Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suddenly my freshly-formatted computer is running slowly/suspicious activity


  • This topic is locked This topic is locked
12 replies to this topic

#1 nielsenja

nielsenja

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 21 February 2014 - 04:17 AM

Computer is running extremely slow all of a sudden (think husband installed some random stuff he clicked on and it possibly contained malware?), keep getting suspicious popups about a program called LVMaintenance needing to run and my browser proxy setting keeps getting switched so that I can't access websites.

 

Getting interstitial ads and other weird popups from pretty much every website I visit.

 

Thank you in advance for any help you can provide!

 

 

DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518
Run by Jon at 1:11:30 on 2014-02-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.5509 [GMT -8:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Windows\system32\EscSvc64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe
C:\Users\Jon\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:39423;https=127.0.0.1:39423
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Facebook Update] "C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [ContentExplorer] "C:\Users\Jon\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
uRun: [LVMaintenance] C:\Users\Jon\AppData\Roaming\LVMaintenance\LVMaintenance.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Spotify Web Helper] "C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [Auto Tuning] "C:\Program Files (x86)\ASUS\Auto Tuning\AutoTuning.exe" -b
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Jon\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETFUJ~1.LNK - C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{E43657DF-DE98-4AA1-810F-6432CEB5F554} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-1-17 84536]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-1-17 66616]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 178448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2014-1-17 96896]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-1-19 135824]
R2 FFPCAutoSave;FUJIFILM PC AutoSave;C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [2013-2-28 94208]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-1-17 539240]
R3 SSMO4Filter;MMO-4 Mouse;C:\Windows\System32\drivers\MO4Driver.sys [2011-7-27 21504]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2014-1-17 1349232]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-1-17 46136]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-1-24 88400]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-2-15 477960]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-18 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-18 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-02-21 00:03:41 -------- d-----w- C:\Users\Jon\AppData\Local\InfiniteCrisis
2014-02-20 23:32:09 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B6D326-E92D-4809-A463-EFF0F9381656}\offreg.dll
2014-02-20 23:08:07 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-20 23:00:53 -------- d-----w- C:\Users\Jon\AppData\Local\Turbine
2014-02-20 22:55:54 -------- d-----w- C:\ProgramData\Turbine
2014-02-20 22:55:53 -------- d-----w- C:\Program Files (x86)\InfiniteCrisis
2014-02-20 22:08:43 -------- d-----w- C:\Program Files\Enigma Software Group
2014-02-20 22:08:10 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-20 22:08:08 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-02-20 21:45:51 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
2014-02-20 21:45:44 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-20 21:45:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-20 21:45:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-20 21:45:24 -------- d-----w- C:\Users\Jon\AppData\Local\Programs
2014-02-20 21:25:43 -------- d-----w- C:\Windows\ERUNT
2014-02-20 21:15:22 -------- d-----w- C:\AdwCleaner
2014-02-20 21:13:53 -------- d-----w- C:\Program Files (x86)\mSeven Software
2014-02-20 21:11:25 -------- d-----w- C:\Users\Jon\AppData\Local\Spotify
2014-02-20 21:08:37 -------- d-----w- C:\Users\Jon\AppData\Roaming\Spotify
2014-02-18 10:42:37 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8B6D326-E92D-4809-A463-EFF0F9381656}\mpengine.dll
2014-02-16 20:14:18 -------- d-----w- C:\Users\Jon\AppData\Local\SWTOR
2014-02-16 07:19:20 -------- d-----w- C:\ProgramData\BitRaider
2014-02-16 07:19:03 -------- d-----w- C:\Users\Jon\AppData\Local\SWTORPerf
2014-02-13 03:00:59 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2014-02-13 03:00:59 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2014-02-13 02:52:24 -------- d-----w- C:\Program Files (x86)\Origin Games
2014-02-13 02:51:58 -------- d-----w- C:\Users\Jon\AppData\Roaming\Origin
2014-02-13 02:51:56 -------- d-----w- C:\Users\Jon\AppData\Local\Origin
2014-02-13 02:50:22 -------- d-----w- C:\ProgramData\Origin
2014-02-13 02:50:21 -------- d-----w- C:\ProgramData\Electronic Arts
2014-02-13 02:50:12 -------- d-----w- C:\Program Files (x86)\Origin
2014-02-12 15:47:35 -------- d-----w- C:\Program Files (x86)\PFPortChecker
2014-02-12 15:47:32 -------- d-----w- C:\Users\Jon\AppData\Roaming\LVMaintenance
2014-02-12 15:47:16 -------- d-----w- C:\Users\Jon\AppData\Roaming\ContentExplorer
2014-02-12 15:47:05 -------- d-----w- C:\Users\Jon\AppData\Local\StormAlerts
2014-02-12 15:31:46 -------- d-----w- C:\Windows\pss
2014-02-12 11:01:01 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 11:01:01 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 10:53:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-11 20:40:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-11 20:40:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-11 18:32:23 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-02-11 18:30:03 -------- d-----w- C:\Program Files\AMD
2014-02-11 18:28:30 -------- d-----w- C:\ProgramData\Package Cache
2014-02-11 18:27:29 -------- d-----w- C:\AMD
2014-02-11 18:20:35 -------- d-----w- C:\Users\Jon\AppData\Local\Facebook
2014-02-11 18:09:37 -------- d-----w- C:\Users\Jon\AppData\Roaming\library_dir
2014-02-11 18:09:21 -------- d-----w- C:\Users\Jon\AppData\Roaming\Raptr
2014-02-11 18:07:58 -------- d-----w- C:\Program Files (x86)\Raptr
2014-02-11 17:13:00 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2014-02-11 17:09:58 -------- d-----w- C:\Users\Jon\AppData\Roaming\Guild Wars 2
2014-02-11 15:38:27 -------- d-----w- C:\Users\Jon\AppData\Local\Blizzard
2014-02-03 20:07:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
2014-02-03 20:04:17 -------- d--h--w- C:\ArcTemp
2014-02-03 20:01:45 -------- d-----w- C:\Users\Jon\AppData\Roaming\Arc
2014-02-03 20:01:19 -------- d-----w- C:\Program Files (x86)\Perfect World Entertainment
2014-02-03 05:44:42 -------- d-----w- C:\Users\Jon\AppData\Local\Apple Computer
2014-02-03 05:44:24 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-02-03 05:44:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-03 05:44:13 -------- d-----w- C:\Program Files\iTunes
2014-02-03 05:44:13 -------- d-----w- C:\Program Files\iPod
2014-02-03 05:44:13 -------- d-----w- C:\Program Files (x86)\iTunes
2014-02-03 05:36:50 -------- d-----w- C:\Program Files\Bonjour
2014-02-03 05:36:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-02-03 05:24:03 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-03 05:24:03 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-03 05:24:03 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-03 05:24:03 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-03 05:24:03 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-28 05:06:05 -------- d-----w- C:\Users\Jon\AppData\Roaming\Imagic507N
2014-01-28 05:05:33 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-28 05:05:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-01-28 05:05:33 1060864 ----a-w- C:\Windows\SysWow64\MFC71.dll
2014-01-28 05:05:33 1047552 ----a-w- C:\Windows\SysWow64\MFC71u.dll
2014-01-28 05:05:32 98304 ----a-w- C:\Windows\SysWow64\l3codecx.ax
2014-01-28 05:05:32 1712128 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2014-01-28 05:05:32 -------- d-----w- C:\Program Files (x86)\Common Files\ST System Shared
2014-01-28 05:04:24 89448 ----a-w- C:\Windows\SysWow64\Skbase40.dll
2014-01-28 05:04:24 222568 ----a-w- C:\Windows\SysWow64\skjpeg40.dll
2014-01-28 05:04:23 -------- d-----w- C:\Program Files (x86)\Movavi
2014-01-28 04:58:19 -------- d-----w- C:\Users\Jon\AppData\Roaming\FUJI FILM
2014-01-28 04:51:17 -------- d-----w- C:\Users\Jon\AppData\Local\FUJIFILM
2014-01-28 04:22:09 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2014-01-28 04:21:57 -------- d-----w- C:\ProgramData\FUJIFILM
2014-01-28 04:21:51 -------- d-----w- C:\Program Files (x86)\FUJIFILM
2014-01-28 04:18:41 -------- d-----w- C:\Users\Jon\AppData\Local\Apple
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-18 13:01:01 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-18 05:44:53 0 ----a-w- C:\Windows\ativpsrm.bin
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-18 14:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-07 00:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-07 00:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH:  1:12:09.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 23 February 2014 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 nielsenja

nielsenja
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 23 February 2014 - 11:47 AM

Thanks for the quick reply, here are the requested logs:

 

(attached: Attached File  Addition.txt   37.78KB   1 downloads)

 

# AdwCleaner v3.019 - Report created 23/02/2014 at 08:30:53
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jon - JON-PC
# Running from : C:\Users\Jon\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1049 octets] - [20/02/2014 13:15:38]
AdwCleaner[R1].txt - [872 octets] - [21/02/2014 01:02:27]
AdwCleaner[R2].txt - [734 octets] - [23/02/2014 08:30:53]
AdwCleaner[S0].txt - [960 octets] - [20/02/2014 13:16:24]
AdwCleaner[S1].txt - [932 octets] - [21/02/2014 01:03:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [911 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jon on Sun 02/23/2014 at  8:37:21.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/23/2014 at  8:41:37.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 01
Ran by Jon (administrator) on JON-PC on 23-02-2014 08:43:34
Running from C:\Users\Jon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Spotify Ltd) C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(FUJIFILM Corporation.) C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\Manager.exe
(Facebook) C:\Users\Jon\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2413128 2010-06-11] (Logitech Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2489456 2010-12-17] (VIA)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863400 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502952 2012-07-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Auto Tuning] - C:\Program Files (x86)\ASUS\Auto Tuning\AutoTuning.exe [1220736 2010-04-16] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [Raptr] - C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-02-17] (Raptr, Inc)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-07-28] (AMD)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [Facebook Update] - C:\Users\Jon\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-11] (Facebook Inc.)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [ContentExplorer] - C:\Users\Jon\AppData\Roaming\ContentExplorer\ContentExplorer.exe [440592 2014-02-05] (ContentExplorer)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [LVMaintenance] - C:\Users\Jon\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-01-01] ()
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3598680 2014-02-20] (Electronic Arts)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [Spotify Web Helper] - C:\Users\Jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-20] (Spotify Ltd)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\MountPoints2: {ceae733f-7ffc-11e3-9d77-806e6f6e6963} - D:\setup.exe
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Jon\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:32367;https=127.0.0.1:32367
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gears.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-18]
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-19]
CHR Extension: (Adblock Plus) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-17]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-19]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-01-17]
CHR Extension: (Google Calendar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-19]
CHR Extension: (Safe Money) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-01-17]
CHR Extension: (Content Blocker) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-01-17]
CHR Extension: (Google Keep) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-01-19]
CHR Extension: (Virtual Keyboard) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-19]
CHR Extension: (Anti-Banner) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-01-17]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jon\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-24] (Perfect World Entertainment Inc)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-15] (BitRaider, LLC)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 FFPCAutoSave; C:\Program Files (x86)\FUJIFILM\FUJIFILM PC AutoSave\PCAutoSaveSv.exe [94208 2013-02-28] (FUJIFILM Corporation.)
 
==================== Drivers (Whitelisted) ====================
 
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-23] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SSMO4Filter; C:\Windows\System32\drivers\MO4Driver.sys [21504 2011-07-27] (Sagatek Co. Ltd.)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-23 08:43 - 2014-02-23 08:43 - 00017297 _____ () C:\Users\Jon\Desktop\FRST.txt
2014-02-23 08:43 - 2014-02-23 08:43 - 00000000 ____D () C:\FRST
2014-02-23 08:42 - 2014-02-23 08:42 - 02155520 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2014-02-23 08:41 - 2014-02-23 08:41 - 00000631 _____ () C:\Users\Jon\Desktop\JRT.txt
2014-02-23 08:36 - 2014-02-23 08:36 - 01037734 _____ (Thisisu) C:\Users\Jon\Desktop\JRT.exe
2014-02-23 08:31 - 2014-02-23 08:31 - 00000990 _____ () C:\Users\Jon\Desktop\AdwCleaner[R2].txt
2014-02-23 08:30 - 2014-02-23 08:30 - 01241834 _____ () C:\Users\Jon\Desktop\adwcleaner.exe
2014-02-20 16:03 - 2014-02-20 16:13 - 00000000 ____D () C:\Users\Jon\Documents\InfiniteCrisis
2014-02-20 16:03 - 2014-02-20 16:04 - 00000000 ____D () C:\Users\Jon\AppData\Local\InfiniteCrisis
2014-02-20 15:08 - 2014-02-20 15:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-20 15:00 - 2014-02-20 15:00 - 00000000 ____D () C:\Users\Jon\AppData\Local\Turbine
2014-02-20 14:55 - 2014-02-20 15:54 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-02-20 14:55 - 2014-02-20 14:55 - 00000000 ____D () C:\ProgramData\Turbine
2014-02-20 14:38 - 2014-02-20 15:22 - 00000000 ____D () C:\Users\Jon\Documents\Diablo III
2014-02-20 14:09 - 2014-02-20 14:09 - 00000000 _____ () C:\autoexec.bat
2014-02-20 14:08 - 2014-02-20 14:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-20 14:08 - 2014-02-20 14:08 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Malwarebytes
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-20 13:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-20 13:25 - 2014-02-20 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 13:15 - 2014-02-23 08:31 - 00000000 ____D () C:\AdwCleaner
2014-02-20 13:13 - 2014-02-20 13:13 - 00000000 ____D () C:\Program Files (x86)\mSeven Software
2014-02-20 13:11 - 2014-02-20 13:14 - 00000000 ____D () C:\Users\Jon\AppData\Local\Spotify
2014-02-20 13:11 - 2014-02-20 13:11 - 00001743 _____ () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-20 13:08 - 2014-02-21 12:44 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Spotify
2014-02-16 12:14 - 2014-02-16 12:14 - 00000000 ____D () C:\Users\Jon\AppData\Local\SWTOR
2014-02-15 23:19 - 2014-02-22 16:26 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-15 23:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-15 23:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\Jon\AppData\Local\SWTORPerf
2014-02-15 05:46 - 2014-02-15 05:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-15 05:46 - 2014-02-15 05:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-13 01:04 - 2014-02-13 01:04 - 00003012 _____ () C:\Windows\System32\Tasks\{D306512D-BD17-4BDE-AF7D-5141DD7F208D}
2014-02-12 19:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-12 19:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-12 19:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-12 19:01 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-12 19:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-12 19:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-12 19:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-02-12 19:01 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-02-12 19:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-02-12 19:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-02-12 18:52 - 2014-02-12 18:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-12 18:51 - 2014-02-12 18:52 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Origin
2014-02-12 18:51 - 2014-02-12 18:52 - 00000000 ____D () C:\Users\Jon\AppData\Local\Origin
2014-02-12 18:50 - 2014-02-23 08:34 - 00000000 ____D () C:\ProgramData\Origin
2014-02-12 18:50 - 2014-02-23 08:33 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-12 18:50 - 2014-02-12 18:50 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-02-12 18:50 - 2014-02-12 18:50 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-02-12 07:47 - 2014-02-20 13:10 - 00000000 ____D () C:\Users\Jon\AppData\Local\StormAlerts
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\LVMaintenance
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\ContentExplorer
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Program Files (x86)\PFPortChecker
2014-02-12 07:31 - 2014-02-12 07:36 - 00000000 ____D () C:\Windows\pss
2014-02-12 07:27 - 2014-02-12 07:42 - 00001457 _____ () C:\Users\Jon\Desktop\Guild Wars 2 Port Test.lnk
2014-02-12 03:01 - 2013-12-21 01:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:01 - 2013-12-21 00:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:00 - 2014-02-06 04:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:00 - 2014-02-06 03:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 03:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:00 - 2014-02-06 03:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:00 - 2014-02-06 03:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:00 - 2014-02-06 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 02:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 02:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:00 - 2014-02-06 02:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:00 - 2014-02-06 02:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 02:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 02:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:00 - 2014-02-06 02:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:00 - 2014-02-06 02:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:00 - 2014-02-06 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:00 - 2014-02-06 02:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:00 - 2014-02-06 02:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:00 - 2014-02-06 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:00 - 2014-02-06 02:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:00 - 2014-02-06 01:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:00 - 2014-02-06 01:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 01:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:00 - 2014-02-06 01:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:00 - 2014-02-06 01:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 01:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:00 - 2014-02-06 01:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:00 - 2014-02-06 01:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:00 - 2014-02-06 01:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:00 - 2014-02-06 01:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:00 - 2014-02-06 01:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:00 - 2014-02-06 01:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:00 - 2014-02-06 01:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:00 - 2014-02-06 01:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:00 - 2014-02-06 01:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:00 - 2014-02-06 00:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:00 - 2014-02-06 00:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:00 - 2014-02-06 00:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:00 - 2014-02-06 00:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 03:00 - 2014-02-06 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 02:53 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 02:53 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 02:53 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 02:53 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 02:53 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 02:53 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 02:53 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 02:53 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 02:53 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 02:53 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 02:53 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 02:53 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 02:53 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 02:53 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 02:53 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 02:53 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 02:53 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 02:53 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 02:53 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 02:53 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 02:53 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 02:53 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 02:53 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 02:53 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 02:53 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 02:53 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 02:53 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 02:53 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 12:40 - 2014-02-23 08:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 12:40 - 2014-02-20 15:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-11 12:40 - 2014-02-20 15:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-11 12:40 - 2014-02-20 15:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-11 12:40 - 2014-02-11 12:40 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-11 12:40 - 2014-02-11 12:40 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-11 11:47 - 2014-02-11 11:47 - 00007598 _____ () C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
2014-02-11 10:32 - 2014-02-11 10:32 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201402111032130031.log
2014-02-11 10:32 - 2014-02-11 10:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-11 10:32 - 2014-02-11 10:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-11 10:30 - 2014-02-11 10:30 - 00000000 ____D () C:\Program Files\AMD
2014-02-11 10:28 - 2014-02-11 10:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 10:27 - 2014-02-11 10:27 - 00000000 ____D () C:\AMD
2014-02-11 10:20 - 2014-02-23 07:25 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000UA.job
2014-02-11 10:20 - 2014-02-22 10:25 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000Core.job
2014-02-11 10:20 - 2014-02-11 10:20 - 00003892 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000UA
2014-02-11 10:20 - 2014-02-11 10:20 - 00003524 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000Core
2014-02-11 10:20 - 2014-02-11 10:20 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-02-11 10:20 - 2014-02-11 10:20 - 00000000 ____D () C:\Users\Jon\AppData\Local\Facebook
2014-02-11 10:09 - 2014-02-23 08:34 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Raptr
2014-02-11 10:09 - 2014-02-11 10:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-02-11 10:09 - 2014-02-11 10:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\library_dir
2014-02-11 10:07 - 2014-02-20 13:57 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-02-11 10:00 - 2014-02-11 10:00 - 977323316 _____ () C:\Windows\MEMORY.DMP
2014-02-11 10:00 - 2014-02-11 10:00 - 00300216 _____ () C:\Windows\Minidump\021114-20264-01.dmp
2014-02-11 10:00 - 2014-02-11 10:00 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 09:13 - 2014-02-11 09:13 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-02-11 09:09 - 2014-02-21 00:45 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Guild Wars 2
2014-02-11 09:09 - 2014-02-12 07:28 - 00000000 ____D () C:\Users\Jon\Documents\Guild Wars 2
2014-02-11 07:38 - 2014-02-11 07:38 - 00000000 ____D () C:\Users\Jon\AppData\Local\Blizzard
2014-02-03 12:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-03 12:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-03 12:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-03 12:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-03 12:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-03 12:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-03 12:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-03 12:08 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-03 12:08 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-03 12:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-03 12:08 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-03 12:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-03 12:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-03 12:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-03 12:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-03 12:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-03 12:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-03 12:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-02-03 12:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-03 12:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-02-03 12:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-03 12:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-02-03 12:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-03 12:08 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-03 12:08 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-03 12:08 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-03 12:08 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-03 12:08 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-03 12:08 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-03 12:08 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-03 12:08 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-03 12:08 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-03 12:08 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-03 12:08 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-03 12:08 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-03 12:08 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-03 12:08 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-03 12:08 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-03 12:08 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-03 12:08 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-03 12:08 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-03 12:08 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-03 12:08 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-03 12:08 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-03 12:07 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-03 12:07 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-03 12:07 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-03 12:07 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-03 12:07 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-03 12:07 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-03 12:07 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-03 12:07 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-03 12:07 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-03 12:07 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-03 12:07 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-03 12:07 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-03 12:07 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-03 12:07 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-03 12:07 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-03 12:07 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-03 12:07 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-03 12:07 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-03 12:07 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-03 12:07 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-03 12:07 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-03 12:07 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-03 12:07 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-03 12:07 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-03 12:07 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-03 12:07 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-03 12:07 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-03 12:07 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-03 12:07 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-03 12:07 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-03 12:07 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-03 12:07 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-03 12:07 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-03 12:07 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-03 12:07 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-03 12:07 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-03 12:07 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-03 12:07 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-03 12:07 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-03 12:07 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-03 12:07 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-03 12:07 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-03 12:07 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-03 12:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-03 12:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-03 12:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-03 12:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-03 12:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-03 12:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-03 12:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-03 12:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-03 12:07 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-03 12:07 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-03 12:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-03 12:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-03 12:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-03 12:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-03 12:07 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-03 12:07 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-03 12:07 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-03 12:07 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-03 12:07 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-03 12:07 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-03 12:07 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-03 12:07 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-03 12:07 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-03 12:07 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-03 12:01 - 2014-02-03 12:06 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-02-03 12:01 - 2014-02-03 12:03 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Arc
2014-02-03 12:01 - 2014-02-03 12:01 - 00001846 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-02-02 21:44 - 2014-02-02 21:49 - 00000000 ____D () C:\Users\Jon\AppData\Local\Apple Computer
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files\iTunes
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files\iPod
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-02 21:44 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-02-02 21:39 - 2014-02-03 08:52 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Apple Computer
2014-02-02 21:39 - 2014-02-02 21:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-02 21:23 - 2014-02-02 21:44 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-02 21:23 - 2014-02-02 21:24 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-01 16:43 - 2014-02-01 16:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-01 16:43 - 2014-02-01 16:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-29 03:02 - 2014-01-29 03:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-29 03:02 - 2014-01-29 03:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Public\Documents\8156
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\Documents\6717
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\AppData\Roaming\9481
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\AppData\Local\2631
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\1548
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\1477
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\0359
2014-01-27 21:06 - 2014-01-27 21:06 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Imagic507N
2014-01-27 21:05 - 2004-08-04 01:57 - 01712128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-01-27 21:05 - 2003-03-18 21:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71.dll
2014-01-27 21:05 - 2003-03-18 21:12 - 01047552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC71u.dll
2014-01-27 21:05 - 2003-03-18 20:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-01-27 21:05 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-01-27 21:05 - 2000-06-08 18:00 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\l3codecx.ax
2014-01-27 21:04 - 2014-01-27 21:04 - 00000972 _____ () C:\Users\Public\Desktop\Movavi Photo Suite.lnk
2014-01-27 21:04 - 2014-01-27 21:04 - 00000000 ____D () C:\Program Files (x86)\Movavi
2014-01-27 21:04 - 2010-05-28 18:50 - 00222568 _____ (STOIK Software) C:\Windows\SysWOW64\skjpeg40.dll
2014-01-27 21:04 - 2010-05-28 18:50 - 00089448 _____ (STOIK Software Ltd.) C:\Windows\SysWOW64\Skbase40.dll
2014-01-27 20:58 - 2014-01-27 20:58 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\FUJI FILM
2014-01-27 20:57 - 2014-01-27 20:57 - 00001028 _____ () C:\Users\Jon\Desktop\Pictures - Shortcut.lnk
2014-01-27 20:51 - 2014-01-27 20:51 - 00000000 ____D () C:\Users\Jon\AppData\Local\FUJIFILM
2014-01-27 20:22 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-01-27 20:21 - 2014-02-20 14:57 - 00082443 _____ () C:\Windows\DirectX.log
2014-01-27 20:21 - 2014-01-27 20:38 - 00000000 ____D () C:\ProgramData\FUJIFILM
2014-01-27 20:21 - 2014-01-27 20:38 - 00000000 ____D () C:\Program Files (x86)\FUJIFILM
2014-01-27 20:21 - 2014-01-27 20:21 - 00001186 _____ () C:\Users\Public\Desktop\MyFinePix Studio.lnk
2014-01-27 20:18 - 2014-02-02 21:44 - 00000000 ____D () C:\ProgramData\Apple
2014-01-27 20:18 - 2014-01-27 20:18 - 00000000 ____D () C:\Users\Jon\AppData\Local\Apple
2014-01-27 20:17 - 2014-01-27 20:17 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\FUJIFILM
 
==================== One Month Modified Files and Folders =======
 
2014-02-23 08:44 - 2014-02-11 12:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-23 08:44 - 2014-01-17 21:27 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 08:43 - 2014-02-23 08:43 - 00017297 _____ () C:\Users\Jon\Desktop\FRST.txt
2014-02-23 08:43 - 2014-02-23 08:43 - 00000000 ____D () C:\FRST
2014-02-23 08:42 - 2014-02-23 08:42 - 02155520 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2014-02-23 08:42 - 2014-01-17 22:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-23 08:41 - 2014-02-23 08:41 - 00000631 _____ () C:\Users\Jon\Desktop\JRT.txt
2014-02-23 08:41 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 08:41 - 2009-07-13 20:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 08:37 - 2014-01-17 21:02 - 01298386 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 08:36 - 2014-02-23 08:36 - 01037734 _____ (Thisisu) C:\Users\Jon\Desktop\JRT.exe
2014-02-23 08:34 - 2014-02-12 18:50 - 00000000 ____D () C:\ProgramData\Origin
2014-02-23 08:34 - 2014-02-11 10:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Raptr
2014-02-23 08:33 - 2014-02-12 18:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-23 08:33 - 2014-01-18 19:06 - 00008038 _____ () C:\Windows\setupact.log
2014-02-23 08:33 - 2014-01-18 09:52 - 00000000 ___RD () C:\Users\Jon\Google Drive
2014-02-23 08:33 - 2014-01-17 21:27 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 08:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 08:31 - 2014-02-23 08:31 - 00000990 _____ () C:\Users\Jon\Desktop\AdwCleaner[R2].txt
2014-02-23 08:31 - 2014-02-20 13:15 - 00000000 ____D () C:\AdwCleaner
2014-02-23 08:30 - 2014-02-23 08:30 - 01241834 _____ () C:\Users\Jon\Desktop\adwcleaner.exe
2014-02-23 08:29 - 2014-01-18 00:10 - 00000000 ____D () C:\Users\Jon\AppData\Local\Battle.net
2014-02-23 07:25 - 2014-02-11 10:20 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000UA.job
2014-02-22 16:26 - 2014-02-15 23:19 - 00000000 ____D () C:\ProgramData\BitRaider
2014-02-22 10:25 - 2014-02-11 10:20 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000Core.job
2014-02-21 12:44 - 2014-02-20 13:08 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Spotify
2014-02-21 00:45 - 2014-02-11 09:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Guild Wars 2
2014-02-20 16:13 - 2014-02-20 16:03 - 00000000 ____D () C:\Users\Jon\Documents\InfiniteCrisis
2014-02-20 16:04 - 2014-02-20 16:03 - 00000000 ____D () C:\Users\Jon\AppData\Local\InfiniteCrisis
2014-02-20 15:54 - 2014-02-20 14:55 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-02-20 15:23 - 2009-07-13 21:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 15:22 - 2014-02-20 14:38 - 00000000 ____D () C:\Users\Jon\Documents\Diablo III
2014-02-20 15:21 - 2014-02-11 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:21 - 2014-02-11 12:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 15:21 - 2014-02-11 12:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 15:15 - 2014-01-17 21:03 - 00000000 ____D () C:\Users\Jon
2014-02-20 15:14 - 2014-02-20 15:08 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-20 15:00 - 2014-02-20 15:00 - 00000000 ____D () C:\Users\Jon\AppData\Local\Turbine
2014-02-20 14:58 - 2014-01-18 20:48 - 00000000 ____D () C:\Users\Jon\AppData\Local\Adobe
2014-02-20 14:57 - 2014-01-27 20:21 - 00082443 _____ () C:\Windows\DirectX.log
2014-02-20 14:55 - 2014-02-20 14:55 - 00000000 ____D () C:\ProgramData\Turbine
2014-02-20 14:38 - 2014-01-18 03:13 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-02-20 14:34 - 2014-01-18 00:11 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-02-20 14:32 - 2014-02-20 14:08 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-20 14:09 - 2014-02-20 14:09 - 00000000 _____ () C:\autoexec.bat
2014-02-20 14:08 - 2014-02-20 14:08 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-20 13:57 - 2014-02-11 10:07 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-02-20 13:53 - 2010-11-20 19:47 - 00153208 _____ () C:\Windows\PFRO.log
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Malwarebytes
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-20 13:45 - 2014-02-20 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-20 13:25 - 2014-02-20 13:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-20 13:14 - 2014-02-20 13:11 - 00000000 ____D () C:\Users\Jon\AppData\Local\Spotify
2014-02-20 13:13 - 2014-02-20 13:13 - 00000000 ____D () C:\Program Files (x86)\mSeven Software
2014-02-20 13:13 - 2014-01-17 22:47 - 00000000 ____D () C:\Users\Jon\AppData\Local\Downloaded Installations
2014-02-20 13:11 - 2014-02-20 13:11 - 00001743 _____ () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-20 13:10 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Local\StormAlerts
2014-02-20 13:10 - 2014-01-17 21:03 - 00000000 ___RD () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 12:14 - 2014-02-16 12:14 - 00000000 ____D () C:\Users\Jon\AppData\Local\SWTOR
2014-02-16 03:02 - 2014-01-18 21:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2014-01-18 21:14 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 23:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-02-15 23:19 - 2014-02-15 23:19 - 00000000 ____D () C:\Users\Jon\AppData\Local\SWTORPerf
2014-02-15 05:46 - 2014-02-15 05:46 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-15 05:46 - 2014-02-15 05:46 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-13 01:04 - 2014-02-13 01:04 - 00003012 _____ () C:\Windows\System32\Tasks\{D306512D-BD17-4BDE-AF7D-5141DD7F208D}
2014-02-13 00:44 - 2014-01-18 00:10 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Battle.net
2014-02-12 18:57 - 2014-02-12 18:52 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-02-12 18:52 - 2014-02-12 18:51 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Origin
2014-02-12 18:52 - 2014-02-12 18:51 - 00000000 ____D () C:\Users\Jon\AppData\Local\Origin
2014-02-12 18:50 - 2014-02-12 18:50 - 00000983 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-02-12 18:50 - 2014-02-12 18:50 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\LVMaintenance
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\ContentExplorer
2014-02-12 07:47 - 2014-02-12 07:47 - 00000000 ____D () C:\Program Files (x86)\PFPortChecker
2014-02-12 07:42 - 2014-02-12 07:27 - 00001457 _____ () C:\Users\Jon\Desktop\Guild Wars 2 Port Test.lnk
2014-02-12 07:36 - 2014-02-12 07:31 - 00000000 ____D () C:\Windows\pss
2014-02-12 07:28 - 2014-02-11 09:09 - 00000000 ____D () C:\Users\Jon\Documents\Guild Wars 2
2014-02-12 04:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 03:06 - 2014-01-18 10:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 03:02 - 2014-01-19 23:18 - 00773536 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-11 20:01 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-11 18:05 - 2014-01-18 00:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-02-11 12:40 - 2014-02-11 12:40 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-11 12:40 - 2014-02-11 12:40 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-11 12:28 - 2014-01-18 00:09 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-11 11:47 - 2014-02-11 11:47 - 00007598 _____ () C:\Users\Jon\AppData\Local\Resmon.ResmonCfg
2014-02-11 10:32 - 2014-02-11 10:32 - 00060777 _____ () C:\Windows\SysWOW64\CCCInstall_201402111032130031.log
2014-02-11 10:32 - 2014-02-11 10:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-11 10:32 - 2014-02-11 10:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-11 10:32 - 2014-01-17 21:42 - 00000000 ____D () C:\ProgramData\AMD
2014-02-11 10:31 - 2014-01-17 21:17 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-11 10:30 - 2014-02-11 10:30 - 00000000 ____D () C:\Program Files\AMD
2014-02-11 10:29 - 2014-02-11 10:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-11 10:27 - 2014-02-11 10:27 - 00000000 ____D () C:\AMD
2014-02-11 10:20 - 2014-02-11 10:20 - 00003892 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000UA
2014-02-11 10:20 - 2014-02-11 10:20 - 00003524 _____ () C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3439609084-2427522564-2963439524-1000Core
2014-02-11 10:20 - 2014-02-11 10:20 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2014-02-11 10:20 - 2014-02-11 10:20 - 00000000 ____D () C:\Users\Jon\AppData\Local\Facebook
2014-02-11 10:09 - 2014-02-11 10:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-02-11 10:09 - 2014-02-11 10:09 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\library_dir
2014-02-11 10:00 - 2014-02-11 10:00 - 977323316 _____ () C:\Windows\MEMORY.DMP
2014-02-11 10:00 - 2014-02-11 10:00 - 00300216 _____ () C:\Windows\Minidump\021114-20264-01.dmp
2014-02-11 10:00 - 2014-02-11 10:00 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 09:13 - 2014-02-11 09:13 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-02-11 07:38 - 2014-02-11 07:38 - 00000000 ____D () C:\Users\Jon\AppData\Local\Blizzard
2014-02-11 07:38 - 2014-01-18 09:37 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-02-08 21:39 - 2014-01-17 21:27 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-08 21:39 - 2014-01-17 21:27 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 04:16 - 2014-02-12 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:30 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:30 - 2014-02-12 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:12 - 2014-02-12 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:07 - 2014-02-12 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:06 - 2014-02-12 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-12 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:56 - 2014-02-12 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:52 - 2014-02-12 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:49 - 2014-02-12 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:48 - 2014-02-12 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:48 - 2014-02-12 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:38 - 2014-02-12 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 02:32 - 2014-02-12 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:20 - 2014-02-12 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 02:17 - 2014-02-12 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:11 - 2014-02-12 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:01 - 2014-02-12 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 02:00 - 2014-02-12 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 01:57 - 2014-02-12 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 01:57 - 2014-02-12 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 01:52 - 2014-02-12 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 01:52 - 2014-02-12 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 01:50 - 2014-02-12 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 01:49 - 2014-02-12 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 01:47 - 2014-02-12 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 01:46 - 2014-02-12 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 01:25 - 2014-02-12 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 01:25 - 2014-02-12 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 01:24 - 2014-02-12 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:22 - 2014-02-12 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:13 - 2014-02-12 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 01:09 - 2014-02-12 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 01:03 - 2014-02-12 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 00:55 - 2014-02-12 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 00:41 - 2014-02-12 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 00:40 - 2014-02-12 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 00:36 - 2014-02-12 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 00:34 - 2014-02-12 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 15:24 - 2014-01-17 21:03 - 00000000 ____D () C:\Users\Jon\AppData\Local\VirtualStore
2014-02-03 12:06 - 2014-02-03 12:01 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-02-03 12:03 - 2014-02-03 12:01 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Arc
2014-02-03 12:01 - 2014-02-03 12:01 - 00001846 _____ () C:\Users\Public\Desktop\Arc.lnk
2014-02-03 12:01 - 2014-01-17 21:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-03 08:52 - 2014-02-02 21:39 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Apple Computer
2014-02-02 21:49 - 2014-02-02 21:44 - 00000000 ____D () C:\Users\Jon\AppData\Local\Apple Computer
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files\iTunes
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files\iPod
2014-02-02 21:44 - 2014-02-02 21:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-02 21:44 - 2014-02-02 21:23 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-02-02 21:44 - 2014-01-27 20:18 - 00000000 ____D () C:\ProgramData\Apple
2014-02-02 21:43 - 2014-02-02 21:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-02 21:36 - 2014-02-02 21:36 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-02-02 21:24 - 2014-02-02 21:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-01 16:43 - 2014-02-01 16:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-02-01 16:43 - 2014-02-01 16:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-01-29 03:02 - 2014-01-29 03:02 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-01-29 03:02 - 2014-01-29 03:02 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-28 17:25 - 2014-01-18 20:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Public\Documents\8156
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\Documents\6717
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\AppData\Roaming\9481
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\Users\Jon\AppData\Local\2631
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\1548
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\1477
2014-01-27 21:06 - 2014-01-27 21:06 - 00000012 _____ () C:\ProgramData\0359
2014-01-27 21:06 - 2014-01-27 21:06 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Imagic507N
2014-01-27 21:04 - 2014-01-27 21:04 - 00000972 _____ () C:\Users\Public\Desktop\Movavi Photo Suite.lnk
2014-01-27 21:04 - 2014-01-27 21:04 - 00000000 ____D () C:\Program Files (x86)\Movavi
2014-01-27 20:58 - 2014-01-27 20:58 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\FUJI FILM
2014-01-27 20:57 - 2014-01-27 20:57 - 00001028 _____ () C:\Users\Jon\Desktop\Pictures - Shortcut.lnk
2014-01-27 20:51 - 2014-01-27 20:51 - 00000000 ____D () C:\Users\Jon\AppData\Local\FUJIFILM
2014-01-27 20:38 - 2014-01-27 20:21 - 00000000 ____D () C:\ProgramData\FUJIFILM
2014-01-27 20:38 - 2014-01-27 20:21 - 00000000 ____D () C:\Program Files (x86)\FUJIFILM
2014-01-27 20:21 - 2014-01-27 20:21 - 00001186 _____ () C:\Users\Public\Desktop\MyFinePix Studio.lnk
2014-01-27 20:18 - 2014-01-27 20:18 - 00000000 ____D () C:\Users\Jon\AppData\Local\Apple
2014-01-27 20:17 - 2014-01-27 20:17 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\FUJIFILM
 
Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\devcon.exe
C:\Users\Jon\AppData\Local\Temp\Gw2.exe
C:\Users\Jon\AppData\Local\Temp\ose00000.exe
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jon\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 00:37
 
==================== End Of Log ============================

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 23 February 2014 - 01:56 PM

Your last logs are clean.

Please let me know if the problem persists.

---

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

#5 nielsenja

nielsenja
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 24 February 2014 - 11:06 AM

So the many lines about LVMaintenance and ContentExplorer are not related to malware?  Because it's LVMaintenance that keeps asking my permission to launch stuff (and I deny it) and I suspect it's what's causing my proxy settings to change every time I boot my computer...

 

When I google both of those there is a lot of talk about malware...

 

That program does not work, it says it is not a valid Win32 application, even if I try to run as administrator.



#6 nielsenja

nielsenja
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 24 February 2014 - 11:10 AM

I redownloaded it by visiting the site, then clicking the link and it launched, but then the checkup.txt file says:

 

 UNSUPPORTED OPERATING SYSTEM! ABORTED!


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 24 February 2014 - 11:19 AM


Sorry I did not pay attention to this section of your FRST log yesterday.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [ContentExplorer] - C:\Users\Jon\AppData\Roaming\ContentExplorer\ContentExplorer.exe [440592 2014-02-05] (ContentExplorer)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [LVMaintenance] - C:\Users\Jon\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-01-01] ()
C:\Users\Jon\AppData\Roaming\LVMaintenance
C:\Users\Jon\AppData\Roaming\ContentExplorer

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally.

Run the SecurityCheck now. It should run after the restart.

How is it now?

#8 nielsenja

nielsenja
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 24 February 2014 - 10:18 PM

That LVMaintenance popup has not appeared again so far, but I did get a strange popup for the first time.  Chrome opened randomly to the following address right as the SecurityCheck program started running:
 
htxxtps://fbcdn-photos-h-a.akamaihd.net/hphotos-ak-prn1/hellocdn.html?v=1
 
Very odd and looks suspicious!
 
Logs below:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by Jon at 2014-02-24 18:56:45 Run:1
Running from C:\Users\Jon\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [ContentExplorer] - C:\Users\Jon\AppData\Roaming\ContentExplorer\ContentExplorer.exe [440592 2014-02-05] (ContentExplorer)
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\...\Run: [LVMaintenance] - C:\Users\Jon\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-01-01] ()
C:\Users\Jon\AppData\Roaming\LVMaintenance
C:\Users\Jon\AppData\Roaming\ContentExplorer
 
end
*****************
 
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ContentExplorer => Value deleted successfully.
HKU\S-1-5-21-3439609084-2427522564-2963439524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LVMaintenance => Value deleted successfully.
C:\Users\Jon\AppData\Roaming\LVMaintenance => Moved successfully.
C:\Users\Jon\AppData\Roaming\ContentExplorer => Moved successfully.
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Kaspersky PURE 3.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!
 Adobe Reader XI  
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````
 Kaspersky Lab Kaspersky PURE 3.0 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````

Edited by nasdaq, 25 February 2014 - 08:15 AM.
Bad link obfuscated.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 25 February 2014 - 08:28 AM

Chrome opened randomly to the following address right as the SecurityCheck program started running:


Click on the Customize and Control Google Chrome Select Settings
On Start up > Set pages
Remove any links you do not wish to open at start up.

If that fails to solve your problem click on the Advanced settings link in the bottom and Reset the Browser settings.

How is it now?
===

You have the latest version of Flash. The tool needs to be updated.

===

Any remaining issue?

#10 nielsenja

nielsenja
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 25 February 2014 - 10:34 AM

There were no pages in the Set pages setting on Chrome.  The page opened on its own, I wasn't opening Chrome.

 

I don't know why that program says Flash is outdated, I have 12.0.0.70 and that is the newest version according to the website.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 25 February 2014 - 02:15 PM

You have the latest version of Flash. The SecurityCheck tool needs to be updated.

I would remove Chrome using the Add/Remove Programs.
Restart the computer normally.
Re-install Chrome.

Save your Bookmarks before proceeding.
https://support.google.com/chrome/answer/96816?hl=en

They can be imported back to the new version.
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 03 March 2014 - 09:38 AM

Are you still with me?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:51 PM

Posted 08 March 2014 - 09:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users