Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BloCKUTubeAd (installed by enterprise policy) - Jeffce


  • This topic is locked This topic is locked
14 replies to this topic

#1 Antecedence

Antecedence

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 28 March 2014 - 04:45 PM

Hi Jeff,

 

My girlfriends PC has become infected with the same horrible extension you assisted a user with in this thread.

 

I have had many run ins with malware before, but this one really takes the cake for the way it's rooted itself into the system.

 

I have tried to follow the way you went about removing it and have followed just about up to finding the random file extensions that were being created in the download folder. Unfortunately in her case, there is no file being generated in the download folder or anywhere that I can see and the FRST logs are coming up blank for finding it.

 

Up to this point I have:

 

Deleted the folders from the programfiles (x86) folder, the programdata folders, removed the registration data, the extensions from the appdata/local/chrome folder.

 

The offending program that installed this should have been around the 26th/27th.

 

I am at the point now where I am stuck and hoping you could have a look at her FRST log and see if you can find anything.

 

I have attached below.

Thanks for your help,

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Renae (administrator) on RENAE-PC on 27-03-2014 23:16:06
Running from C:\Users\Renae\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Akamai Technologies, Inc.) C:\Users\Renae\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Renae\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Renae\AppData\Local\Google\Update\GoogleUpdate.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\regedit.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-10-14] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [VX6000] - C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-02-01] ()
HKU\S-1-5-21-3501034104-2561206122-596863567-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3501034104-2561206122-596863567-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Renae\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3501034104-2561206122-596863567-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3501034104-2561206122-596863567-1000\...\Run: [Google Update] - C:\Users\Renae\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-26] (Google Inc.)
HKU\S-1-5-21-3501034104-2561206122-596863567-1000\...\Run: [Razer Comms] - C:\Program Files (x86)\Razer\Core\RazerCore.exe [1094848 2013-12-10] (Razer, Inc.)
Startup: C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDA9EE3095524CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-09]
CHR Extension: (YouTube) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-09]
CHR Extension: (Google Search) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-09]
CHR Extension: (AdBlock) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-04]
CHR Extension: (Cloud Reader) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-11-25]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-10-29]
CHR Extension: (Google Wallet) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Renae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-01-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-18] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R3 AODDriver; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [52280 2010-03-12] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-03] (DT Soft Ltd)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-27] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
S3 sclbl; C:\AeriaGames\ScarletBlade\avital\scarbt64.sys [86352 2014-02-25] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 slb; C:\AeriaGames\ScarletBlade\avital\scarlb64.sys [81880 2013-04-17] ()
S3 usj; C:\AeriaGames\EdenEternal\avital\ussjcs64.sys [89560 2013-07-23] ()
R3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 22A14DF59FB8D0BE918C597988AF4296
C:\Windows\System32\DRIVERS\atikmpag.sys EE22D3ED6D55A855E709F811CCCA97ED
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys B934322C68C30DCECA96C0274A51F7B0
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 5A528A540B1AEE8B1C77ED65094E8CDF
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys BA957E7ACD2B44FA3B01FAA64F6A9060
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 437F55435623D4D54D36197F5AD8B435
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\etdrv.sys 84486624268E078255BC7AA47F0960BC
C:\Windows\System32\Drivers\EtronHub3.sys DB6AEC32FAF5BD002D9ED6C38692D42B
C:\Windows\System32\Drivers\EtronXHCI.sys 9CC2F24274741E12F9DF92125EA6D6D8
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\gdrv.sys 7907E14F9BCF3A4689C9A74A1A873CB6
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\GVTDrv64.sys 8126331FBD4ED29EB3B356F9C905064D
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F2744FD54BE1580BE05916D1C755C92A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\SysWOW64\DRIVERS\mcdbus.sys 79D51E7F5926E8CE1B3EBECEBAE28CFF
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys 5EACB8A19CAD7057806FBBF9550165E1
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys 2E7D1CA91D62501713C9D6E6704395C6
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\RzDxgk.sys 2EFBEAAC418D8C28C0800C76814856ED
C:\Windows\System32\drivers\RzFilter.sys C79B033548410568785CA35A2312FAA4
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\AeriaGames\ScarletBlade\avital\scarbt64.sys 14FD6AD44959BF65444C2234AEDB0899
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\AeriaGames\ScarletBlade\avital\scarlb64.sys 5B43F0286A5106552004309DEB38BF93
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\AeriaGames\EdenEternal\avital\ussjcs64.sys 659BA43F61FC37609288A5340A8D37D4
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX6000Xp.sys 07E6731FF9399A3B72D64150D4C5F71A
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936
C:\Windows\System32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E
C:\Windows\System32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-27 22:33 - 2014-03-27 22:54 - 00047107 _____ () C:\Users\Renae\Downloads\Addition.txt
2014-03-27 22:32 - 2014-03-27 23:16 - 00032394 _____ () C:\Users\Renae\Downloads\FRST.txt
2014-03-27 22:32 - 2014-03-27 23:16 - 00000000 ____D () C:\FRST
2014-03-27 22:30 - 2014-03-27 22:30 - 02157056 _____ (Farbar) C:\Users\Renae\Downloads\FRST64.exe
2014-03-27 22:13 - 2014-03-27 22:13 - 00110805 _____ () C:\Users\Renae\Desktop\bookmarks_3_27_14.html
2014-03-27 22:00 - 2014-03-27 22:00 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-27 22:00 - 2014-03-27 22:00 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-27 22:00 - 2014-03-27 22:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-27 21:58 - 2014-03-27 21:58 - 04787368 _____ (Piriform Ltd) C:\Users\Renae\Downloads\ccsetup412.exe
2014-03-27 21:26 - 2014-03-27 21:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 21:26 - 2014-03-27 21:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 21:26 - 2014-03-27 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 21:26 - 2014-03-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 21:26 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:26 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 21:26 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-27 21:25 - 2014-03-27 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Renae\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2014-03-27 21:15 - 2014-03-27 21:15 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\TeamViewer
2014-03-27 21:12 - 2014-03-27 21:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-03-27 18:01 - 2014-03-27 18:01 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-27 17:59 - 2014-03-27 18:00 - 00000000 ____D () C:\Program Files\iTunes
2014-03-27 17:59 - 2014-03-27 18:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-27 17:59 - 2014-03-27 17:59 - 00000000 ____D () C:\Program Files\iPod
2014-03-27 08:56 - 2014-03-27 08:57 - 13670584 _____ (Microsoft Corporation) C:\Users\Renae\Downloads\mseinstall.exe
2014-03-27 08:48 - 2014-03-27 08:48 - 00000000 ____D () C:\Windows\en
2014-03-27 08:44 - 2014-03-27 08:44 - 00002174 _____ () C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-12 00:05 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 00:05 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 00:05 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 00:04 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 00:04 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 00:04 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 00:04 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 00:04 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 00:04 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 00:04 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 00:04 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 00:04 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 00:04 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 00:04 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 00:04 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 00:04 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 00:04 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 00:04 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 00:04 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 00:04 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 00:04 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 00:04 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 00:04 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 00:04 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 00:04 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 00:04 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 00:04 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 00:04 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 00:04 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 00:04 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 00:04 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 00:04 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 00:04 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 00:04 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 00:04 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 00:04 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 00:04 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 00:04 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 00:04 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 00:04 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 00:04 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 00:04 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 00:04 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 00:04 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 00:03 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 00:03 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 00:03 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 00:03 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 23:30 - 2014-03-11 23:30 - 00000000 ____D () C:\Users\Renae\AppData\Local\Blizzard Entertainment
2014-03-11 22:42 - 2014-03-11 22:42 - 00000000 ____D () C:\Users\Renae\Documents\Diablo III
2014-03-11 21:38 - 2014-03-11 21:38 - 00001140 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-03-11 21:37 - 2014-03-11 22:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-11 21:19 - 2014-03-27 08:27 - 00000000 ____D () C:\Users\Renae\AppData\Local\Battle.net
2014-03-11 21:19 - 2014-03-11 22:41 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\Battle.net
2014-03-11 21:18 - 2014-03-25 22:29 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-11 21:18 - 2014-03-11 21:18 - 00001146 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-11 21:16 - 2014-03-11 21:16 - 06018744 _____ (Blizzard Entertainment) C:\Users\Renae\Downloads\Diablo-III-Setup-enUS.exe
2014-03-10 20:48 - 2014-03-10 20:48 - 01941504 _____ () C:\Users\Renae\Downloads\AFSP+Suicide+Prevention (1).ppt
2014-03-10 20:47 - 2014-03-10 20:47 - 00045349 _____ () C:\Users\Renae\Downloads\Attribution+theory (1).pptx
2014-03-10 20:33 - 2014-03-10 20:33 - 02312192 _____ () C:\Users\Renae\Downloads\chapter8.ppt
2014-03-09 22:48 - 2014-03-09 22:48 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 22:48 - 2014-03-09 22:48 - 00000000 ____D () C:\Users\Renae\AppData\Local\Skype
2014-03-08 12:57 - 2014-03-08 14:11 - 00000000 ____D () C:\Users\Renae\Desktop\CC ok
2014-03-08 12:36 - 2014-03-08 14:11 - 00000000 ____D () C:\Users\Renae\Desktop\CC Test
2014-03-08 12:24 - 2014-03-08 13:23 - 00000000 ____D () C:\Users\Renae\Desktop\Sims 3 store content
2014-03-07 22:31 - 2014-03-07 22:31 - 04463104 _____ () C:\Users\Renae\Downloads\chapter7.ppt
2014-03-07 22:31 - 2014-03-07 22:31 - 00045349 _____ () C:\Users\Renae\Downloads\Attribution+theory.pptx
2014-03-06 11:19 - 2014-03-06 11:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-06 01:49 - 2014-03-06 01:49 - 00001464 _____ () C:\Users\Renae\Desktop\TechnicLauncher - Shortcut.lnk
2014-03-05 23:31 - 2014-03-05 23:33 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\.technic
2014-03-05 23:31 - 2014-03-05 23:31 - 02346186 _____ () C:\Users\Renae\Documents\TechnicLauncher.exe
2014-03-05 15:15 - 2014-03-05 15:15 - 01941504 _____ () C:\Users\Renae\Downloads\AFSP+Suicide+Prevention.ppt
2014-03-02 19:15 - 2014-03-02 19:15 - 00000867 _____ () C:\Users\Renae\Desktop\PokeMMO.lnk
2014-03-02 19:07 - 2014-03-02 19:07 - 14603901 _____ () C:\Users\Renae\Downloads\PokeMMO-Client.rar
2014-02-26 13:02 - 2014-02-26 13:02 - 00557412 _____ () C:\Users\Renae\Downloads\NRaas_Woohooer_V123.zip
2014-02-26 13:00 - 2014-02-26 13:00 - 00169030 _____ () C:\Users\Renae\Downloads\NRaas_PortraitPanel_V32.zip
2014-02-26 12:58 - 2014-02-26 12:58 - 00187538 _____ () C:\Users\Renae\Downloads\NRaas_MasterControllerCheats_V127.zip
2014-02-26 12:58 - 2014-02-26 12:58 - 00078984 _____ () C:\Users\Renae\Downloads\NRaas_MasterControllerExpandedTattoo_V122.zip
2014-02-26 12:58 - 2014-02-26 12:58 - 00037239 _____ () C:\Users\Renae\Downloads\NRaas_MasterControllerIntegration_V124.zip
2014-02-26 12:58 - 2014-02-26 12:58 - 00012784 _____ () C:\Users\Renae\Downloads\cmar_XCAS_TattooLocations_V2.zip
2014-02-26 12:57 - 2014-02-26 12:57 - 00760208 _____ () C:\Users\Renae\Downloads\NRaas_MasterController_V128.zip
 
==================== One Month Modified Files and Folders =======
 
2014-03-27 23:16 - 2014-03-27 22:32 - 00032394 _____ () C:\Users\Renae\Downloads\FRST.txt
2014-03-27 23:16 - 2014-03-27 22:32 - 00000000 ____D () C:\FRST
2014-03-27 23:16 - 2013-03-25 19:14 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-03-27 23:06 - 2013-01-09 06:21 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\Skype
2014-03-27 23:00 - 2013-01-09 05:52 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 22:54 - 2014-03-27 22:33 - 00047107 _____ () C:\Users\Renae\Downloads\Addition.txt
2014-03-27 22:30 - 2014-03-27 22:30 - 02157056 _____ (Farbar) C:\Users\Renae\Downloads\FRST64.exe
2014-03-27 22:24 - 2014-02-17 00:02 - 00000000 ____D () C:\Users\Renae\Documents\authlib
2014-03-27 22:23 - 2013-01-09 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 22:13 - 2014-03-27 22:13 - 00110805 _____ () C:\Users\Renae\Desktop\bookmarks_3_27_14.html
2014-03-27 22:00 - 2014-03-27 22:00 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-27 22:00 - 2014-03-27 22:00 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-27 22:00 - 2014-03-27 22:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-27 21:58 - 2014-03-27 21:58 - 04787368 _____ (Piriform Ltd) C:\Users\Renae\Downloads\ccsetup412.exe
2014-03-27 21:52 - 2013-03-25 19:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-27 21:51 - 2013-05-13 20:43 - 00000000 ____D () C:\Users\Renae\AppData\Local\LogMeIn Hamachi
2014-03-27 21:51 - 2013-02-21 09:20 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-03-27 21:51 - 2013-01-09 04:17 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-03-27 21:51 - 2013-01-09 04:05 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-03-27 21:50 - 2013-01-09 05:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 21:49 - 2009-07-14 00:45 - 00021360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 21:49 - 2009-07-14 00:45 - 00021360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 21:45 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-27 21:42 - 2013-01-09 03:59 - 02041306 _____ () C:\Windows\WindowsUpdate.log
2014-03-27 21:42 - 2009-07-14 00:51 - 00055155 _____ () C:\Windows\setupact.log
2014-03-27 21:41 - 2010-11-20 23:47 - 00275060 _____ () C:\Windows\PFRO.log
2014-03-27 21:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-27 21:41 - 2009-07-14 00:45 - 00421744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-27 21:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-03-27 21:38 - 2014-01-28 19:10 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\VOPackage
2014-03-27 21:26 - 2014-03-27 21:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 21:26 - 2014-03-27 21:26 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-27 21:26 - 2014-03-27 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 21:26 - 2014-03-27 21:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 21:25 - 2014-03-27 21:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Renae\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2014-03-27 21:23 - 2013-01-09 04:17 - 00110848 _____ () C:\Users\Renae\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-27 21:15 - 2014-03-27 21:15 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\TeamViewer
2014-03-27 21:14 - 2013-07-22 14:26 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-27 21:12 - 2014-03-27 21:12 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-03-27 18:01 - 2014-03-27 18:01 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-27 18:00 - 2014-03-27 17:59 - 00000000 ____D () C:\Program Files\iTunes
2014-03-27 18:00 - 2014-03-27 17:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-27 17:59 - 2014-03-27 17:59 - 00000000 ____D () C:\Program Files\iPod
2014-03-27 08:57 - 2014-03-27 08:56 - 13670584 _____ (Microsoft Corporation) C:\Users\Renae\Downloads\mseinstall.exe
2014-03-27 08:57 - 2013-01-09 05:46 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-03-27 08:48 - 2014-03-27 08:48 - 00000000 ____D () C:\Windows\en
2014-03-27 08:46 - 2013-02-20 01:36 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-27 08:45 - 2013-01-09 06:39 - 00357247 _____ () C:\Windows\DirectX.log
2014-03-27 08:44 - 2014-03-27 08:44 - 00002174 _____ () C:\Users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-03-27 08:43 - 2013-02-20 01:33 - 00000000 ____D () C:\Users\Renae\AppData\Local\Windows Live
2014-03-27 08:27 - 2014-03-11 21:19 - 00000000 ____D () C:\Users\Renae\AppData\Local\Battle.net
2014-03-26 03:04 - 2013-08-06 16:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-26 03:03 - 2013-07-22 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-26 03:00 - 2013-02-21 09:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 22:29 - 2014-03-11 21:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-03-25 21:42 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-25 21:42 - 2013-03-14 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 05:51 - 2013-04-08 00:15 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\vlc
2014-03-12 04:23 - 2013-01-09 09:00 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 04:23 - 2013-01-09 09:00 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 04:23 - 2013-01-09 09:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 02:14 - 2013-01-12 08:20 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\Azureus
2014-03-12 02:14 - 2013-01-09 06:02 - 00000000 ____D () C:\ProgramData\Origin
2014-03-12 02:13 - 2013-01-09 08:54 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-03-11 23:30 - 2014-03-11 23:30 - 00000000 ____D () C:\Users\Renae\AppData\Local\Blizzard Entertainment
2014-03-11 22:42 - 2014-03-11 22:42 - 00000000 ____D () C:\Users\Renae\Documents\Diablo III
2014-03-11 22:41 - 2014-03-11 21:37 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-03-11 22:41 - 2014-03-11 21:19 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\Battle.net
2014-03-11 21:38 - 2014-03-11 21:38 - 00001140 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-03-11 21:18 - 2014-03-11 21:18 - 00001146 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-03-11 21:16 - 2014-03-11 21:16 - 06018744 _____ (Blizzard Entertainment) C:\Users\Renae\Downloads\Diablo-III-Setup-enUS.exe
2014-03-10 20:48 - 2014-03-10 20:48 - 01941504 _____ () C:\Users\Renae\Downloads\AFSP+Suicide+Prevention (1).ppt
2014-03-10 20:47 - 2014-03-10 20:47 - 00045349 _____ () C:\Users\Renae\Downloads\Attribution+theory (1).pptx
2014-03-10 20:33 - 2014-03-10 20:33 - 02312192 _____ () C:\Users\Renae\Downloads\chapter8.ppt
2014-03-10 19:05 - 2013-02-21 02:56 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-03-10 19:05 - 2013-01-09 04:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-09 22:48 - 2014-03-09 22:48 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-09 22:48 - 2014-03-09 22:48 - 00000000 ____D () C:\Users\Renae\AppData\Local\Skype
2014-03-09 22:48 - 2013-01-24 16:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-09 22:48 - 2013-01-09 06:10 - 00000000 ____D () C:\ProgramData\Skype
2014-03-09 01:51 - 2013-01-09 06:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-08 14:11 - 2014-03-08 12:57 - 00000000 ____D () C:\Users\Renae\Desktop\CC ok
2014-03-08 14:11 - 2014-03-08 12:36 - 00000000 ____D () C:\Users\Renae\Desktop\CC Test
2014-03-08 13:54 - 2014-01-28 19:09 - 00000000 ____D () C:\Users\Renae\AppData\Local\CrashDumps
2014-03-08 13:23 - 2014-03-08 12:24 - 00000000 ____D () C:\Users\Renae\Desktop\Sims 3 store content
2014-03-07 22:31 - 2014-03-07 22:31 - 04463104 _____ () C:\Users\Renae\Downloads\chapter7.ppt
2014-03-07 22:31 - 2014-03-07 22:31 - 00045349 _____ () C:\Users\Renae\Downloads\Attribution+theory.pptx
2014-03-07 18:42 - 2014-02-07 17:55 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\Dogecoin
2014-03-06 17:20 - 2013-06-16 23:45 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-03-06 11:19 - 2014-03-06 11:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-03-06 01:49 - 2014-03-06 01:49 - 00001464 _____ () C:\Users\Renae\Desktop\TechnicLauncher - Shortcut.lnk
2014-03-05 23:33 - 2014-03-05 23:31 - 00000000 ____D () C:\Users\Renae\AppData\Roaming\.technic
2014-03-05 23:31 - 2014-03-05 23:31 - 02346186 _____ () C:\Users\Renae\Documents\TechnicLauncher.exe
2014-03-05 15:15 - 2014-03-05 15:15 - 01941504 _____ () C:\Users\Renae\Downloads\AFSP+Suicide+Prevention.ppt
2014-03-05 09:26 - 2014-03-27 21:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-27 21:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-27 21:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 19:15 - 2014-03-02 19:15 - 00000867 _____ () C:\Users\Renae\Desktop\PokeMMO.lnk
2014-03-02 19:07 - 2014-03-02 19:07 - 14603901 _____ () C:\Users\Renae\Downloads\PokeMMO-Client.rar
2014-03-01 02:05 - 2014-03-12 00:04 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-12 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-12 00:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-12 00:04 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-12 00:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-12 00:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-12 00:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-12 00:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-12 00:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-12 00:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-12 00:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-12 00:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-12 00:04 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-12 00:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-12 00:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-12 00:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtm

 



BC AdBot (Login to Remove)

 


m

#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 28 March 2014 - 05:32 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------

 

I appreciate the FRST log and we may need to use that later, but for now...
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------
 

LlJESjW.jpgMalwarebytes Anti-Rootkit
 
Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
  • If malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.

If there is no malware found, please let me know as well.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 30 March 2014 - 05:40 PM

Still need help?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 Antecedence

Antecedence
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 31 March 2014 - 04:31 AM

Hi Jeff,

 

Yes still need help, just trying to find a free moment to run the scans on her pc. Hopefully should be doing it tomorrow.

 

Thanks,

 

Ben



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 31 March 2014 - 06:50 AM

Ok.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 02 April 2014 - 06:32 AM

Hello?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 03 April 2014 - 06:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 Antecedence

Antecedence
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 04 April 2014 - 07:00 PM

Ok, here we go!

 

the 3 logs attached.

 

malware bytes found nothing.

 

Attached Files



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 04 April 2014 - 07:17 PM

Hi,

 

Were you able to get the log from Malwarebytes AntiRootkit as well??  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 Antecedence

Antecedence
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 04 April 2014 - 07:29 PM

Hi,

 

Were you able to get the log from Malwarebytes AntiRootkit as well??   :)

 

Malware bytes rootkit had no results.

 

came up all clean.

 

Cheers Ben



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 04 April 2014 - 07:30 PM

Ok thanks.  
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Antecedence

Antecedence
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 04 April 2014 - 09:08 PM

Took a while and wasn't expecting the internet disconnection so teamviewer wasn't working but here is the combofix log!

 

 

Attached Files



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 05 April 2014 - 09:18 PM

81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
c:\aeriagames\ScarletBlade\avital\scarbt64.sys
 
c:\aeriagames\ScarletBlade\avital\scarlb64.sys
 
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 07 April 2014 - 06:50 PM

Still here?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 08 April 2014 - 06:53 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users