([...]
Line Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 9);
Line Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221347700983%22");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2282415%22");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxps%3A//www.mozilla.org/en-US/plugincheck/%22");
Line Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Line Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
Line Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp435.435.js", "\n//------------------  PLUGIN base_monetization START  ------------------\nvar MonitizationPluginsBase=function(){var a=appAPI.internal&&appAPI.intern[...]
Line Deleted : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Line Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
Line Deleted : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Line Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp435.435.ver", 75);
Line Deleted : user_pref("extensions.crossriderapp435.apps", "435");
Line Deleted : user_pref("extensions.crossriderapp435.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Deleted : user_pref("extensions.crossriderapp435.cid", 435);
Line Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp435.installationdate", 1347700956);
Line Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
Line Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22975521);
Line Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22975614);
Line Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1378536950451");
Line Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1378536950451");
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationTime", 1324555110);
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.active", true);
Line Deleted : user_pref("extensions.crossriderapp498.498.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp498.498.backgroundjs", "\n//------------------  PLUGIN resources_background START  ------------------\n(function(){appAPI.ready=function(a){appAPI.resources.isReady([...]
Line Deleted : user_pref("extensions.crossriderapp498.498.backgroundver", 49);
Line Deleted : user_pref("extensions.crossriderapp498.498.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallationTime.value", "1324555110");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.InstallerParams.value", "%7B%22sub_id%22%3A%22default%22%2C%22source_id%22%3A%224caa425a93dbdb1f6d0WP013%22%2C%22uzid%22%3A%2214300%26subid%3D%26pid%3[...]
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_aoi.value", "1324555110");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_installer_params.value", "%7B%22sub_id%22%3A%22default%22%2C%22source_id%22%3A%224caa425a93dbdb1f6d0WP013%22%2C%22uzid%22%3A%2214300%26subid%3D%2[...]
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_parent_zoneid.value", "%2214300%22");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_pc_20120828.value", "1347700990802");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_product_id.value", "%221061%22");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie._GPL_zoneid.value", "%2214323%22");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp498.498.cookie.dbtest.value", "1347700983243");
Line Deleted : user_pref("extensions.crossriderapp498.498.description", "RewardsArcade is a platform that allows users to play amazing games against their friends on Facebook and other social platforms.");
Line Deleted : user_pref("extensions.crossriderapp498.498.domain", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.group", 0);
Line Deleted : user_pref("extensions.crossriderapp498.498.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.js", "\n\n//------------------ USER PLUGIN GPL Plugin (Loader) START  ------------------\nArray.prototype.indexOf||(Array.prototype.indexOf=function(B){if(vo[...]
Line Deleted : user_pref("extensions.crossriderapp498.498.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.name", "RewardsArcade");
Line Deleted : user_pref("extensions.crossriderapp498.498.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.premium", true);
Line Deleted : user_pref("extensions.crossriderapp498.498.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp498.498.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp498.498.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp498.498.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp498.498.thankyou", "hxxp://www.rewardsarcade.com/r.php?app_id=498");
Line Deleted : user_pref("extensions.crossriderapp498.498.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp498.498.ver", 167);
Line Deleted : user_pref("extensions.crossriderapp498.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp498.apps", "498");
Line Deleted : user_pref("extensions.crossriderapp498.bic", "139c93c9bbaa352a025f32a200e4843c");
Line Deleted : user_pref("extensions.crossriderapp498.cid", 498);
Line Deleted : user_pref("extensions.crossriderapp498.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp498.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp498.installationdate", 1347700957);
Line Deleted : user_pref("extensions.crossriderapp498.jsver", 3);
Line Deleted : user_pref("extensions.crossriderapp498.lastcheck", 22975614);
Line Deleted : user_pref("extensions.crossriderapp498.lastcheckitem", 22975614);
Line Deleted : user_pref("extensions.crossriderapp498.misc.lastBgWorkerTimer", "1378536950453");
Line Deleted : user_pref("extensions.crossriderapp498.misc.lastDomWorkerTimer", "1378536950452");
Line Deleted : user_pref("extensions.crossriderapp498.updating", true);
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : search_url
Deleted : keyword
 
*************************
 
AdwCleaner[R0].txt - [18143 octets] - [17/09/2013 16:01:51]
AdwCleaner[R1].txt - [18204 octets] - [17/09/2013 16:06:17]
AdwCleaner[R2].txt - [18265 octets] - [21/09/2013 14:57:27]
AdwCleaner[S0].txt - [17796 octets] - [21/09/2013 14:59:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17857 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Frank on Sat 09/21/2013 at 15:19:22.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-219520508-3467411778-4029630514-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\urltask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\urltask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\urltask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\urltask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38779BCD-A3AA-49B1-A109-C31E6C5D701D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{38779BCD-A3AA-49B1-A109-C31E6C5D701D}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Frank\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Program Files (x86)\crossriderwebapps"
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{0501AA7D-6C84-46C9-9D1D-6A2DA32B3FCE}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{05BBC175-F1D6-49F1-827E-A3812437E361}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{06859318-CD3D-479C-AF90-99BE2DB2E33F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{093AA497-0A07-460F-A4B0-8FA6B5F00EE1}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{0C1A4290-0A41-4DFB-843B-90D709CF3435}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{0D45B9DD-0456-432C-BE26-6980F8DB3C67}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{125B7874-C909-4A7E-83B0-09B7F73BD90A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{12FEF1BE-0F92-4F1B-B33C-08B43671415F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{13526C0A-F0DC-4913-87BB-0F096CADE07E}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{135D8074-992B-43E5-B9E9-170BFC85B1A4}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{14FABE65-1882-4C60-A9E3-26768E63E04F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{16C6B68E-8D26-4C4E-8964-23A1CC7A385E}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{19481362-CD1F-465E-B28F-B12A0D398552}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{1AB98D9B-B1E4-40A0-A1FE-63AD99433443}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{1B7493BB-7DE9-4731-A018-63AC3FAF9B9A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{1CA5884B-273E-4C9D-9A83-6B7BAF33109F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{2211B53A-E392-4610-AAF8-12D08EB3B53C}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{22508AA1-F652-4E6F-852E-AE0B1267DDDA}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{23085750-0320-4A61-B7CC-2C154B154202}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{233B016E-D428-4BB1-BBEE-4FB66360F9B5}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{240373B3-5445-4679-8202-F1AEA639BE7D}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{24B02AC7-F29F-4D04-B78D-5BDECDB0A2B7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{24CA48CF-F40B-47D8-AB65-376754126F1D}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{28170ED2-E460-4AA1-98ED-46011628D302}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{28B8644A-401A-462B-BB69-6A16A2B296DB}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{298B6883-99AA-4EC9-A710-231831D6FBC9}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{2AFC5B91-D6C2-419E-AE8B-B2C5C2FC3E81}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{2BC7E101-08F0-459D-8975-7596A4B3564B}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{2D9D9CC0-4402-4210-8809-29FA99E55F3A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{3054DB77-4B81-4399-A896-5EF5C695CA3B}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{33AA403F-2175-4B66-B574-C77C57B86ED5}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{362A4B0C-2AD8-4502-A839-A3AAD3456E74}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{386172E9-91D6-4266-B485-0CD51DB149C4}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{3B3143B8-4613-41DC-A5A6-D209C1E177B3}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{3B69E70A-CA28-4DAB-99FD-3C100AB9F904}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{3CF0944A-4223-4650-BC73-DC9ED2B08EC7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{40D3F20F-2F92-46A1-94F1-D5B7465E58B7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4636B745-9053-40ED-A86E-F0FDD78C26FB}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{465569E5-2462-41B5-93D4-FE72DD7113EA}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4768681C-B7D0-4644-BA9B-9BB1BBF0F0C5}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{47A5D516-60B0-4AA9-A7D8-C24CB03004AE}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4B333910-7EE4-4868-BD02-41081CE832FF}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4BE0B3CE-4FC3-48DC-B6FF-BA409C28342C}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4D003A7E-8A33-46D1-8EAA-8DB5BAA80713}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{4DF83579-CC0D-42A4-A082-9A8F583F0AAF}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{508A39BF-4C78-41A3-94AD-89E129F43F2C}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{56956C5A-4859-4A97-9275-91C755FDFF2F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5775C2CF-5B84-40AD-8B91-EC9259EBA4BB}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{577E3728-BFE7-411B-B524-0C798CE26AA0}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5897AF80-482D-434E-B8AE-79772D80C3C7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{58A0FE7E-C0D7-41D1-AD7C-51231164EC44}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{58DB4179-58B8-416B-B6C8-D0872FCCDC5D}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5C239839-665F-48DB-841E-042D86A6317F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5D8F4A1E-3707-470D-95F6-8A919181B4AE}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5DD92B38-FDB7-4B39-AA59-3EFA82DC3486}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5F6792EE-F6D1-4440-A329-743110971C91}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{5F8FCB45-6784-476B-80D7-0C91EAE1240B}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{617F808C-02D3-4ABB-9F95-A236476A9FD6}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{62E1A113-C683-4DD3-B3D5-7D31E7DCD411}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{64224A4B-7EFC-4E1A-94F4-2BE815FD0D4D}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{64ACFFE1-C40A-4DC4-A80E-26D3DF661837}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{676F1E82-6A96-483C-92ED-ED595BB5D256}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{67D5388B-CA5B-4C3E-8225-18CF1E73918A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{6B9D5874-C0BC-40F1-90E0-A535745848E6}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{71CC37AB-1E31-4993-A571-EB070F4A8340}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{748774A9-9E98-489D-98CD-212312A3DAFF}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{7706FBC1-7A47-4015-976D-FB467CD30B35}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{77C7F3F2-6E3D-4AC1-ABA2-E16530F52507}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{77CAFEB0-82CE-4CC7-98DC-2FF631DF28BD}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{782F30C6-8B69-4D58-8729-6F16E40CAB77}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{7DB2C99A-75B7-440D-B533-A45214814CDF}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{7E48B661-D9A1-4E77-A59D-6C1FE0BA2114}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{7E83BCC8-456D-45E6-B0CF-467EDABD4A4A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{804A2B76-2E4F-45B9-8D32-B327C2A90858}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{86CD57D9-0BA3-484D-9B18-99F0B72A95B0}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{890D7823-8E8F-4A79-BB5E-95133F51C82F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{89F43A96-1295-4311-A7D6-DB4CDCD8D625}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{8A7EB160-0131-4FF8-A34D-F9FB091D2B4E}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{919B9BE0-C445-48B3-828B-C45958B23FAE}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{951A65B3-474E-4463-A94E-B3019589AD94}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{95724349-108F-4345-92B0-1658CFD1C988}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{962E0525-05EE-468E-8963-770DC64B3AA0}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{98028CEB-1B21-4E8F-A606-5992446F7C70}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{98A714A0-849F-4412-A7F9-293061E6625F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{9912B22E-105A-4DED-B1E4-AF99F5BDA711}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{A13A7846-7572-4E0D-AC17-92D4A485EFF6}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{A2E44CCE-118B-4030-B5D7-1FEC93E831A9}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{AA19EC09-222A-4EE0-8480-839656B25AF3}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{AC01418C-ABD8-429D-BE76-51D572EB38C3}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{AEBC64A0-7B43-4DD5-804F-8A2B03337AE7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{B05F8924-64C3-4256-BB62-8FA47A8D66FE}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{B286CC93-4550-46CE-89BB-E960D01A882B}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{B5D0482D-9F53-430F-BACE-A417DF9F869E}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{B76EADD3-90D0-4814-8EA3-7281072884F1}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{B773D3F5-E9F9-4DDA-B249-1EAF1EC4C0D7}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{BC811430-76BE-454A-A884-C0D9FDCE7774}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{BCBBC7B1-72F9-4392-A681-6FBCB2B2FD48}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{BF7AC46E-FAE6-417C-91C4-0F61C34690B2}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{C05AE10B-AE12-4C10-B1CC-870D57142AA1}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{C0883B24-8668-4EB0-A71C-6142D712CFC6}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{C147FFF2-15DC-4D53-89F0-26820FDBE04D}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{C18D6EAF-C9A9-4EF9-994A-0B1AEAB0EFF5}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{D08811A2-5EE6-4AB4-B0CC-F44EC57B07A4}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{D433E530-C044-47B2-A316-BBEEDB3D0DAB}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{DD8E2CE1-7A93-4202-A8FF-AB8FA6282156}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{DDF07555-44FB-4AE4-8E3C-D4AE49626CF8}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E142D168-7A24-4679-B73C-EDA6104FA626}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E1B1F4D0-B29C-4478-8BD3-9BBFE449F274}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E2BF6A60-8751-4505-96BE-5646E2D40D3A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E3CE138D-C297-4BD4-BAFA-87F48F21D637}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E60CF5E4-1AAC-425B-B8F7-61B37AA3D3AA}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{E9F82AB4-42D3-4C6C-BD09-E6EF233C806F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{EAB6EFD8-AC88-4C11-ACB2-E5420BD9E714}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{EB3E067C-99D9-41B5-8019-3719CCBEE02A}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{EB7BDEFC-831E-4DAA-98AF-2DCB0C1DF9E9}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{EE324045-15A3-437C-8FB4-315ABB2BD653}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F21353E7-7F38-400D-A69D-792AD5E741B8}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F3E07374-69AB-438F-824B-78A17105F344}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F45F3817-E891-4735-A191-9BCD8FDC528C}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F6833C84-2F55-4492-8CDB-D79437059552}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F80ED1FD-02EF-4A1C-8654-7F1937B80D23}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F8E86BC4-F367-4BFA-97FE-14BB325CDD4F}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{F9E305B3-C240-4E05-9C86-67B7BF9405B9}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{FACA0DB8-55AC-4271-8DD7-EC9D3D93C900}
Successfully deleted: [Empty Folder] C:\Users\Frank\appdata\local\{FE9412BF-E0AA-4242-9168-C45BBF12CF13}
 
 
 
~~~ FireFox
 
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\uhqysrjr.default\searchplugins\bing-zugo.xml
Successfully deleted: [Folder] C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\uhqysrjr.default\extensions\staged
Emptied folder: C:\Users\Frank\AppData\Roaming\mozilla\firefox\profiles\uhqysrjr.default\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at 15:27:25.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by Frank (administrator) on FRANK-PC on 21-09-2013 15:40:23
Running from C:\Users\Frank\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
MountPoints2: H - H:\TL_Bootstrap.exe
MountPoints2: {498e2ab8-256c-11e1-86e5-782bcbcedf59} - H:\Autorun.exe
MountPoints2: {4b257606-14e7-11e1-b0f7-782bcbcedf59} - I:\TL_Bootstrap.exe
MountPoints2: {51b6c956-ebae-11e0-b3cf-782bcbcedf59} - H:\LaunchU3.exe -a
MountPoints2: {c26bb15e-c0b2-11e0-afbf-782bcbcedf59} - G:\Install.exe
MountPoints2: {e7954cf0-bbb3-11e0-9b87-782bcbcedf59} - F:\Launch.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-03-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKU\Mcx1-FRANK-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Mcx1-FRANK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 61.55.141.10:81
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://g.msn.com/uscon/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default
FF NewTab: about:blank
FF SelectedSearchEngine: Mixi.DJ Search
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111222&q=
FF NetworkProxy: "http", "88.150.189.75"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Frank\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: GetSavin - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\Extensions\getsavin@jetpack
FF Extension: iMacros for Firefox - C:\Users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\uhqysrjr.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (High Contrast) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.5_0
CHR Extension: (Hola Unblocker) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.1.565_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1
CHR Extension: (Gmail) - C:\Users\Frank\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
 
==================== Services (Whitelisted) =================
 
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4390376 2011-07-17] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2011-10-05] ()
R2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [103736 2011-10-05] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 RosettaStoneLtdController; C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [352312 2008-09-16] (Rosetta Stone Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23312 2013-01-22] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-01-22] (Dell Computer Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-04-06] (DT Soft Ltd)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2011-10-10] (LG Electronics Inc.)
S3 vzandnetgps; C:\Windows\System32\DRIVERS\lgvzandnetgps64.sys [28160 2011-10-10] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36352 2011-10-10] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2011-10-21] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\WBT\WBT_W64\DDDriver.sys [x]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 PCDSRVC{1353820B-E58E0D1F-06020200}_0; \??\c:\__de11ctstestfolder20120wdcsa__\tools\pcdr\pcdsrvc_x64.pkms [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-21 15:40 - 2013-09-21 15:40 - 00000000 ____D C:\FRST
2013-09-21 15:27 - 2013-09-21 15:27 - 00015758 _____ C:\Users\Frank\Desktop\JRT.txt
2013-09-21 15:19 - 2013-09-21 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 14:57 - 2013-09-21 14:56 - 01029675 _____ (Thisisu) C:\Users\Frank\Desktop\JRT.exe
2013-09-21 14:56 - 2013-09-21 14:56 - 01956670 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2013-09-21 14:55 - 2013-09-21 14:56 - 01956670 _____ (Farbar) C:\Users\Frank\Downloads\FRST64.exe
2013-09-21 14:55 - 2013-09-21 14:56 - 01039554 _____ C:\Users\Frank\Downloads\AdwCleaner.exe
2013-09-21 14:55 - 2013-09-21 14:56 - 01029675 _____ (Thisisu) C:\Users\Frank\Downloads\JRT.exe
2013-09-21 14:47 - 2013-09-21 14:47 - 00003288 ____N C:\bootsqm.dat
2013-09-21 14:44 - 2013-09-21 14:44 - 00000000 __SHD C:\found.000
2013-09-21 02:19 - 2013-09-21 02:19 - 00001403 _____ C:\Users\Frank\Desktop\RKreport[0]_H_09212013_021916.txt
2013-09-21 02:18 - 2013-09-21 02:18 - 00002437 _____ C:\Users\Frank\Desktop\RKreport[0]_S_09212013_021817.txt
2013-09-21 02:03 - 2013-09-21 02:03 - 03812352 _____ C:\Users\Frank\Downloads\RogueKillerX64 (1).exe
2013-09-21 01:38 - 2013-09-21 01:38 - 00011033 _____ C:\Users\Frank\Desktop\RKreport[0]_D_09212013_013848.txt
2013-09-21 01:38 - 2013-09-21 01:38 - 00009444 _____ C:\Users\Frank\Desktop\RKreport[0]_S_09212013_013807.txt
2013-09-21 01:33 - 2013-09-21 01:39 - 00000000 ____D C:\Users\Frank\Desktop\RK_Quarantine
2013-09-21 01:32 - 2013-09-21 01:33 - 03812352 _____ C:\Users\Frank\Downloads\RogueKillerX64.exe
2013-09-19 14:54 - 2013-09-19 14:55 - 00000000 ____D C:\Users\Frank\Desktop\scrapebox
2013-09-19 14:52 - 2013-09-19 14:52 - 14290708 _____ C:\Users\Frank\Downloads\scrapebox.rar
2013-09-19 05:19 - 2013-09-19 05:19 - 00006000 _____ C:\Users\Frank\Downloads\sensibux (1).site
2013-09-19 05:12 - 2013-09-19 05:12 - 00003600 _____ C:\Users\Frank\Downloads\jollyclicks.site
2013-09-19 04:43 - 2013-09-19 04:43 - 00002944 _____ C:\Users\Frank\Downloads\ptcsmart.site
2013-09-19 04:41 - 2013-09-19 04:41 - 00005008 _____ C:\Users\Frank\Downloads\twickerz.site
2013-09-19 04:41 - 2013-09-19 04:41 - 00004704 _____ C:\Users\Frank\Downloads\hotterthanhotbux.site
2013-09-19 04:38 - 2013-09-19 04:38 - 00002800 _____ C:\Users\Frank\Downloads\hitzza.site
2013-09-19 04:35 - 2013-09-19 04:35 - 00003360 _____ C:\Users\Frank\Downloads\bux-gpx.site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Incentria.site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Clicksia (2).site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Clicksia (1).site
2013-09-18 22:06 - 2013-09-20 04:45 - 00551408 _____ (McAfee, Inc.) C:\Users\Frank\Downloads\rootkitremover.exe
2013-09-18 21:49 - 2013-09-18 21:49 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64-4419.com
2013-09-18 21:45 - 2013-09-18 22:01 - 253911528 _____ C:\Users\Frank\Downloads\R268878.exe
2013-09-18 21:23 - 2013-09-18 21:23 - 05128653 _____ (Swearware) C:\Users\Frank\Downloads\ComboFix (1).exe
2013-09-18 21:17 - 2013-09-18 21:17 - 00000000 ____D C:\Users\Frank\Desktop\rkill
2013-09-18 21:16 - 2013-09-18 21:50 - 00005168 _____ C:\Users\Frank\Desktop\Rkill.txt
2013-09-18 21:16 - 2013-09-18 21:16 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64.com
2013-09-18 18:01 - 2013-09-21 01:55 - 05128554 _____ (Swearware) C:\Users\Frank\Downloads\ComboFix.exe
2013-09-18 18:01 - 2013-09-18 18:01 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Frank\Downloads\rkill.com
2013-09-18 18:01 - 2013-09-18 18:01 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill.com
2013-09-18 05:14 - 2013-09-18 05:17 - 45038163 _____ C:\Users\Frank\Downloads\QuicklySpotProfitableNiches.zip
2013-09-17 22:22 - 2013-09-17 22:22 - 00211801 _____ C:\Users\Frank\Downloads\subsilver2_3.0.11.zip
2013-09-17 20:54 - 2013-09-17 20:54 - 00000661 _____ C:\Users\Frank\Desktop\New Text Document.txt
2013-09-17 20:53 - 2013-09-17 20:53 - 00000000 ____D C:\Users\Frank\Documents\iMacros
2013-09-17 18:43 - 2013-09-17 19:36 - 00022528 _____ C:\Users\Frank\Documents\illegal stuff forum.msam
2013-09-17 15:58 - 2013-09-17 15:58 - 00000000 ____D C:\Qoobox
2013-09-17 15:42 - 2013-09-21 15:00 - 00000000 ____D C:\AdwCleaner
2013-09-17 15:19 - 2013-09-17 15:19 - 00000000 ____D C:\Windows\erdnt
2013-09-17 15:17 - 2013-09-17 15:17 - 01039554 _____ C:\Users\Frank\Downloads\AdwCleaner (1).exe
2013-09-17 15:16 - 2013-09-21 14:56 - 01039554 _____ C:\Users\Frank\Desktop\AdwCleaner.exe
2013-09-17 04:07 - 2013-09-17 04:08 - 00269764 _____ C:\Users\Frank\Downloads\jingling_159530 (1).rar
2013-09-17 04:07 - 2013-09-17 04:07 - 00269764 _____ C:\Users\Frank\Downloads\jingling_159530.rar
2013-09-17 01:26 - 2013-09-17 01:26 - 00575688 _____ C:\Users\Frank\Downloads\Player_Setup (1).exe
2013-09-17 01:00 - 2013-09-17 01:00 - 00000000 _____ C:\conversation.log
2013-09-16 23:54 - 2013-09-16 23:54 - 00000000 ____D C:\Users\Mcx1-FRANK-PC\AppData\Roaming\SecondLife
2013-09-16 23:53 - 2013-09-16 23:53 - 00001127 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2013-09-16 23:52 - 2013-09-16 23:53 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2013-09-16 22:59 - 2013-09-16 22:59 - 00195968 _____ C:\Users\Frank\Downloads\RawCoupon_187683_207178_1-737885181_r_.exe
2013-09-16 20:18 - 2013-09-16 20:19 - 19362952 _____ (IObit                                                       ) C:\Users\Frank\Downloads\imfv2-setup-for-review.exe
2013-09-16 01:21 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20130916-012138.backup
2013-09-16 00:55 - 2013-09-16 01:10 - 00000000 ____D C:\Users\Frank\AppData\Roaming\UBot Studio
2013-09-16 00:13 - 2013-09-16 00:15 - 93746448 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\msert.exe
2013-09-15 23:42 - 2013-09-16 01:10 - 00000000 ____D C:\Users\Frank\Desktop\Truedesk
2013-09-15 23:30 - 2013-09-21 14:48 - 00013556 _____ C:\Windows\PFRO.log
2013-09-15 21:48 - 2013-09-15 21:49 - 07243059 _____ C:\Users\Frank\Downloads\lcars_for_rainmeter_version_2_3__june_23__by_freaky333-d63gt7v.rmskin
2013-09-15 21:44 - 2013-09-15 21:44 - 00000000 ____D C:\Users\Frank\Documents\Rainmeter
2013-09-15 21:44 - 2013-09-15 21:44 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Rainmeter
2013-09-15 21:28 - 2013-09-15 21:28 - 00000000 ____D C:\Program Files\Rainmeter
2013-09-15 21:25 - 2013-09-15 21:25 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-15 21:23 - 2013-09-15 21:23 - 01306832 _____ C:\Users\Frank\Downloads\Rainmeter-3.0-r2090-beta.exe
2013-09-15 20:01 - 2013-09-15 20:01 - 01768407 _____ C:\Users\Frank\Downloads\Mypasa.net_software.rar
2013-09-14 22:53 - 2013-09-14 22:53 - 00002883 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2013-09-14 22:53 - 2013-09-14 22:53 - 00000000 ____D C:\Program Files (x86)\HitLeap
2013-09-14 22:50 - 2013-09-14 22:51 - 27656192 _____ C:\Users\Frank\Downloads\HitLeap Viewer.msi
2013-09-14 07:05 - 2013-09-14 07:05 - 00575728 _____ C:\Users\Frank\Downloads\Player_Setup.exe
2013-09-14 05:50 - 2013-09-14 05:50 - 02685960 _____ (Eovendo) C:\Users\Frank\Downloads\eovendo01 (1).exe
2013-09-14 03:32 - 2013-09-14 03:32 - 00688992 ____R (Swearware) C:\Users\Frank\Downloads\dds.com
2013-09-14 02:47 - 2013-09-14 02:47 - 02777563 _____ C:\Users\Frank\Downloads\NeobuxUltimateStrategy.zip
2013-09-14 02:41 - 2013-09-14 02:43 - 18570816 _____ (COMODO) C:\Users\Frank\Downloads\CCS_Setup_2.0.162151.21_xp_vista_server2003_win7.exe
2013-09-14 02:35 - 2013-09-14 02:35 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 02:33 - 2013-09-16 19:24 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-14 02:33 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-09-14 02:31 - 2013-09-14 02:32 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Frank\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-13 23:57 - 2013-09-21 15:01 - 00002652 _____ C:\Windows\setupact.log
2013-09-13 23:57 - 2013-09-13 23:57 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 23:07 - 2013-09-21 14:48 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-13 22:53 - 2013-09-21 14:48 - 00000000 ____D C:\ProgramData\MFAData
2013-09-13 22:53 - 2013-09-13 22:53 - 04425448 _____ (AVG Technologies) C:\Users\Frank\Downloads\avg_free_stb_all_2014_4116_cnet.exe
2013-09-13 22:53 - 2013-09-13 22:53 - 00000000 ____D C:\Users\Frank\AppData\Local\MFAData
2013-09-13 18:08 - 2013-09-13 18:09 - 00000000 ____D C:\Users\Frank\Downloads\Car Thief 5 Breaking Through
2013-09-13 17:42 - 2013-09-13 17:42 - 00026020 _____ C:\Users\Frank\Downloads\[kickass.to]pc.games.car.thief.5.1.breaking.through.torrent
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Windows\Temp2CD8F996-F8C6-C2A9-9354-61A25F66D60C-Signatures
2013-09-13 03:44 - 2013-09-13 03:46 - 05205788 _____ C:\Users\Frank\Downloads\Backlinks Booster.zip
2013-09-13 02:51 - 2013-09-13 02:51 - 00001182 _____ C:\Users\Frank\Downloads\sitemap.xml.gz
2013-09-13 02:49 - 2013-09-13 02:49 - 00595614 _____ C:\Users\Frank\Downloads\google-sitemap-generator.3.2.9.zip
2013-09-13 02:45 - 2013-09-13 02:45 - 00000053 _____ C:\Users\Frank\Downloads\google60c7c135407b357b.html
2013-09-13 02:45 - 2013-09-13 02:45 - 00000053 _____ C:\Users\Frank\Downloads\google60c7c135407b357b (1).html
2013-09-13 01:54 - 2013-09-13 01:54 - 00419720 _____ C:\Users\Frank\Downloads\Apparition_1_6_1.zip
2013-09-13 01:51 - 2013-09-13 01:51 - 00582603 _____ C:\Users\Frank\Downloads\bleu.rar
2013-09-13 00:52 - 2013-09-13 00:52 - 00568004 _____ C:\Users\Frank\Downloads\metro_for_steam___3_1_1_by_boneyardbrew-d4u3kjv.zip
2013-09-13 00:47 - 2013-09-13 00:48 - 01747282 _____ C:\Users\Frank\Downloads\NMRiH_SteamSkin_V1.zip
2013-09-13 00:33 - 2013-09-13 00:33 - 00002314 _____ C:\Users\Frank\Downloads\front-page-excluded-categories.1.1.1.zip
2013-09-13 00:19 - 2013-09-13 00:19 - 00218792 _____ C:\Users\Frank\Downloads\lost-coast.1.0.zip
2013-09-13 00:12 - 2013-09-13 00:12 - 00095647 _____ C:\Users\Frank\Downloads\greenygrass.zip
2013-09-13 00:12 - 2013-09-13 00:12 - 00095647 _____ C:\Users\Frank\Downloads\greenygrass (1).zip
2013-09-12 22:58 - 2013-09-12 22:58 - 00020680 _____ C:\Users\Frank\Downloads\[kickass.to]22.steam.skins.torrent
2013-09-12 21:31 - 2013-09-12 21:31 - 02685960 _____ (Eovendo) C:\Users\Frank\Downloads\eovendo01.exe
2013-09-12 20:58 - 2013-09-12 20:59 - 00975586 _____ C:\Users\Frank\Downloads\theperfectsiteguide (1).zip
2013-09-12 01:05 - 2013-09-12 01:05 - 00436499 _____ C:\Users\Frank\Downloads\League_Of_Legends_Collage.zip
2013-09-11 23:23 - 2013-09-11 23:23 - 00313221 _____ C:\Users\Frank\Downloads\PBux V1.3.rar
2013-09-11 23:23 - 2013-09-11 23:23 - 00313221 _____ C:\Users\Frank\Downloads\PBux V1.3 (1).rar
2013-09-11 22:24 - 2013-09-21 15:06 - 00099161 _____ C:\Windows\WindowsUpdate.log
2013-09-11 06:13 - 2013-09-13 16:42 - 00000000 ____D C:\ProgramData\BOINC
2013-09-11 06:13 - 2013-09-11 22:20 - 00000000 ____D C:\Program Files\BOINC
2013-09-11 06:13 - 2013-09-11 06:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
2013-09-11 06:11 - 2013-09-11 06:11 - 00000000 ____D C:\Windows\Downloaded Installations
2013-09-10 23:58 - 2013-09-11 02:29 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Bitcoin
2013-09-10 23:58 - 2013-09-10 23:58 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-09-10 23:58 - 2013-09-10 23:58 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2013-09-10 22:00 - 2013-09-10 22:38 - 00486400 _____ C:\Users\Frank\Documents\buy a cheap laptop.msam
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MarketSamurai
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-09-10 21:57 - 2013-09-10 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-10 21:57 - 2013-09-10 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-10 21:55 - 2013-09-10 21:55 - 03700928 _____ C:\Users\Frank\Downloads\MarketSamurai.0.92.70.air
2013-09-10 21:03 - 2013-09-10 21:03 - 00171712 _____ C:\Users\Frank\Downloads\diddlydoes,.zip
2013-09-10 18:51 - 2013-09-10 18:51 - 00000053 _____ C:\Users\Frank\Downloads\googlea7aeb1de54046a71.html
2013-09-10 18:51 - 2013-09-10 18:51 - 00000053 _____ C:\Users\Frank\Downloads\googlea7aeb1de54046a71 (1).html
2013-09-10 17:16 - 2013-09-10 17:16 - 00082456 _____ C:\Users\Frank\Downloads\generator.rar
2013-09-10 16:31 - 2013-09-10 16:31 - 00034346 _____ C:\Users\Frank\Downloads\Spambot (1).jar
2013-09-10 04:56 - 2013-09-10 05:10 - 00143300 _____ C:\Windows\vssetup.ttf
2013-09-10 04:56 - 2013-09-10 05:10 - 00001409 _____ C:\Windows\vssetup.for
2013-09-10 04:49 - 2013-09-10 04:49 - 00000000 ____D C:\Windows\Java
2013-09-10 04:49 - 1998-12-07 06:45 - 00170256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jit.dll
2013-09-10 04:49 - 1998-12-06 17:37 - 00046352 _____ (Microsoft Corporation) C:\Windows\setdebug.exe
2013-09-10 04:49 - 1998-12-06 17:35 - 00139536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\javaee.dll
2013-09-10 04:49 - 1998-12-06 17:18 - 00007311 _____ C:\Windows\SysWOW64\javasup.vxd
2013-09-10 04:49 - 1998-12-06 16:53 - 00006550 _____ C:\Windows\jautoexp.dat
2013-09-10 04:49 - 1998-12-06 16:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dx3j.dll
2013-09-10 04:48 - 1998-12-07 06:46 - 00153872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msawt.dll
2013-09-10 04:48 - 1998-12-07 06:45 - 00933136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjava.dll
2013-09-10 04:48 - 1998-12-07 06:45 - 00364304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\javart.dll
2013-09-10 04:48 - 1998-12-07 04:56 - 00034576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\javaprxy.dll
2013-09-10 04:48 - 1998-12-06 17:41 - 00021264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjdbc10.dll
2013-09-10 04:48 - 1998-12-06 17:38 - 00049424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clspack.exe
2013-09-10 04:48 - 1998-12-06 17:37 - 00256272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vmhelper.dll
2013-09-10 04:48 - 1998-12-06 17:36 - 00158992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jview.exe
2013-09-10 04:48 - 1998-12-06 17:36 - 00152848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wjview.exe
2013-09-10 04:48 - 1998-12-06 17:36 - 00015120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jdbgmgr.exe
2013-09-10 04:48 - 1998-12-06 17:34 - 00188176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\javacypt.dll
2013-09-10 04:48 - 1998-12-06 16:56 - 00021444 _____ C:\Windows\SysWOW64\javasec.hlp
2013-09-10 04:48 - 1998-12-06 16:56 - 00011403 _____ C:\Windows\SysWOW64\javaperm.hlp
2013-09-10 04:48 - 1998-12-06 16:56 - 00000113 _____ C:\Windows\SysWOW64\zonedon.reg
2013-09-10 04:48 - 1998-12-06 16:56 - 00000113 _____ C:\Windows\SysWOW64\zonedoff.reg
2013-09-10 01:58 - 2013-09-10 01:58 - 00012919 _____ C:\Users\Frank\Downloads\[kickass.to]visual.basic.6.0.enterprise.edition.a4.torrent
2013-09-10 01:55 - 2013-09-10 01:55 - 00014050 _____ C:\Users\Frank\Downloads\[kickass.to]visual.basic.6.enterprise.edition.w.serial.torrent
2013-09-10 00:33 - 2013-09-10 00:33 - 00258529 _____ C:\Users\Frank\Downloads\xbox_theme.zip
2013-09-09 20:47 - 2013-09-09 20:47 - 00152750 _____ C:\Users\Frank\Downloads\ultra_xbox_360.zip
2013-09-09 04:24 - 2013-09-09 04:24 - 00015720 _____ C:\Users\Frank\Downloads\_AddMeFast Scripts by last_ed.rar
2013-09-09 03:13 - 2013-09-09 03:13 - 02467424 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher64(1).exe
2013-09-09 03:04 - 2013-09-09 03:04 - 00000036 _____ C:\Users\Frank\AppData\Local\housecall.guid.cache
2013-09-09 03:04 - 2012-07-26 22:02 - 00173504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2013-09-09 03:01 - 2013-09-09 03:02 - 02467424 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher64.exe
2013-09-09 02:45 - 2013-09-09 02:46 - 00000000 ____D C:\Windows\Temp7532E3DF-F7A2-F6F2-8956-D038AD1F7E7D-Signatures
2013-09-09 02:43 - 2013-09-09 02:43 - 13813944 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\mseinstall.exe
2013-09-09 02:34 - 2013-09-09 02:35 - 00347424 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\MicrosoftFixit.WindowsFirewall.RNP.194302139176858917.1.1.Run.exe
2013-09-09 00:14 - 2013-09-09 00:14 - 00303728 _____ (SummerSoft) C:\Users\Frank\Downloads\MSWINSCK.OCX.exe
2013-09-09 00:08 - 2000-12-06 09:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\Mswinsck.ocx
2013-09-09 00:07 - 2013-09-09 00:07 - 00201590 _____ C:\Users\Frank\Downloads\donut_http_flooder_1.4.rar
2013-09-08 21:53 - 2013-09-08 21:53 - 02049128 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher.exe
2013-09-08 21:06 - 2013-09-08 21:06 - 03287648 _____ C:\Users\Frank\Downloads\Ultimate Bitvisitor Bot_106.zip
2013-09-08 03:01 - 2013-09-08 03:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-09-07 15:03 - 2013-09-07 15:03 - 02716962 _____ (                                                            ) C:\Users\Frank\Downloads\SecurityKISSsetup.exe
2013-09-07 00:45 - 2013-09-07 00:45 - 00975586 _____ C:\Users\Frank\Downloads\theperfectsiteguide.zip
2013-09-07 00:40 - 2013-09-07 00:40 - 00034346 _____ C:\Users\Frank\Downloads\Spambot.jar
2013-09-06 23:29 - 2013-09-06 23:29 - 02174831 _____ C:\Users\Frank\Downloads\LiveCodeGenerator2013_09.zip
2013-09-06 23:21 - 2013-09-06 23:22 - 00825776 _____ (AirInstaller                                  ) C:\Users\Frank\Downloads\setup (1).exe
2013-09-06 20:26 - 2013-09-06 20:26 - 00023259 _____ C:\Users\Frank\Downloads\wsock32.zip
2013-09-06 20:17 - 2013-09-06 20:17 - 00020823 _____ C:\Users\Frank\Downloads\dra2tr.zip
2013-09-06 20:13 - 2013-09-06 20:27 - 00000000 ____D C:\Program Files (x86)\Red Alert 2 Yuri's Revenge
2013-09-06 20:05 - 2013-09-06 20:12 - 425959365 _____ C:\Users\Frank\Downloads\Red Alert 2 Yuri's Revenge.exe
2013-09-06 20:05 - 2013-09-06 20:05 - 00016848 _____ C:\Users\Frank\Downloads\[kickass.to]red.alert.2.yuri.s.revenge.henz.torrent
2013-09-06 12:49 - 2013-09-06 12:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-06 12:42 - 2013-09-06 12:43 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Frank\Downloads\SkypeSetup.exe
2013-09-06 02:11 - 2013-09-06 02:12 - 00004288 _____ C:\Users\Frank\Downloads\clicks-fx.site
2013-09-06 01:56 - 2013-09-06 01:56 - 00002976 _____ C:\Users\Frank\Downloads\the-bux.site
2013-09-06 01:11 - 2013-09-06 01:11 - 00004832 _____ C:\Users\Frank\Downloads\7starptc.site
2013-09-06 01:04 - 2013-09-06 01:04 - 00004688 _____ C:\Users\Frank\Downloads\zeebux.site
2013-09-06 01:01 - 2013-09-06 01:02 - 00004688 _____ C:\Users\Frank\Downloads\sensibux.site
2013-09-06 00:58 - 2013-09-06 00:58 - 00003504 _____ C:\Users\Frank\Downloads\ptcsolution (1).site
2013-09-06 00:52 - 2013-09-06 00:52 - 00003344 _____ C:\Users\Frank\Downloads\nerdbux.site
2013-09-06 00:47 - 2013-09-06 00:48 - 00191814 _____ C:\Users\Frank\Downloads\sites for MC.rar
2013-09-05 21:32 - 2013-09-05 21:33 - 00000000 ____D C:\Users\Frank\Downloads\40+ ebooks
2013-09-05 04:58 - 2013-09-05 04:58 - 05072913 _____ C:\Users\Frank\Downloads\Swift Viewer (1).zip
2013-09-05 04:57 - 2013-09-05 04:57 - 05072913 _____ C:\Users\Frank\Downloads\Swift Viewer.zip
2013-09-04 20:31 - 2013-09-04 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 20:31 - 2013-09-04 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-03 14:23 - 2013-09-03 14:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Spiritsoft
2013-09-03 01:55 - 2013-09-03 01:55 - 00907480 _____ C:\Users\Frank\Downloads\YOS_-_Public_Bin_1_01.rar
2013-09-03 01:52 - 2013-09-03 01:54 - 00010135 _____ C:\Users\Frank\Downloads\OmegleBot!.zip
2013-09-02 21:59 - 2013-09-02 21:59 - 00000000 ____D C:\Users\Frank\AppData\Local\avgchrome
2013-09-02 21:57 - 2013-09-02 21:57 - 00000000 ____D C:\Program Files (x86)\Subway Surfers
2013-09-02 21:55 - 2013-09-02 21:55 - 00163392 _____ () C:\Users\Frank\Downloads\7ZipSetup-4RoChrQ.exe
2013-09-02 21:54 - 2013-09-02 21:55 - 00908112 _____ C:\Users\Frank\Downloads\Subway Surfers Setup%CH_5225413c9f469612693038_.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303680 _____ (SummerSoft) C:\Users\Frank\Downloads\Cashnhits$0.6.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303648 _____ (SummerSoft) C:\Users\Frank\Downloads\gptplanet.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303648 _____ (SummerSoft) C:\Users\Frank\Downloads\Bucks247.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303632 _____ (SummerSoft) C:\Users\Frank\Downloads\The-Bux.site.exe
2013-09-01 00:20 - 2013-09-01 00:20 - 00030813 _____ C:\Users\Frank\Downloads\cap (1).rar
2013-09-01 00:19 - 2013-09-01 00:19 - 00030813 _____ C:\Users\Frank\Downloads\cap.rar
2013-08-31 23:57 - 2013-08-31 23:57 - 00004640 _____ C:\Users\Frank\Downloads\monbux.site
2013-08-31 23:43 - 2013-08-31 23:43 - 00004592 _____ C:\Users\Frank\Downloads\mihabux.site
2013-08-31 23:36 - 2013-08-31 23:36 - 00004688 _____ C:\Users\Frank\Downloads\111bux.site
2013-08-31 23:32 - 2013-08-31 23:32 - 00004608 _____ C:\Users\Frank\Downloads\rollingbux.site
2013-08-31 23:31 - 2013-08-31 23:31 - 00004688 _____ C:\Users\Frank\Downloads\dssbux.site
2013-08-31 23:28 - 2013-08-31 23:28 - 00004688 _____ C:\Users\Frank\Downloads\showmethebux.site
2013-08-31 23:19 - 2013-08-31 23:19 - 00004688 _____ C:\Users\Frank\Downloads\neurosbux.site
2013-08-31 23:10 - 2013-08-31 23:10 - 00004672 _____ C:\Users\Frank\Downloads\yoyobux (1).site
2013-08-31 23:09 - 2013-08-31 23:09 - 00004672 _____ C:\Users\Frank\Downloads\yoyobux.site
2013-08-31 22:34 - 2013-08-31 22:34 - 00004688 _____ C:\Users\Frank\Downloads\etybox.site
2013-08-31 22:30 - 2013-08-31 22:30 - 00004704 _____ C:\Users\Frank\Downloads\pinoyincomebux.site
2013-08-31 21:30 - 2013-08-31 21:30 - 00004416 _____ C:\Users\Frank\Downloads\clixsense.site
2013-08-31 20:53 - 2013-08-31 20:53 - 00824744 _____ (AirInstaller                                  ) C:\Users\Frank\Downloads\Setup.exe
2013-08-31 20:47 - 2013-08-31 20:48 - 00004272 _____ C:\Users\Frank\Downloads\Cashnhits.site
2013-08-31 04:42 - 2013-08-31 04:43 - 31097224 _____ C:\Users\Frank\Downloads\40+ ebooks.zip
2013-08-30 19:52 - 2013-08-30 19:52 - 00003232 _____ C:\Users\Frank\Downloads\click-service.site
2013-08-30 19:48 - 2013-08-30 19:48 - 00003504 _____ C:\Users\Frank\Downloads\ptcsolution.site
2013-08-30 19:42 - 2013-08-30 19:42 - 00002832 _____ C:\Users\Frank\Downloads\buxshares.site
2013-08-30 19:37 - 2013-08-30 19:37 - 00003824 _____ C:\Users\Frank\Downloads\northclicks.site
2013-08-30 19:31 - 2013-08-30 19:31 - 00003536 _____ C:\Users\Frank\Downloads\easycashclicks.site
2013-08-30 19:21 - 2013-08-30 19:21 - 00002944 _____ C:\Users\Frank\Downloads\Adsclickers.site
2013-08-30 19:20 - 2013-08-30 19:20 - 00003872 _____ C:\Users\Frank\Downloads\business-ptc.site
2013-08-30 19:11 - 2013-08-30 19:11 - 00004736 _____ C:\Users\Frank\Downloads\cashons.site
2013-08-30 19:10 - 2013-08-30 19:10 - 00004144 _____ C:\Users\Frank\Downloads\hangarads.site
2013-08-30 18:53 - 2013-08-30 18:53 - 00003696 _____ C:\Users\Frank\Downloads\urbanclix.site
2013-08-30 18:42 - 2013-08-30 18:42 - 00003744 _____ C:\Users\Frank\Downloads\tulipptc.site
2013-08-30 18:40 - 2013-08-30 18:40 - 00003328 _____ C:\Users\Frank\Downloads\Theclikclub.com_ap_pp[$_5].site
2013-08-30 18:30 - 2013-08-30 18:32 - 00000000 ____D C:\Users\Frank\AppData\Local\M2PD
2013-08-27 18:43 - 2013-08-27 18:43 - 00001261 _____ C:\c1ean2up.bat
2013-08-22 13:23 - 2013-08-22 13:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDiFF.com
2013-08-22 13:23 - 2013-08-22 13:23 - 00000000 ____D C:\Program Files (x86)\ADDiFF.com
2013-08-22 13:21 - 2013-08-22 13:21 - 00392040 _____ (Softonic                                        ) C:\Users\Frank\Downloads\SoftonicDownloader_for_mass-gmail-account-creator.exe
2013-08-22 13:19 - 2013-08-22 13:19 - 08640326 _____ C:\Users\Frank\Downloads\GYC.zip
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Frank\AppData\Local\SkinSoft
2013-08-22 13:10 - 2013-08-22 13:10 - 04554861 _____ C:\Users\Frank\Downloads\MassGmailCreatorSetup.zip
2013-08-22 12:41 - 2013-08-22 12:41 - 00001065 _____ C:\Users\Mcx1-FRANK-PC\Desktop\MultiProxy.lnk
2013-08-22 12:40 - 2013-08-22 12:40 - 00171656 _____ C:\Users\Frank\Downloads\mproxy12.zip
2013-08-22 12:40 - 2013-08-22 12:40 - 00000000 ____D C:\Program Files (x86)\MultiProxy
2013-08-22 12:39 - 2013-08-22 12:39 - 00693352 _____ (Initex) C:\Users\Frank\Downloads\ProxyChecker.exe
2013-08-22 03:35 - 2013-08-22 03:35 - 00010053 _____ C:\Users\Frank\Downloads\DS_CursorSnakeText_10S.zip
2013-08-22 03:19 - 2013-08-22 03:19 - 00002400 _____ C:\Users\Frank\Downloads\mouse_trail_effect.htm
2013-08-22 02:33 - 2013-08-22 03:28 - 00047971 _____ C:\Users\Frank\Downloads\35.zip
 
==================== One Month Modified Files and Folders =======
 
2013-09-21 15:40 - 2013-09-21 15:40 - 00000000 ____D C:\FRST
2013-09-21 15:28 - 2011-04-03 19:59 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-21 15:27 - 2013-09-21 15:27 - 00015758 _____ C:\Users\Frank\Desktop\JRT.txt
2013-09-21 15:19 - 2013-09-21 15:19 - 00000000 ____D C:\Windows\ERUNT
2013-09-21 15:10 - 2009-07-14 00:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 15:10 - 2009-07-14 00:45 - 00013872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 15:06 - 2013-09-11 22:24 - 00099161 _____ C:\Windows\WindowsUpdate.log
2013-09-21 15:03 - 2011-04-03 19:01 - 00000000 ____D C:\Users\Frank\AppData\Local\SoftThinks
2013-09-21 15:02 - 2011-04-03 19:59 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 15:02 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 15:01 - 2013-09-13 23:57 - 00002652 _____ C:\Windows\setupact.log
2013-09-21 15:00 - 2013-09-17 15:42 - 00000000 ____D C:\AdwCleaner
2013-09-21 14:56 - 2013-09-21 14:57 - 01029675 _____ (Thisisu) C:\Users\Frank\Desktop\JRT.exe
2013-09-21 14:56 - 2013-09-21 14:56 - 01956670 _____ (Farbar) C:\Users\Frank\Desktop\FRST64.exe
2013-09-21 14:56 - 2013-09-21 14:55 - 01956670 _____ (Farbar) C:\Users\Frank\Downloads\FRST64.exe
2013-09-21 14:56 - 2013-09-21 14:55 - 01039554 _____ C:\Users\Frank\Downloads\AdwCleaner.exe
2013-09-21 14:56 - 2013-09-21 14:55 - 01029675 _____ (Thisisu) C:\Users\Frank\Downloads\JRT.exe
2013-09-21 14:56 - 2013-09-17 15:16 - 01039554 _____ C:\Users\Frank\Desktop\AdwCleaner.exe
2013-09-21 14:48 - 2013-09-15 23:30 - 00013556 _____ C:\Windows\PFRO.log
2013-09-21 14:48 - 2013-09-13 23:07 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-21 14:48 - 2013-09-13 22:53 - 00000000 ____D C:\ProgramData\MFAData
2013-09-21 14:47 - 2013-09-21 14:47 - 00003288 ____N C:\bootsqm.dat
2013-09-21 14:44 - 2013-09-21 14:44 - 00000000 __SHD C:\found.000
2013-09-21 14:22 - 2009-07-14 01:13 - 00736622 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-21 14:19 - 2011-12-04 12:45 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000UA.job
2013-09-21 02:19 - 2013-09-21 02:19 - 00001403 _____ C:\Users\Frank\Desktop\RKreport[0]_H_09212013_021916.txt
2013-09-21 02:18 - 2013-09-21 02:18 - 00002437 _____ C:\Users\Frank\Desktop\RKreport[0]_S_09212013_021817.txt
2013-09-21 02:03 - 2013-09-21 02:03 - 03812352 _____ C:\Users\Frank\Downloads\RogueKillerX64 (1).exe
2013-09-21 01:55 - 2013-09-18 18:01 - 05128554 _____ (Swearware) C:\Users\Frank\Downloads\ComboFix.exe
2013-09-21 01:39 - 2013-09-21 01:33 - 00000000 ____D C:\Users\Frank\Desktop\RK_Quarantine
2013-09-21 01:38 - 2013-09-21 01:38 - 00011033 _____ C:\Users\Frank\Desktop\RKreport[0]_D_09212013_013848.txt
2013-09-21 01:38 - 2013-09-21 01:38 - 00009444 _____ C:\Users\Frank\Desktop\RKreport[0]_S_09212013_013807.txt
2013-09-21 01:38 - 2011-11-02 19:37 - 00000000 ____D C:\Users\Mcx1-FRANK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 01:38 - 2011-02-27 22:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 01:38 - 2011-02-27 22:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 01:33 - 2013-09-21 01:32 - 03812352 _____ C:\Users\Frank\Downloads\RogueKillerX64.exe
2013-09-21 01:22 - 2011-05-08 00:45 - 00000448 ____H C:\Windows\Tasks\Norton Security Scan for Frank.job
2013-09-20 19:40 - 2011-12-04 12:45 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000Core.job
2013-09-20 04:50 - 2011-04-03 19:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-20 04:45 - 2013-09-18 22:06 - 00551408 _____ (McAfee, Inc.) C:\Users\Frank\Downloads\rootkitremover.exe
2013-09-19 14:55 - 2013-09-19 14:54 - 00000000 ____D C:\Users\Frank\Desktop\scrapebox
2013-09-19 14:52 - 2013-09-19 14:52 - 14290708 _____ C:\Users\Frank\Downloads\scrapebox.rar
2013-09-19 05:19 - 2013-09-19 05:19 - 00006000 _____ C:\Users\Frank\Downloads\sensibux (1).site
2013-09-19 05:12 - 2013-09-19 05:12 - 00003600 _____ C:\Users\Frank\Downloads\jollyclicks.site
2013-09-19 04:43 - 2013-09-19 04:43 - 00002944 _____ C:\Users\Frank\Downloads\ptcsmart.site
2013-09-19 04:41 - 2013-09-19 04:41 - 00005008 _____ C:\Users\Frank\Downloads\twickerz.site
2013-09-19 04:41 - 2013-09-19 04:41 - 00004704 _____ C:\Users\Frank\Downloads\hotterthanhotbux.site
2013-09-19 04:38 - 2013-09-19 04:38 - 00002800 _____ C:\Users\Frank\Downloads\hitzza.site
2013-09-19 04:35 - 2013-09-19 04:35 - 00003360 _____ C:\Users\Frank\Downloads\bux-gpx.site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Incentria.site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Clicksia (2).site
2013-09-19 03:18 - 2013-09-19 03:18 - 00006704 _____ C:\Users\Frank\Downloads\Clicksia (1).site
2013-09-18 22:14 - 2011-02-28 01:22 - 00000000 ____D C:\Dell
2013-09-18 22:01 - 2013-09-18 21:45 - 253911528 _____ C:\Users\Frank\Downloads\R268878.exe
2013-09-18 21:50 - 2013-09-18 21:16 - 00005168 _____ C:\Users\Frank\Desktop\Rkill.txt
2013-09-18 21:49 - 2013-09-18 21:49 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64-4419.com
2013-09-18 21:23 - 2013-09-18 21:23 - 05128653 _____ (Swearware) C:\Users\Frank\Downloads\ComboFix (1).exe
2013-09-18 21:17 - 2013-09-18 21:17 - 00000000 ____D C:\Users\Frank\Desktop\rkill
2013-09-18 21:16 - 2013-09-18 21:16 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill64.com
2013-09-18 18:01 - 2013-09-18 18:01 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Frank\Downloads\rkill.com
2013-09-18 18:01 - 2013-09-18 18:01 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Frank\Desktop\rkill.com
2013-09-18 05:17 - 2013-09-18 05:14 - 45038163 _____ C:\Users\Frank\Downloads\QuicklySpotProfitableNiches.zip
2013-09-18 04:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-17 22:22 - 2013-09-17 22:22 - 00211801 _____ C:\Users\Frank\Downloads\subsilver2_3.0.11.zip
2013-09-17 22:17 - 2013-08-15 03:14 - 00000000 ____D C:\Users\Frank\AppData\Local\Email_Account_Creator_Ext
2013-09-17 20:54 - 2013-09-17 20:54 - 00000661 _____ C:\Users\Frank\Desktop\New Text Document.txt
2013-09-17 20:53 - 2013-09-17 20:53 - 00000000 ____D C:\Users\Frank\Documents\iMacros
2013-09-17 19:36 - 2013-09-17 18:43 - 00022528 _____ C:\Users\Frank\Documents\illegal stuff forum.msam
2013-09-17 18:43 - 2011-06-29 02:27 - 00135168 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-09-17 16:24 - 2009-07-14 01:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 15:58 - 2013-09-17 15:58 - 00000000 ____D C:\Qoobox
2013-09-17 15:43 - 2011-11-02 19:35 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-09-17 15:19 - 2013-09-17 15:19 - 00000000 ____D C:\Windows\erdnt
2013-09-17 15:17 - 2013-09-17 15:17 - 01039554 _____ C:\Users\Frank\Downloads\AdwCleaner (1).exe
2013-09-17 04:08 - 2013-09-17 04:07 - 00269764 _____ C:\Users\Frank\Downloads\jingling_159530 (1).rar
2013-09-17 04:07 - 2013-09-17 04:07 - 00269764 _____ C:\Users\Frank\Downloads\jingling_159530.rar
2013-09-17 01:26 - 2013-09-17 01:26 - 00575688 _____ C:\Users\Frank\Downloads\Player_Setup (1).exe
2013-09-17 01:00 - 2013-09-17 01:00 - 00000000 _____ C:\conversation.log
2013-09-16 23:54 - 2013-09-16 23:54 - 00000000 ____D C:\Users\Mcx1-FRANK-PC\AppData\Roaming\SecondLife
2013-09-16 23:54 - 2011-04-20 12:30 - 00000000 ____D C:\Users\Frank\AppData\Local\SecondLife
2013-09-16 23:54 - 2011-04-20 12:30 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer2
2013-09-16 23:53 - 2013-09-16 23:53 - 00001127 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2013-09-16 23:53 - 2013-09-16 23:52 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2013-09-16 23:45 - 2011-04-03 19:02 - 00000000 ____D C:\Users\Frank\AppData\Local\Deployment
2013-09-16 22:59 - 2013-09-16 22:59 - 00195968 _____ C:\Users\Frank\Downloads\RawCoupon_187683_207178_1-737885181_r_.exe
2013-09-16 20:19 - 2013-09-16 20:18 - 19362952 _____ (IObit                                                       ) C:\Users\Frank\Downloads\imfv2-setup-for-review.exe
2013-09-16 19:24 - 2013-09-14 02:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-16 01:11 - 2012-02-28 18:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-16 01:10 - 2013-09-16 00:55 - 00000000 ____D C:\Users\Frank\AppData\Roaming\UBot Studio
2013-09-16 01:10 - 2013-09-15 23:42 - 00000000 ____D C:\Users\Frank\Desktop\Truedesk
2013-09-16 00:15 - 2013-09-16 00:13 - 93746448 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\msert.exe
2013-09-16 00:12 - 2012-01-18 07:36 - 00000000 ____D C:\Program Files (x86)\REACTOR
2013-09-16 00:12 - 2011-02-27 22:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-16 00:09 - 2011-12-18 23:45 - 00000000 ____D C:\ProgramData\NexonUS
2013-09-16 00:06 - 2012-03-27 16:28 - 00000000 ____D C:\Users\Frank\AppData\Local\Unity
2013-09-15 23:55 - 2011-04-04 10:48 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-15 23:32 - 2011-04-03 18:58 - 00075216 _____ C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-15 23:31 - 2009-07-14 00:45 - 00323160 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-15 21:49 - 2013-09-15 21:48 - 07243059 _____ C:\Users\Frank\Downloads\lcars_for_rainmeter_version_2_3__june_23__by_freaky333-d63gt7v.rmskin
2013-09-15 21:44 - 2013-09-15 21:44 - 00000000 ____D C:\Users\Frank\Documents\Rainmeter
2013-09-15 21:44 - 2013-09-15 21:44 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Rainmeter
2013-09-15 21:28 - 2013-09-15 21:28 - 00000000 ____D C:\Program Files\Rainmeter
2013-09-15 21:28 - 2011-04-03 18:58 - 00000000 ___RD C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-15 21:25 - 2013-09-15 21:25 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-15 21:23 - 2013-09-15 21:23 - 01306832 _____ C:\Users\Frank\Downloads\Rainmeter-3.0-r2090-beta.exe
2013-09-15 20:01 - 2013-09-15 20:01 - 01768407 _____ C:\Users\Frank\Downloads\Mypasa.net_software.rar
2013-09-14 22:53 - 2013-09-14 22:53 - 00002883 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2013-09-14 22:53 - 2013-09-14 22:53 - 00000000 ____D C:\Program Files (x86)\HitLeap
2013-09-14 22:51 - 2013-09-14 22:50 - 27656192 _____ C:\Users\Frank\Downloads\HitLeap Viewer.msi
2013-09-14 07:05 - 2013-09-14 07:05 - 00575728 _____ C:\Users\Frank\Downloads\Player_Setup.exe
2013-09-14 05:50 - 2013-09-14 05:50 - 02685960 _____ (Eovendo) C:\Users\Frank\Downloads\eovendo01 (1).exe
2013-09-14 03:32 - 2013-09-14 03:32 - 00688992 ____R (Swearware) C:\Users\Frank\Downloads\dds.com
2013-09-14 02:47 - 2013-09-14 02:47 - 02777563 _____ C:\Users\Frank\Downloads\NeobuxUltimateStrategy.zip
2013-09-14 02:43 - 2013-09-14 02:41 - 18570816 _____ (COMODO) C:\Users\Frank\Downloads\CCS_Setup_2.0.162151.21_xp_vista_server2003_win7.exe
2013-09-14 02:35 - 2013-09-14 02:35 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-09-14 02:32 - 2013-09-14 02:31 - 37672592 _____ (Safer-Networking Ltd.                                       ) C:\Users\Frank\Downloads\spybotsd-2.1.21-SR2.exe
2013-09-13 23:57 - 2013-09-13 23:57 - 00000000 _____ C:\Windows\setuperr.log
2013-09-13 23:10 - 2011-04-06 00:56 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-09-13 23:08 - 2011-04-22 20:35 - 00000000 ____D C:\Users\Frank\AppData\Roaming\TuneUp Software
2013-09-13 23:05 - 2011-02-27 23:09 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-13 22:53 - 2013-09-13 22:53 - 04425448 _____ (AVG Technologies) C:\Users\Frank\Downloads\avg_free_stb_all_2014_4116_cnet.exe
2013-09-13 22:53 - 2013-09-13 22:53 - 00000000 ____D C:\Users\Frank\AppData\Local\MFAData
2013-09-13 22:49 - 2012-02-28 19:04 - 00002243 _____ C:\Windows\epplauncher.mif
2013-09-13 21:23 - 2011-07-12 08:03 - 00000000 ____D C:\Users\Frank\Tracing
2013-09-13 21:19 - 2011-04-03 23:21 - 00000000 ____D C:\Users\Frank\AppData\Roaming\uTorrent
2013-09-13 18:09 - 2013-09-13 18:08 - 00000000 ____D C:\Users\Frank\Downloads\Car Thief 5 Breaking Through
2013-09-13 17:42 - 2013-09-13 17:42 - 00026020 _____ C:\Users\Frank\Downloads\[kickass.to]pc.games.car.thief.5.1.breaking.through.torrent
2013-09-13 16:51 - 2013-09-13 16:51 - 00000000 ____D C:\Windows\Temp2CD8F996-F8C6-C2A9-9354-61A25F66D60C-Signatures
2013-09-13 16:42 - 2013-09-11 06:13 - 00000000 ____D C:\ProgramData\BOINC
2013-09-13 16:40 - 2011-04-03 18:58 - 00000000 ____D C:\Users\Frank
2013-09-13 03:46 - 2013-09-13 03:44 - 05205788 _____ C:\Users\Frank\Downloads\Backlinks Booster.zip
2013-09-13 02:58 - 2012-03-23 20:02 - 00000000 ____D C:\Users\Frank\AppData\Roaming\FileZilla
2013-09-13 02:51 - 2013-09-13 02:51 - 00001182 _____ C:\Users\Frank\Downloads\sitemap.xml.gz
2013-09-13 02:49 - 2013-09-13 02:49 - 00595614 _____ C:\Users\Frank\Downloads\google-sitemap-generator.3.2.9.zip
2013-09-13 02:45 - 2013-09-13 02:45 - 00000053 _____ C:\Users\Frank\Downloads\google60c7c135407b357b.html
2013-09-13 02:45 - 2013-09-13 02:45 - 00000053 _____ C:\Users\Frank\Downloads\google60c7c135407b357b (1).html
2013-09-13 01:54 - 2013-09-13 01:54 - 00419720 _____ C:\Users\Frank\Downloads\Apparition_1_6_1.zip
2013-09-13 01:51 - 2013-09-13 01:51 - 00582603 _____ C:\Users\Frank\Downloads\bleu.rar
2013-09-13 00:52 - 2013-09-13 00:52 - 00568004 _____ C:\Users\Frank\Downloads\metro_for_steam___3_1_1_by_boneyardbrew-d4u3kjv.zip
2013-09-13 00:48 - 2013-09-13 00:47 - 01747282 _____ C:\Users\Frank\Downloads\NMRiH_SteamSkin_V1.zip
2013-09-13 00:33 - 2013-09-13 00:33 - 00002314 _____ C:\Users\Frank\Downloads\front-page-excluded-categories.1.1.1.zip
2013-09-13 00:19 - 2013-09-13 00:19 - 00218792 _____ C:\Users\Frank\Downloads\lost-coast.1.0.zip
2013-09-13 00:12 - 2013-09-13 00:12 - 00095647 _____ C:\Users\Frank\Downloads\greenygrass.zip
2013-09-13 00:12 - 2013-09-13 00:12 - 00095647 _____ C:\Users\Frank\Downloads\greenygrass (1).zip
2013-09-12 22:58 - 2013-09-12 22:58 - 00020680 _____ C:\Users\Frank\Downloads\[kickass.to]22.steam.skins.torrent
2013-09-12 21:31 - 2013-09-12 21:31 - 02685960 _____ (Eovendo) C:\Users\Frank\Downloads\eovendo01.exe
2013-09-12 20:59 - 2013-09-12 20:58 - 00975586 _____ C:\Users\Frank\Downloads\theperfectsiteguide (1).zip
2013-09-12 01:05 - 2013-09-12 01:05 - 00436499 _____ C:\Users\Frank\Downloads\League_Of_Legends_Collage.zip
2013-09-11 23:23 - 2013-09-11 23:23 - 00313221 _____ C:\Users\Frank\Downloads\PBux V1.3.rar
2013-09-11 23:23 - 2013-09-11 23:23 - 00313221 _____ C:\Users\Frank\Downloads\PBux V1.3 (1).rar
2013-09-11 22:20 - 2013-09-11 06:13 - 00000000 ____D C:\Program Files\BOINC
2013-09-11 06:13 - 2013-09-11 06:13 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOINC
2013-09-11 06:11 - 2013-09-11 06:11 - 00000000 ____D C:\Windows\Downloaded Installations
2013-09-11 02:29 - 2013-09-10 23:58 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Bitcoin
2013-09-10 23:58 - 2013-09-10 23:58 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-09-10 23:58 - 2013-09-10 23:58 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2013-09-10 22:38 - 2013-09-10 22:00 - 00486400 _____ C:\Users\Frank\Documents\buy a cheap laptop.msam
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MarketSamurai
2013-09-10 21:59 - 2013-09-10 21:59 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-09-10 21:58 - 2011-04-03 19:45 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Adobe
2013-09-10 21:58 - 2011-02-27 22:49 - 00000000 ____D C:\ProgramData\Adobe
2013-09-10 21:57 - 2013-09-10 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-10 21:57 - 2013-09-10 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-10 21:57 - 2011-02-27 22:49 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-10 21:56 - 2011-04-30 15:00 - 00000000 ____D C:\Users\Frank\AppData\Local\Adobe
2013-09-10 21:55 - 2013-09-10 21:55 - 03700928 _____ C:\Users\Frank\Downloads\MarketSamurai.0.92.70.air
2013-09-10 21:03 - 2013-09-10 21:03 - 00171712 _____ C:\Users\Frank\Downloads\diddlydoes,.zip
2013-09-10 18:51 - 2013-09-10 18:51 - 00000053 _____ C:\Users\Frank\Downloads\googlea7aeb1de54046a71.html
2013-09-10 18:51 - 2013-09-10 18:51 - 00000053 _____ C:\Users\Frank\Downloads\googlea7aeb1de54046a71 (1).html
2013-09-10 17:16 - 2013-09-10 17:16 - 00082456 _____ C:\Users\Frank\Downloads\generator.rar
2013-09-10 16:31 - 2013-09-10 16:31 - 00034346 _____ C:\Users\Frank\Downloads\Spambot (1).jar
2013-09-10 05:10 - 2013-09-10 04:56 - 00143300 _____ C:\Windows\vssetup.ttf
2013-09-10 05:10 - 2013-09-10 04:56 - 00001409 _____ C:\Windows\vssetup.for
2013-09-10 04:49 - 2013-09-10 04:49 - 00000000 ____D C:\Windows\Java
2013-09-10 01:58 - 2013-09-10 01:58 - 00012919 _____ C:\Users\Frank\Downloads\[kickass.to]visual.basic.6.0.enterprise.edition.a4.torrent
2013-09-10 01:55 - 2013-09-10 01:55 - 00014050 _____ C:\Users\Frank\Downloads\[kickass.to]visual.basic.6.enterprise.edition.w.serial.torrent
2013-09-10 00:33 - 2013-09-10 00:33 - 00258529 _____ C:\Users\Frank\Downloads\xbox_theme.zip
2013-09-09 20:47 - 2013-09-09 20:47 - 00152750 _____ C:\Users\Frank\Downloads\ultra_xbox_360.zip
2013-09-09 19:29 - 2011-02-27 22:53 - 00000000 ____D C:\ProgramData\Sonic
2013-09-09 19:25 - 2012-02-28 18:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-09 04:24 - 2013-09-09 04:24 - 00015720 _____ C:\Users\Frank\Downloads\_AddMeFast Scripts by last_ed.rar
2013-09-09 03:13 - 2013-09-09 03:13 - 02467424 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher64(1).exe
2013-09-09 03:04 - 2013-09-09 03:04 - 00000036 _____ C:\Users\Frank\AppData\Local\housecall.guid.cache
2013-09-09 03:02 - 2013-09-09 03:01 - 02467424 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher64.exe
2013-09-09 02:46 - 2013-09-09 02:45 - 00000000 ____D C:\Windows\Temp7532E3DF-F7A2-F6F2-8956-D038AD1F7E7D-Signatures
2013-09-09 02:43 - 2013-09-09 02:43 - 13813944 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\mseinstall.exe
2013-09-09 02:35 - 2013-09-09 02:34 - 00347424 _____ (Microsoft Corporation) C:\Users\Frank\Downloads\MicrosoftFixit.WindowsFirewall.RNP.194302139176858917.1.1.Run.exe
2013-09-09 02:33 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-09-09 00:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system
2013-09-09 00:14 - 2013-09-09 00:14 - 00303728 _____ (SummerSoft) C:\Users\Frank\Downloads\MSWINSCK.OCX.exe
2013-09-09 00:07 - 2013-09-09 00:07 - 00201590 _____ C:\Users\Frank\Downloads\donut_http_flooder_1.4.rar
2013-09-08 21:53 - 2013-09-08 21:53 - 02049128 _____ (Trend Micro Inc.) C:\Users\Frank\Downloads\HousecallLauncher.exe
2013-09-08 21:06 - 2013-09-08 21:06 - 03287648 _____ C:\Users\Frank\Downloads\Ultimate Bitvisitor Bot_106.zip
2013-09-08 03:01 - 2013-09-08 03:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-09-08 02:54 - 2011-04-03 19:59 - 00000000 ____D C:\Users\Frank\AppData\Local\Google
2013-09-08 02:54 - 2011-04-03 19:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-07 15:03 - 2013-09-07 15:03 - 02716962 _____ (                                                            ) C:\Users\Frank\Downloads\SecurityKISSsetup.exe
2013-09-07 00:45 - 2013-09-07 00:45 - 00975586 _____ C:\Users\Frank\Downloads\theperfectsiteguide.zip
2013-09-07 00:40 - 2013-09-07 00:40 - 00034346 _____ C:\Users\Frank\Downloads\Spambot.jar
2013-09-06 23:29 - 2013-09-06 23:29 - 02174831 _____ C:\Users\Frank\Downloads\LiveCodeGenerator2013_09.zip
2013-09-06 23:22 - 2013-09-06 23:21 - 00825776 _____ (AirInstaller                                  ) C:\Users\Frank\Downloads\setup (1).exe
2013-09-06 20:27 - 2013-09-06 20:13 - 00000000 ____D C:\Program Files (x86)\Red Alert 2 Yuri's Revenge
2013-09-06 20:26 - 2013-09-06 20:26 - 00023259 _____ C:\Users\Frank\Downloads\wsock32.zip
2013-09-06 20:21 - 2011-04-06 02:45 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-09-06 20:17 - 2013-09-06 20:17 - 00020823 _____ C:\Users\Frank\Downloads\dra2tr.zip
2013-09-06 20:12 - 2013-09-06 20:05 - 425959365 _____ C:\Users\Frank\Downloads\Red Alert 2 Yuri's Revenge.exe
2013-09-06 20:05 - 2013-09-06 20:05 - 00016848 _____ C:\Users\Frank\Downloads\[kickass.to]red.alert.2.yuri.s.revenge.henz.torrent
2013-09-06 12:56 - 2011-04-03 19:59 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Skype
2013-09-06 12:49 - 2013-09-06 12:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-06 12:49 - 2011-04-03 19:59 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 12:43 - 2013-09-06 12:42 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Frank\Downloads\SkypeSetup.exe
2013-09-06 02:12 - 2013-09-06 02:11 - 00004288 _____ C:\Users\Frank\Downloads\clicks-fx.site
2013-09-06 01:56 - 2013-09-06 01:56 - 00002976 _____ C:\Users\Frank\Downloads\the-bux.site
2013-09-06 01:11 - 2013-09-06 01:11 - 00004832 _____ C:\Users\Frank\Downloads\7starptc.site
2013-09-06 01:04 - 2013-09-06 01:04 - 00004688 _____ C:\Users\Frank\Downloads\zeebux.site
2013-09-06 01:02 - 2013-09-06 01:01 - 00004688 _____ C:\Users\Frank\Downloads\sensibux.site
2013-09-06 00:58 - 2013-09-06 00:58 - 00003504 _____ C:\Users\Frank\Downloads\ptcsolution (1).site
2013-09-06 00:52 - 2013-09-06 00:52 - 00003344 _____ C:\Users\Frank\Downloads\nerdbux.site
2013-09-06 00:48 - 2013-09-06 00:47 - 00191814 _____ C:\Users\Frank\Downloads\sites for MC.rar
2013-09-05 21:33 - 2013-09-05 21:32 - 00000000 ____D C:\Users\Frank\Downloads\40+ ebooks
2013-09-05 04:58 - 2013-09-05 04:58 - 05072913 _____ C:\Users\Frank\Downloads\Swift Viewer (1).zip
2013-09-05 04:57 - 2013-09-05 04:57 - 05072913 _____ C:\Users\Frank\Downloads\Swift Viewer.zip
2013-09-04 20:31 - 2013-09-04 20:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-04 20:31 - 2013-09-04 20:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-03 14:23 - 2013-09-03 14:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Spiritsoft
2013-09-03 01:55 - 2013-09-03 01:55 - 00907480 _____ C:\Users\Frank\Downloads\YOS_-_Public_Bin_1_01.rar
2013-09-03 01:54 - 2013-09-03 01:52 - 00010135 _____ C:\Users\Frank\Downloads\OmegleBot!.zip
2013-09-02 22:12 - 2013-01-10 10:57 - 00000000 ____D C:\ProgramData\MediaBrowser
2013-09-02 22:10 - 2011-11-25 07:51 - 00000000 ____D C:\Fraps
2013-09-02 22:09 - 2011-08-02 02:20 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Dropbox
2013-09-02 22:08 - 2012-05-20 16:28 - 00000000 ____D C:\ProgramData\TamoSoft
2013-09-02 22:08 - 2012-05-20 16:27 - 00000000 ____D C:\Program Files (x86)\CommViewWiFi
2013-09-02 21:59 - 2013-09-02 21:59 - 00000000 ____D C:\Users\Frank\AppData\Local\avgchrome
2013-09-02 21:57 - 2013-09-02 21:57 - 00000000 ____D C:\Program Files (x86)\Subway Surfers
2013-09-02 21:55 - 2013-09-02 21:55 - 00163392 _____ () C:\Users\Frank\Downloads\7ZipSetup-4RoChrQ.exe
2013-09-02 21:55 - 2013-09-02 21:54 - 00908112 _____ C:\Users\Frank\Downloads\Subway Surfers Setup%CH_5225413c9f469612693038_.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303680 _____ (SummerSoft) C:\Users\Frank\Downloads\Cashnhits$0.6.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303648 _____ (SummerSoft) C:\Users\Frank\Downloads\gptplanet.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303648 _____ (SummerSoft) C:\Users\Frank\Downloads\Bucks247.site.exe
2013-09-01 00:25 - 2013-09-01 00:25 - 00303632 _____ (SummerSoft) C:\Users\Frank\Downloads\The-Bux.site.exe
2013-09-01 00:20 - 2013-09-01 00:20 - 00030813 _____ C:\Users\Frank\Downloads\cap (1).rar
2013-09-01 00:19 - 2013-09-01 00:19 - 00030813 _____ C:\Users\Frank\Downloads\cap.rar
2013-08-31 23:57 - 2013-08-31 23:57 - 00004640 _____ C:\Users\Frank\Downloads\monbux.site
2013-08-31 23:43 - 2013-08-31 23:43 - 00004592 _____ C:\Users\Frank\Downloads\mihabux.site
2013-08-31 23:36 - 2013-08-31 23:36 - 00004688 _____ C:\Users\Frank\Downloads\111bux.site
2013-08-31 23:32 - 2013-08-31 23:32 - 00004608 _____ C:\Users\Frank\Downloads\rollingbux.site
2013-08-31 23:31 - 2013-08-31 23:31 - 00004688 _____ C:\Users\Frank\Downloads\dssbux.site
2013-08-31 23:28 - 2013-08-31 23:28 - 00004688 _____ C:\Users\Frank\Downloads\showmethebux.site
2013-08-31 23:19 - 2013-08-31 23:19 - 00004688 _____ C:\Users\Frank\Downloads\neurosbux.site
2013-08-31 23:10 - 2013-08-31 23:10 - 00004672 _____ C:\Users\Frank\Downloads\yoyobux (1).site
2013-08-31 23:09 - 2013-08-31 23:09 - 00004672 _____ C:\Users\Frank\Downloads\yoyobux.site
2013-08-31 22:34 - 2013-08-31 22:34 - 00004688 _____ C:\Users\Frank\Downloads\etybox.site
2013-08-31 22:30 - 2013-08-31 22:30 - 00004704 _____ C:\Users\Frank\Downloads\pinoyincomebux.site
2013-08-31 21:30 - 2013-08-31 21:30 - 00004416 _____ C:\Users\Frank\Downloads\clixsense.site
2013-08-31 20:53 - 2013-08-31 20:53 - 00824744 _____ (AirInstaller                                  ) C:\Users\Frank\Downloads\Setup.exe
2013-08-31 20:48 - 2013-08-31 20:47 - 00004272 _____ C:\Users\Frank\Downloads\Cashnhits.site
2013-08-31 04:43 - 2013-08-31 04:42 - 31097224 _____ C:\Users\Frank\Downloads\40+ ebooks.zip
2013-08-30 19:52 - 2013-08-30 19:52 - 00003232 _____ C:\Users\Frank\Downloads\click-service.site
2013-08-30 19:48 - 2013-08-30 19:48 - 00003504 _____ C:\Users\Frank\Downloads\ptcsolution.site
2013-08-30 19:42 - 2013-08-30 19:42 - 00002832 _____ C:\Users\Frank\Downloads\buxshares.site
2013-08-30 19:37 - 2013-08-30 19:37 - 00003824 _____ C:\Users\Frank\Downloads\northclicks.site
2013-08-30 19:31 - 2013-08-30 19:31 - 00003536 _____ C:\Users\Frank\Downloads\easycashclicks.site
2013-08-30 19:21 - 2013-08-30 19:21 - 00002944 _____ C:\Users\Frank\Downloads\Adsclickers.site
2013-08-30 19:20 - 2013-08-30 19:20 - 00003872 _____ C:\Users\Frank\Downloads\business-ptc.site
2013-08-30 19:11 - 2013-08-30 19:11 - 00004736 _____ C:\Users\Frank\Downloads\cashons.site
2013-08-30 19:10 - 2013-08-30 19:10 - 00004144 _____ C:\Users\Frank\Downloads\hangarads.site
2013-08-30 18:53 - 2013-08-30 18:53 - 00003696 _____ C:\Users\Frank\Downloads\urbanclix.site
2013-08-30 18:42 - 2013-08-30 18:42 - 00003744 _____ C:\Users\Frank\Downloads\tulipptc.site
2013-08-30 18:40 - 2013-08-30 18:40 - 00003328 _____ C:\Users\Frank\Downloads\Theclikclub.com_ap_pp[$_5].site
2013-08-30 18:32 - 2013-08-30 18:30 - 00000000 ____D C:\Users\Frank\AppData\Local\M2PD
2013-08-27 18:43 - 2013-08-27 18:43 - 00001261 _____ C:\c1ean2up.bat
2013-08-27 18:42 - 2011-02-27 22:38 - 00000000 ____D C:\Program Files\Dell
2013-08-27 14:15 - 2011-08-10 03:44 - 00000000 ____D C:\Users\Frank\AppData\Local\Windows Live
2013-08-22 13:23 - 2013-08-22 13:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ADDiFF.com
2013-08-22 13:23 - 2013-08-22 13:23 - 00000000 ____D C:\Program Files (x86)\ADDiFF.com
2013-08-22 13:21 - 2013-08-22 13:21 - 00392040 _____ (Softonic                                        ) C:\Users\Frank\Downloads\SoftonicDownloader_for_mass-gmail-account-creator.exe
2013-08-22 13:19 - 2013-08-22 13:19 - 08640326 _____ C:\Users\Frank\Downloads\GYC.zip
2013-08-22 13:14 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Frank\AppData\Local\SkinSoft
2013-08-22 13:10 - 2013-08-22 13:10 - 04554861 _____ C:\Users\Frank\Downloads\MassGmailCreatorSetup.zip
2013-08-22 12:41 - 2013-08-22 12:41 - 00001065 _____ C:\Users\Mcx1-FRANK-PC\Desktop\MultiProxy.lnk
2013-08-22 12:40 - 2013-08-22 12:40 - 00171656 _____ C:\Users\Frank\Downloads\mproxy12.zip
2013-08-22 12:40 - 2013-08-22 12:40 - 00000000 ____D C:\Program Files (x86)\MultiProxy
2013-08-22 12:39 - 2013-08-22 12:39 - 00693352 _____ (Initex) C:\Users\Frank\Downloads\ProxyChecker.exe
2013-08-22 03:35 - 2013-08-22 03:35 - 00010053 _____ C:\Users\Frank\Downloads\DS_CursorSnakeText_10S.zip
2013-08-22 03:28 - 2013-08-22 02:33 - 00047971 _____ C:\Users\Frank\Downloads\35.zip
2013-08-22 03:19 - 2013-08-22 03:19 - 00002400 _____ C:\Users\Frank\Downloads\mouse_trail_effect.htm
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
 
Some content of TEMP:
====================
C:\Users\Frank\AppData\Local\Temp\NGM.exe
C:\Users\Frank\AppData\Local\Temp\NGMDll.dll
C:\Users\Frank\AppData\Local\Temp\NGMResource.dll
C:\Users\Frank\AppData\Local\Temp\Quarantine.exe
C:\Users\Frank\AppData\Local\Temp\scs.exe
C:\Users\Frank\AppData\Local\Temp\uninst1.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-21 03:16
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by Frank at 2013-09-21 15:58:30
Running from C:\Users\Frank\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs ======================
 
µTorrent (x32 Version: 2.2.1)
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (x32 Version: 11.4.402.278)
Adobe Reader 9.1 (x32 Version: 9.1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 1.5.1)
Apple Software Update (x32 Version: 2.1.1.116)
ASIO4ALL (x32)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Audacity 1.3.13 (Unicode) (x32)
Barbarian Invasion (x32 Version: 1.4)
Beach Head - Desert War (x32)
Beach Head 2000 (x32)
Best Buy pc app (Version: 3.1.0.0)
Best Buy pc app (x32 Version: 3.1.0.0)
Bitcoin (HKCU Version: 0.8.4)
BOINC (Version: 7.0.64)
Call of Duty® 4 - Modern Warfare™ 1.1 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.2 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.3 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.4 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (x32)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Graphics Full New (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Graphics Light (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0323.2153.37415)
Catalyst Control Center Localization All (x32 Version: 2010.0323.2153.37415)
CCC Help Chinese Standard (x32 Version: 2010.0323.2152.37415)
CCC Help Chinese Traditional (x32 Version: 2010.0323.2152.37415)
CCC Help Czech (x32 Version: 2010.0323.2152.37415)
CCC Help Danish (x32 Version: 2010.0323.2152.37415)
CCC Help Dutch (x32 Version: 2010.0323.2152.37415)
CCC Help English (x32 Version: 2010.0323.2152.37415)
CCC Help Finnish (x32 Version: 2010.0323.2152.37415)
CCC Help French (x32 Version: 2010.0323.2152.37415)
CCC Help German (x32 Version: 2010.0323.2152.37415)
CCC Help Greek (x32 Version: 2010.0323.2152.37415)
CCC Help Hungarian (x32 Version: 2010.0323.2152.37415)
CCC Help Italian (x32 Version: 2010.0323.2152.37415)
CCC Help Japanese (x32 Version: 2010.0323.2152.37415)
CCC Help Korean (x32 Version: 2010.0323.2152.37415)
CCC Help Norwegian (x32 Version: 2010.0323.2152.37415)
CCC Help Polish (x32 Version: 2010.0323.2152.37415)
CCC Help Portuguese (x32 Version: 2010.0323.2152.37415)
CCC Help Russian (x32 Version: 2010.0323.2152.37415)
CCC Help Spanish (x32 Version: 2010.0323.2152.37415)
CCC Help Swedish (x32 Version: 2010.0323.2152.37415)
CCC Help Thai (x32 Version: 2010.0323.2152.37415)
CCC Help Turkish (x32 Version: 2010.0323.2152.37415)
ccc-core-static (x32 Version: 2010.0323.2153.37415)
ccc-utility64 (Version: 2010.0323.2153.37415)
CCleaner (Version: 3.12)
Counter-Strike (x32)
Counter-Strike: Source (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Dell DataSafe Local Backup - Support Software (x32)
Dell DataSafe Local Backup (x32 Version: 9.4.47)
Dell Dock (Version: 2.0)
Dell Dock (x32 Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Product Registration (x32 Version: 1.0.6)
Dell Support Center (Version: 3.0.5621.01)
Dell Touchpad (Version: 7.1107.101.202)
Dell Webcam Central (x32 Version: 1.40.05)
Dell Wireless Driver Installation (x32 Version: 8.0)
Diner Dash (x32 Version: 1.0 (Cracked By CoffeeMan))
DirectX 9 Runtime (x32 Version: 1.00.0000)
DivX Setup (x32 Version: 2.6.0.34)
Express Burn Disc Burning Software (x32)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fallout 3 (x32 Version: 1.00.0000)
Fallout New Vegas (x32)
FileZilla Client 3.5.3 (x32 Version: 3.5.3)
FL Studio 9 (x32)
GetSavin (x32 Version: 1.1360599302)
Google Chrome (x32 Version: 29.0.1547.76)
GTA San Andreas (x32 Version: 1.00.00001)
Guitar Pro 6 (x32)
GYC Automator Ex (x32 Version: 1.0.0)
Half-Life Dedicated Server Update Tool (x32)
Hardcore (x32)
HitLeap Viewer 2.7 (x32 Version: 2.7)
Hitman 2 Silent Assassin (x32)
Homeworld (x32)
Homeworld2 (x32)
ijji - Gunz (x32)
IL Download Manager (x32)
ImgBurn (x32 Version: 2.5.6.0)
Java Auto Updater (x32 Version: 2.0.5.1)
Java™ 6 Update 23 (64-bit) (Version: 6.0.230)
Java™ 6 Update 26 (x32 Version: 6.0.260)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LAME v3.98.3 for Audacity (x32)
League of Legends (x32 Version: 1.3)
Left 4 Dead 2 (x32)
Lego Star Wars Saga (x32)
LG USB Modem Drivers (x32 Version: 4.9.7)
LG Verizon United Drivers (x32 Version: 2.4.0)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
MacroGamer 2.7.5 (x32)
Magic ISO Maker v5.5 (build 0281) (x32)
Market Samurai (x32 Version: 0.92.70)
Max Payne (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
MFC RunTime files (x32 Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.0.19.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
mIRC (x32 Version: 7.19)
Mozilla Firefox 4.0.1 (x86 en-US) (x32 Version: 4.0.1)
MPlayer (remove only) (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Need for Speed™ Carbon (x32)
Need For Speed™ World (x32 Version: 1.0.0.41)
Network Stumbler 0.4.0 (remove only) (x32)
Norton Security Scan (x32 Version: 3.1.1.6)
PhotoShowExpress (x32 Version: 2.0.063)
PoiZone (x32)
Project64 1.6 (x32 Version: 1.6)
Quickset64 (Version: 10.6.1)
Rainmeter (x32 Version: 3.0 beta r2090)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6110)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30109)
Rome - Total War™ (x32 Version: 1.0)
Rosetta Stone Ltd Services (x32 Version: 2.2.1.1)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Safari (x32 Version: 5.33.21.1)
San Andreas Mod Installer (x32 Version: 1.1)
Sawer (x32)
SecondLifeViewer (remove only) (x32)
Simple Port Forwarding (x32 Version: 3.2.4)
Skype™ 6.7 (x32 Version: 6.7.102)
SmartFTP Client (Version: 4.0.1176.0)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (x32 Version: 4.0)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SpeedFan (remove only) (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Spybot - Search & Destroy (x32 Version: 2.1.21)
Star Wars Empire at War (x32 Version: 1.0)
Star Wars Empire at War Forces of Corruption (x32 Version: 1.0)
Star Wars®: Knights of the Old Republic ™ (x32)
Steam (x32 Version: 1.0.0.0)
Switch Sound File Converter (x32)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab CYRI (x32 Version: 4.5.1.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client
TeamViewer 7 (x32 Version: 7.0.12799)
The Elder Scrolls V - Skyrim version 1.0 (x32 Version: 1.0)
The Godfather™ The Game (x32)
Tibia (x32 Version: 9.00)
Tom Clancy's Rainbow Six 3: Raven Shield (x32 Version: 1.00.000)
Toxic Biohazard (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 1.1.10 (x32 Version: 1.1.10)
Wheel of Fortune 2 (remove only) (x32)
Winamp (x32 Version: 5.61 )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
 
==================== Restore Points  =========================
 
17-09-2013 21:17:59 Scheduled Checkpoint
21-09-2013 06:21:37 Windows Update
21-09-2013 06:22:00 Removed AVG 2014
21-09-2013 06:34:48 Removed AVG 2014
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-09-21 02:19 - 00000741 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {087D6C6A-DE61-4385-9269-9D85C2399FAE} - System32\Tasks\{349C857B-D216-4D4C-B7BE-5EDB0F9D0445} => F:\Install.exe
Task: {0D505FEF-7B77-4FF2-8671-84949D87EBF0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000UA => C:\Users\Frank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {3D243AF8-801F-4DE2-9569-6E45092F3C02} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-FRANK-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {3D60BDE9-BA11-4611-B824-EC3E1839B406} - System32\Tasks\{0CC9A246-F59E-41D4-A8D5-9ADD15417CF0} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-07-25] (Skype Technologies S.A.)
Task: {3FE853EB-803B-42EF-B126-C4AC305226FB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {72AFFC4F-94DF-43BA-9D95-C14134B340B9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000Core => C:\Users\Frank\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {8896C1F3-33C3-4194-B5CB-AC64FA41BFFE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {ACED1192-062F-414A-A914-345804836937} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03] (Google Inc.)
Task: {AEF5AD86-4156-43D0-A96F-2F8AB90AB1CD} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {B3CA071E-2259-4A4A-8AC1-10EA42365DF0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03] (Google Inc.)
Task: {B6DAFEFF-0CD3-4578-AD04-7E8D78CB15FA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D1F94D17-1FF3-4AFD-9AE3-0476AD51ED5F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {D91EDE0F-B82E-469D-A4D7-9DA4BD9E3E7D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2009-07-13] (Microsoft Corporation)
Task: {E1443D49-FCB6-44F5-B038-CBD746AC76BB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-13] (Microsoft Corporation)
Task: {E70C28F5-77B4-4728-8CE2-9CE87581E45F} - System32\Tasks\Norton Security Scan for Frank => C:\Program Files (x86)\Norton Security Scan\Engine\3.1.1.6\Nss.exe [2011-04-01] (Symantec Corporation)
Task: {EFDF50C3-E5C4-4B80-B235-4BB00638A341} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-08-04] (Microsoft Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000Core.job => C:\Users\Frank\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-219520508-3467411778-4029630514-1000UA.job => C:\Users\Frank\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Frank.job => C:\PROGRA~2\NORTON~2\Engine\311~1.6\Nss.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-13 20:22 - 2009-07-13 21:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2011-02-27 23:59 - 2010-02-26 11:32 - 00100352 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3734.37510__90ba9c70f846762e\MOM.Implementation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3734.37385__90ba9c70f846762e\LOG.Foundation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3734.37389__90ba9c70f846762e\LOG.Foundation.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3734.37508__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3734.37391__90ba9c70f846762e\MOM.Foundation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3734.37390__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3734.37509__90ba9c70f846762e\CCC.Implementation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00015360 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3734.37387__90ba9c70f846762e\NEWAEM.Foundation.dll
2013-09-15 09:11 - 2013-09-15 09:11 - 00751288 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2011-02-27 23:59 - 2010-02-26 11:32 - 00100352 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\VXDIF.DLL
2011-02-27 22:34 - 2011-02-27 22:34 - 00098304 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3734.37386__90ba9c70f846762e\CLI.Foundation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3734.37397__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3734.37510__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3734.37395__90ba9c70f846762e\CLI.Component.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3734.37392__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3734.37391__90ba9c70f846762e\CLI.Foundation.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3734.37391__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3734.37394__90ba9c70f846762e\AEM.Server.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3734.37394__90ba9c70f846762e\AEM.Server.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3734.37526__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3734.37516__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3734.37387__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00006144 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3734.37393__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00006656 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3734.37397__90ba9c70f846762e\DEM.Graphics.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00380928 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3734.37399__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00151552 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3734.37390__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3734.37398__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00008192 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3734.37392__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00007168 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3734.37396__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00069632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3734.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00077824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3734.37491__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3734.37409__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00008704 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3734.37422__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3734.37397__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3734.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3734.37420__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3734.37429__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3734.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3734.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3734.37463__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3734.37409__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3734.37451__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3734.37409__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3734.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3734.37420__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3734.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00013312 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3734.37562__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00013824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3734.37564__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3734.37516__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00102400 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3734.37453__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3734.37484__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3734.37442__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3734.37408__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3734.37490__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3734.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00009728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3734.37518__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3734.37517__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3734.37452__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00053248 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3734.37451__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00007168 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3734.37395__90ba9c70f846762e\APM.Server.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3734.37388__90ba9c70f846762e\APM.Foundation.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3734.37393__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3734.37525__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00005632 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3734.37393__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3734.37415__90ba9c70f846762e\CLI.Component.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3734.37402__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00007680 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3734.37388__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3734.37389__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00011776 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3734.37415__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3734.37416__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3734.37416__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3734.37473__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00409600 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3734.37482__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3734.37430__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 01708032 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3734.37561__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00204800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3734.37424__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 01220608 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3734.37405__90ba9c70f846762e\CLI.Component.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3734.37388__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00010240 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3734.37403__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2010-03-08 13:02 - 2010-03-08 13:02 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3734.37408__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3734.37408__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00065536 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3734.37519__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00196608 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3734.37424__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 01294336 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3734.37556__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3734.37461__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00397312 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3734.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00323584 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3734.37463__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00356352 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3734.37472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00573440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3734.37425__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00856064 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3734.37455__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00184320 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3734.37564__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
2011-02-27 22:34 - 2011-02-27 22:34 - 00118784 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3734.37517__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2011-03-28 14:48 - 2011-03-28 14:48 - 00482176 _____ (SmartSoft Ltd.) C:\Program Files\SmartFTP Client\sfShellTools.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-02-27 23:09 - 2010-08-11 20:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2011-01-20 05:19 - 2011-01-20 05:19 - 01455424 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTCommonRes.dll
2011-01-20 05:20 - 2011-01-20 05:20 - 02834240 _____ (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\Engine.dll
2010-11-29 03:38 - 2010-11-29 03:38 - 00292160 _____ (DT Soft Ltd.) C:\Program Files (x86)\DAEMON Tools Lite\ImgEngine.dll
2013-09-14 02:33 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-14 02:33 - 2013-05-16 10:55 - 03643800 _____ (Project JEDI) C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
2013-09-14 02:33 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-01-08 09:41 - 2012-01-08 09:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-21 06:31 - 2013-09-16 23:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll
2013-09-21 06:31 - 2013-09-16 23:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll
2013-09-21 06:31 - 2013-09-16 23:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
2013-09-21 06:31 - 2013-09-16 23:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
2013-09-21 06:31 - 2013-09-16 23:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) ======
 
AlternateDataStreams: C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2013 03:57:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:52:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:47:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:42:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:37:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:32:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
Error: (09/21/2013 03:27:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (09/21/2013 03:57:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:52:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:47:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:42:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:37:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:32:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (09/21/2013 03:27:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-01-24 02:07:35.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-24 02:07:35.500
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-21 04:24:25.400
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-21 04:24:25.330
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-21 03:43:04.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-21 03:43:04.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-19 01:48:38.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-19 01:48:38.448
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-18 06:44:16.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-18 06:44:16.606
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 2811.82 MB
Available physical RAM: 1229.74 MB
Total Pagefile: 12809.93 MB
Available Pagefile: 10877.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:11.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E730FC41)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users