Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected


  • This topic is locked This topic is locked
65 replies to this topic

#1 shadow gun

shadow gun

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 21 June 2014 - 02:50 PM

Hey i was running a usual virus scanning using vipre and it found a Win32.Cekar.E, a Trojan-Spy.Win32.Pophot.gen and a FraudTool.Win32.FakeVimes and i was looking for help on removing these things off my computer.

 



BC AdBot (Login to Remove)

 


m

#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 08:19 AM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: Scan with aswMBR
  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.
aswmbrscan_zpsdc05b0f9.jpg
  • Click the Scan button to begin the scan.
aswmbrsavelog_zps1aeef48e.jpg
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit
Things I need to see in your next post:


FRST Log

Addition.txt Log

aswMBR Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 11:24 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Michael (administrator) on OWNER-PC on 22-06-2014 12:20:49
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Neocodex\Manager\pre_loader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3152233182-3206728649-1788947963-1000\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 196.203.173.36:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06F0B0C41675CF01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Enhance Net Extension - {DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9} - C:\Program Files (x86)\Enhance Net Extension\bho32.dll (trigger.io)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default
FF NetworkProxy: "backup.ftp", "186.91.205.137"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.91.205.137"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.91.205.137"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.120.248.168"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.120.248.168"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.120.248.168"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "190.120.248.168"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Enhance Net Extension - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\8d5722f08367402ca7e74cf2ef319f24@jetpack [2014-06-11]
FF Extension: FoxyProxy Standard - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\foxyproxy@eric.h.jung [2014-05-26]
FF Extension: Live HTTP Headers - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-06-16]
FF Extension: cdxFlightDaily - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightDaily@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightHiLo - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightHiLo@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightRunes - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightRunes@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxIcon - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxIcon@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxQuest - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxQuest@neopetstools.us.xpi [2014-06-07]
FF Extension: cdxRat - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRat@neopetstools.us.xpi [2014-06-08]
FF Extension: cdxRubbish - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRubbish@neopetstools.us.xpi [2014-06-07]
FF Extension: Fireforce - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\fireforce@scrt.ch.xpi [2014-06-16]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
CHR Extension: (Flight Rise) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchkakjhbnpeokndfjpofgoabndfndpc [2014-06-19]
CHR Extension: (Enhance Net Extension) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadadbbagdnmnjobhfmgjnacpcophagd [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29]
 
==================== Services (Whitelisted) =================
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S2 Update PursuePoint; "C:\Program Files (x86)\PursuePoint\updatePursuePoint.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S1 nofrzxpy; \??\C:\Windows\system32\drivers\nofrzxpy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-22 12:20 - 2014-06-22 12:21 - 00015822 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\FRST
2014-06-22 12:19 - 2014-06-22 12:20 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:26 - 2014-06-21 14:27 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 01:48 - 2014-06-21 01:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:23 - 2014-06-19 01:24 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-18 23:56 - 2014-06-19 00:00 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 15:03 - 2014-06-18 15:03 - 01767759 _____ () C:\Users\Michael\Downloads\DarkCometRemover2.zip
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 15:33 - 2014-06-17 15:33 - 01343342 _____ () C:\Users\Michael\Downloads\GIRL 4 - TREHWU.rar
2014-06-17 15:32 - 2014-06-17 15:32 - 07877804 _____ () C:\Users\Michael\Downloads\GIRL 2 - TREHWU.rar
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:55 - 2014-06-16 21:01 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-20 01:57 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-11 15:08 - 2014-06-14 21:58 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-11 06:26 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 06:26 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:26 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:26 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 06:26 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:26 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 06:26 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:26 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:26 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:26 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:26 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:26 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:26 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 06:26 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 06:26 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:26 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:26 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:26 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 06:26 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:26 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:26 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:26 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:26 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:26 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:26 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:26 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 06:25 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 06:25 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 06:25 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:25 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 06:25 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:25 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:25 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:25 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 06:25 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 06:25 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 06:25 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:25 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:25 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:25 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:25 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 06:25 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:25 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:25 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 02:47 - 2014-06-11 02:48 - 00135276 _____ () C:\Users\Michael\AppData\Roaming\Uninstall.exe
2014-06-11 02:47 - 2014-06-11 02:48 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 02:47 - 2014-06-11 02:47 - 00000000 ____D () C:\Program Files (x86)\Enhance Net Extension
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:20 - 2014-06-10 15:21 - 00000000 ____D () C:\Python34
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-10 17:01 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-09 21:16 - 2014-06-10 14:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 02:27 - 2014-06-12 19:06 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:19 - 2014-06-09 00:03 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-02 23:12 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-29 21:14 - 2014-06-11 15:27 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:53 - 2014-06-10 18:13 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-05-29 10:32 - 2014-06-20 17:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-06-19 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-27 04:54 - 2014-05-29 20:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-26 22:51 - 2014-06-19 23:29 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-06-22 12:21 - 2014-06-22 12:20 - 00015822 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\FRST
2014-06-22 12:20 - 2014-06-22 12:19 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 12:10 - 2014-02-06 11:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 11:57 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:57 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:53 - 2014-02-05 17:53 - 01886972 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-22 11:50 - 2014-02-06 13:48 - 00070906 _____ () C:\Windows\setupact.log
2014-06-22 11:50 - 2014-02-06 12:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 11:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:22 - 2014-02-20 00:22 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-22 02:48 - 2014-04-26 16:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Pokemon Showdown
2014-06-22 02:46 - 2014-02-06 12:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 16:23 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 15:26 - 2014-02-23 04:24 - 00000000 ____D () C:\Windows\Patches
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:27 - 2014-06-21 14:26 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-21 01:54 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-20 17:30 - 2014-05-29 10:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-06-20 01:57 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-19 23:29 - 2014-05-26 22:51 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 19:04 - 2014-02-06 12:30 - 00064024 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 03:16 - 2014-02-27 00:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-19 03:16 - 2014-02-22 02:36 - 00688840 _____ () C:\Windows\PFRO.log
2014-06-19 03:16 - 2009-07-14 00:45 - 00294568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 02:00 - 2014-03-29 00:02 - 00064024 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:35 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-06-19 01:24 - 2014-06-19 01:23 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-19 00:00 - 2014-06-18 23:56 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 23:56 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael
2014-06-18 15:03 - 2014-06-18 15:03 - 01767759 _____ () C:\Users\Michael\Downloads\DarkCometRemover2.zip
2014-06-18 01:33 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 15:33 - 2014-06-17 15:33 - 01343342 _____ () C:\Users\Michael\Downloads\GIRL 4 - TREHWU.rar
2014-06-17 15:32 - 2014-06-17 15:32 - 07877804 _____ () C:\Users\Michael\Downloads\GIRL 2 - TREHWU.rar
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 21:01 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:56 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-16 12:53 - 2014-02-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 00:51 - 2014-02-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-16 00:50 - 2014-04-16 20:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 00:49 - 2014-05-17 21:39 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-05-12 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 00:49 - 2014-02-06 12:18 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-02-06 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 00:49 - 2014-02-06 11:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 00:49 - 2014-02-06 11:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-15 20:55 - 2014-02-05 17:53 - 00000000 ____D () C:\Users\Owner
2014-06-14 21:58 - 2014-06-11 15:08 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-12 19:06 - 2014-06-08 02:27 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-12 14:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 10:12 - 2014-03-02 04:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-06-12 10:12 - 2014-02-05 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 10:10 - 2014-02-05 18:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 10:07 - 2014-05-07 04:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 15:27 - 2014-05-29 21:14 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-06-11 15:27 - 2014-04-20 03:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-06-11 02:48 - 2014-06-11 02:47 - 00135276 _____ () C:\Users\Michael\AppData\Roaming\Uninstall.exe
2014-06-11 02:48 - 2014-06-11 02:47 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 02:47 - 2014-06-11 02:47 - 00000000 ____D () C:\Program Files (x86)\Enhance Net Extension
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 18:13 - 2014-05-29 20:53 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-06-10 17:01 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:21 - 2014-06-10 15:20 - 00000000 ____D () C:\Python34
2014-06-10 14:05 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-09 00:03 - 2014-06-02 23:19 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-08 23:33 - 2014-03-29 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VIPRE
2014-06-08 17:31 - 2009-07-14 01:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 05:13 - 2014-06-11 06:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 06:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 21:20 - 2014-03-29 00:24 - 00001279 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-06-05 21:20 - 2014-02-25 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:18 - 2014-06-02 23:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-02-20 01:54 - 00000000 ____D () C:\Program Files (x86)\oPryzeLP
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-31 19:13 - 2014-05-21 16:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Notepad++
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-30 06:21 - 2014-06-11 06:25 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 06:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 06:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 06:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:39 - 2014-06-11 06:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:38 - 2014-06-11 06:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 06:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 06:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 06:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 06:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 06:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 06:25 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 06:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 06:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 06:25 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 06:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 06:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 06:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 06:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 06:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 06:25 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 06:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 06:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 06:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 06:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 06:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 06:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 06:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 06:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 06:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 06:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 06:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 06:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 06:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 06:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 06:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 06:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 06:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 06:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 06:25 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 06:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 06:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 06:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 06:25 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 06:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 06:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 06:25 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 06:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:57 - 2014-05-27 04:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-26 16:59 - 2014-05-10 14:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\Hewlett-Packard_Company
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\44BDA848.exe
C:\Users\Michael\AppData\Local\Temp\44BF6527.exe
C:\Users\Michael\AppData\Local\Temp\application.exe
C:\Users\Michael\AppData\Local\Temp\BExtensionSilent.exe
C:\Users\Michael\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Owner\AppData\Local\Temp\59765uninstall.exe
C:\Users\Owner\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Owner\AppData\Local\Temp\CALL OF DUTY GHOST CFG V1.06 REAL.EXE
C:\Users\Owner\AppData\Local\Temp\chrome.exe
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\nsb72A7.exe
C:\Users\Owner\AppData\Local\Temp\nsw54A8.exe
C:\Users\Owner\AppData\Local\Temp\nsw5719.exe
C:\Users\Owner\AppData\Local\Temp\nsw7509.exe
C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 17:57
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Michael at 2014-06-22 12:22:03
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ThreatTrack Security VIPRE (Disabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ThreatTrack Security VIPRE (Disabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
FW: ThreatTrack Security VIPRE (Enabled) {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Cain & Abel 4.9.56 (HKLM-x32\...\Cain & Abel 4.9.56) (Version:  - )
calibre (HKLM-x32\...\{39509A2F-C63C-404E-A4DC-7E6D4FCB6D66}) (Version: 1.39.0 - Kovid Goyal)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
DarkComet Remover version 2.0 (HKLM-x32\...\DarkComet Remover_is1) (Version: 2.0 - Phrozen ® Software 2013.)
EditRocket 4.1.12 (HKLM-x32\...\EditRocket 4.1.12_is1) (Version:  - Richardson Software, LLC)
Enhance Net Extension (remove only) (HKLM-x32\...\Enhance Net Extension) (Version: 1.0 - Enhance Net Extension)
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 65.223.153 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Horizon v2.7.9.3 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.3 - Daring Development Inc.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iMacros Version 7.3.5.1415 (HKLM-x32\...\{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1) (Version: 7.3.5.1415 - iOpus)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
oPryzeLP MC360 Mod Tool (HKLM-x32\...\oPryzeLP MC360 Mod Tool) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pokemon Showdown (HKLM-x32\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
Ruby 1.9.3-p545 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.10.30.15 - Conduit) <==== ATTENTION
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.22.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Uninstall Neocodex Program Manager (HKLM-x32\...\Neocodex Program Manager_is1) (Version:  - )
VIPRE Internet Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 7.0.6.2 - ThreatTrack Security, Inc.)
VIPRE Internet Security (x32 Version: 7.0.6.2 - ThreatTrack Security, Inc.) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
08-06-2014 23:00:04 Windows Backup
10-06-2014 01:15:41 Installed calibre
10-06-2014 19:19:52 Installed Python 3.4.1 (64-bit)
12-06-2014 14:06:27 Windows Update
15-06-2014 23:00:04 Windows Backup
18-06-2014 05:31:54 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2251E4CE-643A-476A-8477-825F101ECB0A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {370E7080-0BC3-416E-BAD2-E2C26E25AAA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {480AC034-D12C-4F3B-85EC-C4C1C1A30D06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16] (Adobe Systems Incorporated)
Task: {5C4AF5FD-E527-4023-8EAA-BE5DC316A91E} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {67CF1290-7970-4F2E-BBD5-8CFE143F51EC} - System32\Tasks\TidyNetwork Update => C:\Users\Owner\AppData\Local\TidyNetwork\petnupdate.exe [2014-03-01] ()
Task: {7DA40EE2-0A6D-42B2-94CA-D7061602C851} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: {8B5FA354-6F6F-4FF9-A194-D4BCD05F249E} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {C2FEA538-FB41-4473-A300-EC8C2613689C} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {DC498ECE-4AB6-4EF2-A36C-020C1C0721F5} - System32\Tasks\MySearchDial => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED31F1F1-3A75-4BDA-93A7-BC551888DC9E} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {FBEC9D1F-7A78-488F-83D7-1B11D8196476} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FE2CC070-013D-4453-83CD-69BC6ED9874E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-11 08:55 - 2011-08-18 19:21 - 02461211 _____ () C:\Program Files (x86)\Neocodex\Manager\pre_loader.exe
2012-11-23 10:53 - 2012-11-23 10:53 - 00329592 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\apistrings.dll
2012-11-23 10:56 - 2012-11-23 10:56 - 00159608 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\modlop.dll
2012-11-23 10:54 - 2012-11-23 10:54 - 00100728 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\httpserverattplugin.dll
2012-11-23 10:46 - 2012-11-23 10:46 - 02029600 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\crmimodule.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00208760 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\patchautodownload.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-12-07 11:02 - 2012-12-07 11:02 - 00183160 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\scanmngsys.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00049528 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedcompactdb.dll
2012-11-23 10:58 - 2012-11-23 10:58 - 00054648 _____ () C:\Program Files (x86)\GFI\LanGuard 11 Agent\schedupdates.dll
2012-02-20 23:26 - 2012-02-20 23:26 - 00160768 _____ () C:\Program Files (x86)\VIPRE\unrar.dll
2014-02-23 04:16 - 2014-06-03 11:01 - 00190752 _____ () C:\Program Files (x86)\VIPRE\Definitions\libBase64.dll
2014-02-23 04:16 - 2014-06-03 11:01 - 00178464 _____ () C:\Program Files (x86)\VIPRE\Definitions\libMachoUniv.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-14 01:49 - 2014-06-05 09:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-03-11 08:55 - 2011-06-12 15:06 - 00287232 _____ () C:\Program Files (x86)\Neocodex\Manager\_hashlib.pyd
2014-03-11 08:56 - 2011-06-12 15:09 - 00038400 _____ () C:\Program Files (x86)\Neocodex\Manager\_socket.pyd
2014-03-11 08:56 - 2011-06-12 15:09 - 00720896 _____ () C:\Program Files (x86)\Neocodex\Manager\_ssl.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00981504 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._core_.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00746496 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._gdi_.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00670720 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._windows_.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00966144 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._controls_.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00674816 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._misc_.pyd
2014-03-11 08:55 - 2011-04-18 23:51 - 00073216 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._animate.pyd
2014-03-11 08:55 - 2011-04-18 23:51 - 00346112 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._html.pyd
2014-03-11 08:55 - 2011-06-12 15:06 - 00106496 _____ () C:\Program Files (x86)\Neocodex\Manager\_ctypes.pyd
2014-03-11 08:55 - 2011-04-18 23:50 - 00395776 _____ () C:\Program Files (x86)\Neocodex\Manager\wx._grid.pyd
2014-03-11 08:55 - 2011-06-12 15:06 - 00011776 _____ () C:\Program Files (x86)\Neocodex\Manager\select.pyd
2014-03-11 08:55 - 2011-05-07 05:18 - 00678557 _____ () C:\Program Files (x86)\Neocodex\Manager\pysqlite2._sqlite.pyd
2014-03-11 08:55 - 2010-05-15 11:03 - 00324096 _____ () C:\Program Files (x86)\Neocodex\Manager\PIL._imaging.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\system32\msln.exe:2c0ce1145f09ff3a4a076c16a1c431bb
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/22/2014 11:51:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 11:49:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/22/2014 11:01:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 11:00:08 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/22/2014 02:14:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 02:12:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/21/2014 10:42:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/21/2014 10:41:01 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/21/2014 03:19:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/21/2014 03:18:10 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (06/22/2014 11:49:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (06/22/2014 11:49:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PursuePoint service failed to start due to the following error: 
%%2
 
Error: (06/22/2014 11:00:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (06/22/2014 11:00:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PursuePoint service failed to start due to the following error: 
%%2
 
Error: (06/22/2014 02:12:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (06/22/2014 02:12:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PursuePoint service failed to start due to the following error: 
%%2
 
Error: (06/21/2014 10:41:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (06/21/2014 10:41:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PursuePoint service failed to start due to the following error: 
%%2
 
Error: (06/21/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (06/21/2014 03:18:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update PursuePoint service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (06/22/2014 11:51:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 11:49:57 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/22/2014 11:01:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 11:00:08 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/22/2014 02:14:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/22/2014 02:12:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/21/2014 10:42:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/21/2014 10:41:01 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (06/21/2014 03:19:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/21/2014 03:18:10 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 51%
Total physical RAM: 3892.55 MB
Available physical RAM: 1873.04 MB
Total Pagefile: 7783.28 MB
Available Pagefile: 5504.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:419.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A810B3B3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-22 12:23:39
-----------------------------
12:23:39.375    OS Version: Windows x64 6.1.7601 Service Pack 1
12:23:39.375    Number of processors: 2 586 0x2505
12:23:39.376    ComputerName: OWNER-PC  UserName: Michael
12:23:40.802    Initialize success
12:23:40.834    VM: initialized successfully
12:23:40.851    VM: Intel CPU virtualization not supported 
12:23:47.760    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:23:47.765    Disk 0 Vendor: HGST_HTS725050A7E630 GH2OA420 Size: 476940MB BusType: 11
12:23:47.956    Disk 0 MBR read successfully
12:23:47.961    Disk 0 MBR scan
12:23:47.967    Disk 0 Windows 7 default MBR code
12:23:47.974    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:23:47.981    Disk 0 default boot code
12:23:47.994    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
12:23:48.024    Disk 0 scanning C:\Windows\system32\drivers
12:23:52.715    Service scanning
12:24:04.810    Modules scanning
12:24:04.828    Disk 0 trace - called modules:
12:24:05.190    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:24:05.201    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80044a8060]
12:24:05.212    3 CLASSPNP.SYS[fffff880019af43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004324060]
12:24:05.223    Scan finished successfully
12:24:09.216    Disk 0 MBR has been saved successfully to "C:\Users\Michael\Downloads\MBR.dat"
12:24:09.222    The log file has been saved successfully to "C:\Users\Michael\Downloads\aswMBR.txt"
 
 


#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 01:36 PM

Hi, thank you for the logs, let's get started. :thumbsup:


Step 1: Program Uninstall and Fix with Farbar's Recovery Scan Tool


Program Uninstall

Please uninstall the following program from your machine as it is a known malware/adware program:

Search Protect


Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3152233182-3206728649-1788947963-1000\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtBzz0DtCtAzy0BzztAyB0AtN0D0Tzu0SyBzztCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=920948818&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtBzz0DtCtAzy0BzztAyB0AtN0D0Tzu0SyBzztCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=920948818&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtBzz0DtCtAzy0BzztAyB0AtN0D0Tzu0SyBzztCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=920948818&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtBzz0DtCtAzy0BzztAyB0AtN0D0Tzu0SyBzztCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=920948818&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
C:\Program Files (x86)\TidyNetwork
BHO-x32: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 Update PursuePoint; "C:\Program Files (x86)\PursuePoint\updatePursuePoint.exe" [X]
C:\Program Files (x86)\PursuePoint
Task: {5C4AF5FD-E527-4023-8EAA-BE5DC316A91E} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {8B5FA354-6F6F-4FF9-A194-D4BCD05F249E} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {C2FEA538-FB41-4473-A300-EC8C2613689C} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {DC498ECE-4AB6-4EF2-A36C-020C1C0721F5} - System32\Tasks\MySearchDial => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\msln.exe:2c0ce1145f09ff3a4a076c16a1c431bb
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt

AdwCleaner Log

Junkware Removal Tool Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 04:35 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Michael (administrator) on OWNER-PC on 22-06-2014 12:20:49
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Neocodex\Manager\pre_loader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3152233182-3206728649-1788947963-1000\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 196.203.173.36:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06F0B0C41675CF01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Enhance Net Extension - {DCBF2E0B-B6B5-D35E-B3A4-E49C6C7A5CE9} - C:\Program Files (x86)\Enhance Net Extension\bho32.dll (trigger.io)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} -  No File
Handler-x32: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default
FF NetworkProxy: "backup.ftp", "186.91.205.137"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.91.205.137"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.91.205.137"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.120.248.168"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.120.248.168"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.120.248.168"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "190.120.248.168"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Enhance Net Extension - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\8d5722f08367402ca7e74cf2ef319f24@jetpack [2014-06-11]
FF Extension: FoxyProxy Standard - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\foxyproxy@eric.h.jung [2014-05-26]
FF Extension: Live HTTP Headers - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-06-16]
FF Extension: cdxFlightDaily - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightDaily@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightHiLo - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightHiLo@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightRunes - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightRunes@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxIcon - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxIcon@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxQuest - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxQuest@neopetstools.us.xpi [2014-06-07]
FF Extension: cdxRat - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRat@neopetstools.us.xpi [2014-06-08]
FF Extension: cdxRubbish - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRubbish@neopetstools.us.xpi [2014-06-07]
FF Extension: Fireforce - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\fireforce@scrt.ch.xpi [2014-06-16]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
CHR Extension: (Flight Rise) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchkakjhbnpeokndfjpofgoabndfndpc [2014-06-19]
CHR Extension: (Enhance Net Extension) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadadbbagdnmnjobhfmgjnacpcophagd [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29]
 
==================== Services (Whitelisted) =================
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S2 Update PursuePoint; "C:\Program Files (x86)\PursuePoint\updatePursuePoint.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S1 nofrzxpy; \??\C:\Windows\system32\drivers\nofrzxpy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-22 12:20 - 2014-06-22 12:21 - 00015822 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\FRST
2014-06-22 12:19 - 2014-06-22 12:20 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:26 - 2014-06-21 14:27 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 01:48 - 2014-06-21 01:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:23 - 2014-06-19 01:24 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-18 23:56 - 2014-06-19 00:00 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 15:03 - 2014-06-18 15:03 - 01767759 _____ () C:\Users\Michael\Downloads\DarkCometRemover2.zip
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 15:33 - 2014-06-17 15:33 - 01343342 _____ () C:\Users\Michael\Downloads\GIRL 4 - TREHWU.rar
2014-06-17 15:32 - 2014-06-17 15:32 - 07877804 _____ () C:\Users\Michael\Downloads\GIRL 2 - TREHWU.rar
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:55 - 2014-06-16 21:01 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-20 01:57 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-11 15:08 - 2014-06-14 21:58 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-11 06:26 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 06:26 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:26 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:26 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 06:26 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:26 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 06:26 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:26 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:26 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:26 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:26 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:26 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:26 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 06:26 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 06:26 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:26 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:26 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:26 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 06:26 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:26 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:26 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:26 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:26 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:26 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:26 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:26 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 06:25 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 06:25 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 06:25 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:25 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 06:25 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:25 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:25 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:25 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 06:25 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 06:25 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 06:25 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:25 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:25 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:25 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:25 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 06:25 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:25 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:25 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 02:47 - 2014-06-11 02:48 - 00135276 _____ () C:\Users\Michael\AppData\Roaming\Uninstall.exe
2014-06-11 02:47 - 2014-06-11 02:48 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 02:47 - 2014-06-11 02:47 - 00000000 ____D () C:\Program Files (x86)\Enhance Net Extension
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:20 - 2014-06-10 15:21 - 00000000 ____D () C:\Python34
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-10 17:01 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-09 21:16 - 2014-06-10 14:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 02:27 - 2014-06-12 19:06 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:19 - 2014-06-09 00:03 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-02 23:12 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-29 21:14 - 2014-06-11 15:27 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:53 - 2014-06-10 18:13 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-05-29 10:32 - 2014-06-20 17:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-06-19 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-27 04:54 - 2014-05-29 20:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-26 22:51 - 2014-06-19 23:29 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-06-22 12:21 - 2014-06-22 12:20 - 00015822 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 12:20 - 2014-06-22 12:20 - 00000000 ____D () C:\FRST
2014-06-22 12:20 - 2014-06-22 12:19 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 12:10 - 2014-02-06 11:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 11:57 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:57 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 11:53 - 2014-02-05 17:53 - 01886972 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-22 11:50 - 2014-02-06 13:48 - 00070906 _____ () C:\Windows\setupact.log
2014-06-22 11:50 - 2014-02-06 12:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 11:49 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 11:22 - 2014-02-20 00:22 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-22 02:48 - 2014-04-26 16:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Pokemon Showdown
2014-06-22 02:46 - 2014-02-06 12:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 16:23 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 15:26 - 2014-02-23 04:24 - 00000000 ____D () C:\Windows\Patches
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:27 - 2014-06-21 14:26 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-21 01:54 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-20 17:30 - 2014-05-29 10:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-06-20 01:57 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-19 23:29 - 2014-05-26 22:51 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 19:04 - 2014-02-06 12:30 - 00064024 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 03:16 - 2014-02-27 00:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-19 03:16 - 2014-02-22 02:36 - 00688840 _____ () C:\Windows\PFRO.log
2014-06-19 03:16 - 2009-07-14 00:45 - 00294568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 02:00 - 2014-03-29 00:02 - 00064024 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:35 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-06-19 01:24 - 2014-06-19 01:23 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-19 00:00 - 2014-06-18 23:56 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 23:56 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael
2014-06-18 15:03 - 2014-06-18 15:03 - 01767759 _____ () C:\Users\Michael\Downloads\DarkCometRemover2.zip
2014-06-18 01:33 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 15:33 - 2014-06-17 15:33 - 01343342 _____ () C:\Users\Michael\Downloads\GIRL 4 - TREHWU.rar
2014-06-17 15:32 - 2014-06-17 15:32 - 07877804 _____ () C:\Users\Michael\Downloads\GIRL 2 - TREHWU.rar
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 21:01 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:56 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-16 12:53 - 2014-02-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 00:51 - 2014-02-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-16 00:50 - 2014-04-16 20:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 00:49 - 2014-05-17 21:39 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-05-12 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 00:49 - 2014-02-06 12:18 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-02-06 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 00:49 - 2014-02-06 11:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 00:49 - 2014-02-06 11:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-15 20:55 - 2014-02-05 17:53 - 00000000 ____D () C:\Users\Owner
2014-06-14 21:58 - 2014-06-11 15:08 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-12 19:06 - 2014-06-08 02:27 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-12 14:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 10:12 - 2014-03-02 04:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-06-12 10:12 - 2014-02-05 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 10:10 - 2014-02-05 18:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 10:07 - 2014-05-07 04:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 15:27 - 2014-05-29 21:14 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-06-11 15:27 - 2014-04-20 03:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-06-11 02:48 - 2014-06-11 02:47 - 00135276 _____ () C:\Users\Michael\AppData\Roaming\Uninstall.exe
2014-06-11 02:48 - 2014-06-11 02:47 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 02:47 - 2014-06-11 02:47 - 00000000 ____D () C:\Program Files (x86)\Enhance Net Extension
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 18:13 - 2014-05-29 20:53 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-06-10 17:01 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:21 - 2014-06-10 15:20 - 00000000 ____D () C:\Python34
2014-06-10 14:05 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-09 00:03 - 2014-06-02 23:19 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-08 23:33 - 2014-03-29 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VIPRE
2014-06-08 17:31 - 2009-07-14 01:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 05:13 - 2014-06-11 06:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 06:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 21:20 - 2014-03-29 00:24 - 00001279 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-06-05 21:20 - 2014-02-25 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:18 - 2014-06-02 23:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-02-20 01:54 - 00000000 ____D () C:\Program Files (x86)\oPryzeLP
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-31 19:13 - 2014-05-21 16:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Notepad++
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-30 06:21 - 2014-06-11 06:25 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 06:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 06:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 06:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:39 - 2014-06-11 06:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:38 - 2014-06-11 06:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 06:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 06:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 06:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 06:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 06:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 06:25 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 06:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 06:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 06:25 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 06:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 06:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 06:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 06:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 06:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 06:25 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 06:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 06:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 06:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 06:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 06:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 06:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 06:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 06:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 06:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 06:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 06:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 06:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 06:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 06:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 06:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 06:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 06:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 06:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 06:25 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 06:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 06:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 06:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 06:25 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 06:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 06:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 06:25 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 06:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:57 - 2014-05-27 04:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-26 16:59 - 2014-05-10 14:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\Hewlett-Packard_Company
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\44BDA848.exe
C:\Users\Michael\AppData\Local\Temp\44BF6527.exe
C:\Users\Michael\AppData\Local\Temp\application.exe
C:\Users\Michael\AppData\Local\Temp\BExtensionSilent.exe
C:\Users\Michael\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Owner\AppData\Local\Temp\59765uninstall.exe
C:\Users\Owner\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Owner\AppData\Local\Temp\CALL OF DUTY GHOST CFG V1.06 REAL.EXE
C:\Users\Owner\AppData\Local\Temp\chrome.exe
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\nsb72A7.exe
C:\Users\Owner\AppData\Local\Temp\nsw54A8.exe
C:\Users\Owner\AppData\Local\Temp\nsw5719.exe
C:\Users\Owner\AppData\Local\Temp\nsw7509.exe
C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 17:57
 
==================== End Of Log ============================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by Michael at 2014-06-22 17:22:01 Run:1
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-3152233182-3206728649-1788947963-1000\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
C:\Program Files (x86)\TidyNetwork
BHO-x32: TidyNetwork - {7588D236-428E-3061-E937-30CB1D477907} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
S2 Update PursuePoint; "C:\Program Files (x86)\PursuePoint\updatePursuePoint.exe" [X]
C:\Program Files (x86)\PursuePoint
Task: {5C4AF5FD-E527-4023-8EAA-BE5DC316A91E} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {8B5FA354-6F6F-4FF9-A194-D4BCD05F249E} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {C2FEA538-FB41-4473-A300-EC8C2613689C} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
Task: {DC498ECE-4AB6-4EF2-A36C-020C1C0721F5} - System32\Tasks\MySearchDial => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\msln.exe:2c0ce1145f09ff3a4a076c16a1c431bb
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
HKU\S-1-5-21-3152233182-3206728649-1788947963-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe' => Key deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe' => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7588D236-428E-3061-E937-30CB1D477907}' => Key deleted successfully.
'HKCR\CLSID\{7588D236-428E-3061-E937-30CB1D477907}' => Key deleted successfully.
C:\Program Files (x86)\TidyNetwork => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7588D236-428E-3061-E937-30CB1D477907}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{7588D236-428E-3061-E937-30CB1D477907}' => Key deleted successfully.
'HKCR\PROTOCOLS\Handler\vipresg' => Key deleted successfully.
'HKCR\CLSID\{47BE2E5B-703B-444F-ABD3-05717D2191C6}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/octet-stream' => Key deleted successfully.
'HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}' => Key Deleted successfully.
'HKCR\PROTOCOLS\Filter\application/x-complus' => Key deleted successfully.
'HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}'=> Key not found.
'HKCR\PROTOCOLS\Filter\application/x-msdownload' => Key deleted successfully.
'HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}'=> Key not found.
'HKCR\Wow6432Node\PROTOCOLS\Filter\application/octet-stream'=> Key not found.
'HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}' => Key Deleted successfully.
'HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-complus'=> Key not found.
'HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}'=> Key not found.
'HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-msdownload'=> Key not found.
'HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}'=> Key not found.
Update PursuePoint => Service deleted successfully.
"C:\Program Files (x86)\PursuePoint" => File/Directory not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C4AF5FD-E527-4023-8EAA-BE5DC316A91E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C4AF5FD-E527-4023-8EAA-BE5DC316A91E}' => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Informer => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B5FA354-6F6F-4FF9-A194-D4BCD05F249E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B5FA354-6F6F-4FF9-A194-D4BCD05F249E}' => Key deleted successfully.
C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2FEA538-FB41-4473-A300-EC8C2613689C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2FEA538-FB41-4473-A300-EC8C2613689C}' => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC498ECE-4AB6-4EF2-A36C-020C1C0721F5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC498ECE-4AB6-4EF2-A36C-020C1C0721F5}' => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\system32\msln.exe => ":2c0ce1145f09ff3a4a076c16a1c431bb" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
 
==== End of Fixlog ====
The  Junkware Removal Tool crashes after creating a registry back up so i couldn't continue 
 


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 04:40 PM

Ok, go ahead and run AdwCleaner and after that, run the fresh Farbar scan. Please post both of those logs at your convenience. :)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 04:43 PM

K doing that now btw my names michael thanks for helping me so far :D



#8 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 04:47 PM

# AdwCleaner v3.212 - Report created 22/06/2014 at 17:43:12
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Michael - OWNER-PC
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\prefs.js ]
 
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y8kg4jnd.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10279 octets] - [22/06/2014 17:23:42]
AdwCleaner[R1].txt - [1217 octets] - [22/06/2014 17:42:20]
AdwCleaner[S0].txt - [10240 octets] - [22/06/2014 17:25:08]
AdwCleaner[S1].txt - [1138 octets] - [22/06/2014 17:43:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1198 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Michael (administrator) on OWNER-PC on 22-06-2014 17:45:40
Running from C:\Users\Michael\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBPIMSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\VIPRE\SBAMTray.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-20] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\VIPRE\SBRC.exe [202128 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-21] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 196.203.173.36:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x06F0B0C41675CF01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: VIPRE Search Guard Helper - {963C8283-AE7F-4AA6-9B3B-847A8FC62C5E} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - VIPRE Search Guard Toolbar - {A924C17A-5E94-4E02-BED5-49720BA6F7FA} - C:\Program Files (x86)\VIPRE\VSGN.dll ()
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default
FF NetworkProxy: "backup.ftp", "186.91.205.137"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.91.205.137"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.91.205.137"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.120.248.168"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.120.248.168"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.120.248.168"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "190.120.248.168"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Enhance Net Extension - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\8d5722f08367402ca7e74cf2ef319f24@jetpack [2014-06-11]
FF Extension: FoxyProxy Standard - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\foxyproxy@eric.h.jung [2014-05-26]
FF Extension: Live HTTP Headers - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-06-16]
FF Extension: cdxFlightDaily - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightDaily@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightHiLo - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightHiLo@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxFlightRunes - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxFlightRunes@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxIcon - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxIcon@neopetstools.us.xpi [2014-06-03]
FF Extension: cdxQuest - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxQuest@neopetstools.us.xpi [2014-06-07]
FF Extension: cdxRat - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRat@neopetstools.us.xpi [2014-06-08]
FF Extension: cdxRubbish - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\cdxRubbish@neopetstools.us.xpi [2014-06-07]
FF Extension: Fireforce - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\erpkkec3.default\Extensions\fireforce@scrt.ch.xpi [2014-06-16]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-19]
CHR Extension: (Flight Rise) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchkakjhbnpeokndfjpofgoabndfndpc [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-29]
 
==================== Services (Whitelisted) =================
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.)
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-21] (BlueStack Systems)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.)
S1 nofrzxpy; \??\C:\Windows\system32\drivers\nofrzxpy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-22 17:29 - 2014-06-22 17:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 17:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-22 17:22 - 2014-06-22 17:43 - 00000000 ____D () C:\AdwCleaner
2014-06-22 17:22 - 2014-06-22 17:22 - 01333465 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-06-22 12:24 - 2014-06-22 12:24 - 00001695 _____ () C:\Users\Michael\Downloads\aswMBR.txt
2014-06-22 12:24 - 2014-06-22 12:24 - 00000512 _____ () C:\Users\Michael\Downloads\MBR.dat
2014-06-22 12:23 - 2014-06-22 12:23 - 05185536 _____ (AVAST Software) C:\Users\Michael\Downloads\aswmbr.exe
2014-06-22 12:22 - 2014-06-22 12:22 - 00025570 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-06-22 12:20 - 2014-06-22 17:46 - 00011680 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 12:20 - 2014-06-22 17:45 - 00000000 ____D () C:\FRST
2014-06-22 12:19 - 2014-06-22 12:20 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:26 - 2014-06-21 14:27 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 01:48 - 2014-06-21 01:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:23 - 2014-06-19 01:24 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-18 23:56 - 2014-06-19 00:00 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:55 - 2014-06-16 21:01 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:56 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-20 01:57 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-11 15:08 - 2014-06-14 21:58 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-11 06:26 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 06:26 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 06:26 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 06:26 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 06:26 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 06:26 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 06:26 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 06:26 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 06:26 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 06:26 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 06:26 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 06:26 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 06:26 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 06:26 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 06:26 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 06:26 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 06:26 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 06:26 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 06:26 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 06:26 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 06:26 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 06:26 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 06:26 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 06:26 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 06:26 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 06:26 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 06:26 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 06:26 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 06:26 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 06:26 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 06:26 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 06:26 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 06:26 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 06:26 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 06:26 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 06:25 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 06:25 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 06:25 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 06:25 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 06:25 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 06:25 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 06:25 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 06:25 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 06:25 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 06:25 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 06:25 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 06:25 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 06:25 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 06:25 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 06:25 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 06:25 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 06:25 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 06:25 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 06:25 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 02:47 - 2014-06-11 02:48 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:20 - 2014-06-10 15:21 - 00000000 ____D () C:\Python34
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-10 17:01 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-09 21:16 - 2014-06-10 14:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 02:27 - 2014-06-12 19:06 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:19 - 2014-06-09 00:03 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-02 23:12 - 2014-06-02 23:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-29 21:14 - 2014-06-11 15:27 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:53 - 2014-06-10 18:13 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-05-29 10:32 - 2014-06-22 13:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-06-19 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-27 04:54 - 2014-05-29 20:57 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-26 22:51 - 2014-06-19 23:29 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-06-21 16:23 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
==================== One Month Modified Files and Folders =======
 
2014-06-22 17:46 - 2014-06-22 12:20 - 00011680 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-06-22 17:46 - 2014-02-06 12:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-22 17:45 - 2014-06-22 12:20 - 00000000 ____D () C:\FRST
2014-06-22 17:44 - 2014-02-22 02:36 - 00689468 _____ () C:\Windows\PFRO.log
2014-06-22 17:44 - 2014-02-06 13:48 - 00071354 _____ () C:\Windows\setupact.log
2014-06-22 17:44 - 2014-02-06 12:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-22 17:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 17:43 - 2014-06-22 17:22 - 00000000 ____D () C:\AdwCleaner
2014-06-22 17:43 - 2014-02-05 17:53 - 01905058 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 17:33 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 17:33 - 2009-07-14 00:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 17:29 - 2014-06-22 17:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-22 17:25 - 2014-02-05 17:53 - 00000000 ____D () C:\Users\Owner
2014-06-22 17:22 - 2014-06-22 17:22 - 01333465 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-06-22 17:10 - 2014-02-06 11:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 13:50 - 2014-05-29 10:32 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ec249d2d-e85b-4179-b373-a2f22546f686
2014-06-22 12:24 - 2014-06-22 12:24 - 00001695 _____ () C:\Users\Michael\Downloads\aswMBR.txt
2014-06-22 12:24 - 2014-06-22 12:24 - 00000512 _____ () C:\Users\Michael\Downloads\MBR.dat
2014-06-22 12:23 - 2014-06-22 12:23 - 05185536 _____ (AVAST Software) C:\Users\Michael\Downloads\aswmbr.exe
2014-06-22 12:22 - 2014-06-22 12:22 - 00025570 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-06-22 12:20 - 2014-06-22 12:19 - 02083328 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-06-22 12:19 - 2014-06-22 12:19 - 01070592 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-06-22 11:52 - 2014-06-22 11:52 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (2).txt
2014-06-22 02:48 - 2014-04-26 16:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Pokemon Showdown
2014-06-21 16:23 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-06-21 15:55 - 2014-06-21 15:55 - 00019349 _____ () C:\Users\Michael\Downloads\DDS.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00019349 _____ () C:\Users\Michael\Desktop\dds.txt
2014-06-21 15:54 - 2014-06-21 15:54 - 00003126 _____ () C:\Users\Michael\Desktop\attach.txt
2014-06-21 15:53 - 2014-06-21 15:53 - 00688992 ____R (Swearware) C:\Users\Michael\Downloads\dds.com
2014-06-21 15:26 - 2014-02-23 04:24 - 00000000 ____D () C:\Windows\Patches
2014-06-21 14:45 - 2014-06-21 14:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-21 14:27 - 2014-06-21 14:26 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull (1).txt
2014-06-21 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-21 01:54 - 2014-06-21 01:48 - 00000000 ____D () C:\Users\Michael\AppData\Local\Microsoft Games
2014-06-20 01:57 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\Cain
2014-06-19 23:29 - 2014-05-26 22:51 - 00000871 _____ () C:\Users\Michael\Documents\proxies.txt
2014-06-19 23:06 - 2014-06-19 23:06 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player
2014-06-19 23:06 - 2014-06-19 23:06 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer
2014-06-19 21:32 - 2014-06-19 21:32 - 00337956 _____ () C:\Users\Michael\Downloads\flightrise.crx
2014-06-19 19:04 - 2014-02-06 12:30 - 00064024 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 03:16 - 2014-02-27 00:36 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-06-19 03:16 - 2009-07-14 00:45 - 00294568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 03:09 - 2014-06-19 03:09 - 00060975 _____ () C:\Users\Michael\Downloads\masterListFull.txt
2014-06-19 02:41 - 2014-06-19 02:41 - 04011405 _____ () C:\Users\Michael\Downloads\151pokemonrenders.rar
2014-06-19 02:18 - 2014-06-19 02:18 - 08097496 _____ () C:\Users\Michael\Downloads\SuperHAC.rar
2014-06-19 02:00 - 2014-03-29 00:02 - 00064024 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 01:43 - 2014-06-19 01:43 - 00000000 ____D () C:\Users\Michael\Desktop\Tor Browser
2014-06-19 01:39 - 2014-06-19 01:39 - 01742864 _____ () C:\Users\Michael\Downloads\wrar510.exe
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:39 - 2014-06-19 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 01:35 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-06-19 01:24 - 2014-06-19 01:23 - 27167987 _____ () C:\Users\Michael\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-19 00:00 - 2014-06-18 23:56 - 00000000 ____D () C:\Users\Michael\DeviousPKCache
2014-06-18 23:56 - 2014-06-18 23:56 - 00027622 _____ () C:\Users\Michael\Downloads\DeviousPK.jar
2014-06-18 23:56 - 2014-06-18 23:56 - 00000001 _____ () C:\Users\Michael\rlvote.txt
2014-06-18 23:56 - 2014-06-18 23:56 - 00000000 _____ () C:\Users\Michael\songList.txt
2014-06-18 23:56 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael
2014-06-18 01:33 - 2014-03-29 00:01 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-06-18 00:56 - 2014-06-18 00:56 - 20093901 _____ () C:\Users\Michael\Downloads\Unknown(Starburst_Hackforums.net).rar
2014-06-17 23:47 - 2014-06-17 23:47 - 00000009 _____ () C:\Users\Michael\Downloads\nub.txt
2014-06-17 22:18 - 2014-06-17 22:18 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\Vitalwerks
2014-06-17 21:24 - 2014-06-17 21:24 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-06-17 21:05 - 2014-06-17 21:05 - 00001067 _____ () C:\Users\Public\Desktop\DarkComet Remover.lnk
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PhrozenSoft
2014-06-17 21:05 - 2014-06-17 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet Remover
2014-06-17 15:51 - 2014-06-17 15:51 - 00026112 _____ () C:\Users\Michael\Downloads\Chr0m3 x MoDz Text Spammer.exe
2014-06-17 10:43 - 2014-06-17 10:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\den
2014-06-16 21:01 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-06-16 20:56 - 2014-06-16 20:56 - 00001818 _____ () C:\Users\Public\Desktop\Apps.lnk
2014-06-16 20:56 - 2014-06-16 20:56 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-06-16 20:56 - 2014-06-16 20:55 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-06-16 20:56 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-16 20:55 - 2014-06-16 20:55 - 00000000 ____D () C:\Users\Michael\AppData\Local\Bluestacks
2014-06-16 12:53 - 2014-02-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-16 00:51 - 2014-02-06 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-16 00:50 - 2014-04-16 20:22 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-16 00:49 - 2014-05-17 21:39 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-05-12 20:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-16 00:49 - 2014-02-06 12:18 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-16 00:49 - 2014-02-06 11:16 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-16 00:49 - 2014-02-06 11:16 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-16 00:49 - 2014-02-06 11:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 21:58 - 2014-06-11 15:08 - 00000352 _____ () C:\Users\Michael\Documents\proxies2.txt
2014-06-14 21:26 - 2014-06-14 21:26 - 00002292 _____ () C:\Users\Michael\Downloads\AvatarGrabber02.zip
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Owner\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00001783 _____ () C:\Users\Michael\Desktop\Cain.lnk
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
2014-06-12 23:22 - 2014-06-12 23:22 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-12 19:06 - 2014-06-08 02:27 - 08814592 _____ () C:\Users\Michael\Documents\DRAKS0005
2014-06-12 14:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 10:12 - 2014-03-02 04:47 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-06-12 10:12 - 2014-02-05 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 10:10 - 2014-02-05 18:31 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 10:07 - 2014-05-07 04:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 15:27 - 2014-05-29 21:14 - 00000262 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2014-06-11 15:27 - 2014-04-20 03:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-06-11 02:48 - 2014-06-11 02:47 - 00000012 _____ () C:\Users\Michael\AppData\Roaming\id.txt
2014-06-11 00:20 - 2014-06-11 00:20 - 00000434 _____ () C:\Users\Michael\Documents\Links.csv
2014-06-11 00:20 - 2014-06-11 00:20 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\OpenOffice
2014-06-10 23:27 - 2014-06-10 23:27 - 00003172 _____ () C:\Windows\System32\Tasks\{93420D62-9063-49E7-A135-FC7A8E6017A5}
2014-06-10 18:13 - 2014-05-29 20:53 - 00000000 _____ () C:\Users\Michael\Documents\Accounts 05-29-2014.txt
2014-06-10 17:01 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\Documents\Calibre Library
2014-06-10 15:21 - 2014-06-10 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-06-10 15:21 - 2014-06-10 15:20 - 00000000 ____D () C:\Python34
2014-06-10 14:05 - 2014-06-09 21:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\calibre
2014-06-10 13:59 - 2014-06-10 13:59 - 11373755 _____ () C:\Users\Michael\Downloads\Beginning Python From Novice to Professional, Second Edition.zip
2014-06-09 21:17 - 2014-06-09 21:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\calibre-cache
2014-06-09 21:16 - 2014-06-09 21:16 - 00000960 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-09 21:16 - 2014-06-09 21:16 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-06-09 00:03 - 2014-06-02 23:19 - 02777202 _____ () C:\Users\Michael\Documents\savegame.dat
2014-06-08 23:33 - 2014-03-29 00:02 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VIPRE
2014-06-08 17:31 - 2009-07-14 01:08 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-08 12:07 - 2014-06-08 12:07 - 00002515 _____ () C:\Users\Michael\Documents\_MinecraftSaveInfo
2014-06-08 05:13 - 2014-06-11 06:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 06:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 15:12 - 2014-06-07 15:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Mael
2014-06-07 14:49 - 2014-06-07 14:49 - 00000885 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2014-06-07 14:49 - 2014-06-07 14:49 - 00000000 ____D () C:\Program Files (x86)\HxD
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-05 21:20 - 2014-03-29 00:24 - 00001279 _____ () C:\Users\Public\Desktop\Horizon.lnk
2014-06-05 21:20 - 2014-02-25 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Horizon
2014-06-05 12:21 - 2014-06-05 12:21 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-05 12:21 - 2014-06-05 12:21 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-05 12:21 - 2014-06-05 12:21 - 00000000 ____D () C:\Program Files\Java
2014-06-05 12:20 - 2014-06-05 12:20 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-05 12:20 - 2014-06-05 12:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-05 12:20 - 2014-06-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 23:18 - 2014-06-02 23:12 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Easy2Convert
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Owner\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00001909 _____ () C:\Users\Michael\Desktop\oPryzeLP Mod Tool.lnk
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-06-02 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-02 23:05 - 2014-02-20 01:54 - 00000000 ____D () C:\Program Files (x86)\oPryzeLP
2014-06-01 23:02 - 2014-06-01 23:02 - 00000334 _____ () C:\Windows\SysWOW64\CountScans.XML
2014-05-31 19:13 - 2014-05-21 16:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Notepad++
2014-05-30 22:16 - 2014-05-30 22:16 - 00000355 _____ () C:\Users\Michael\Documents\Homegroup - Shortcut.lnk
2014-05-30 06:21 - 2014-06-11 06:25 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 06:26 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 06:26 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 06:26 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:39 - 2014-06-11 06:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:38 - 2014-06-11 06:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 06:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 06:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 06:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 06:26 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 06:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 06:25 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 06:26 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 06:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 06:25 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 06:26 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 06:26 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 06:26 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 06:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 06:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 06:26 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 06:25 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 06:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 06:26 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 06:26 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 06:26 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 06:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 06:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 06:26 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 06:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 06:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 06:26 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 06:25 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 06:26 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 06:26 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 06:26 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 06:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 06:26 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 06:26 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 06:26 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 06:25 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 06:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 06:26 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 06:26 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 06:25 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 06:26 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 06:26 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 06:25 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 06:26 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 06:25 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 21:12 - 2014-05-29 21:12 - 00002029 _____ () C:\Users\Michael\Desktop\iMacros 7.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001329 _____ () C:\Users\Michael\Desktop\iMacros Scripting Interface Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00001207 _____ () C:\Users\Michael\Desktop\iMacros Batch Sample.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000913 _____ () C:\Users\Michael\Desktop\Examples.lnk
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Users\Michael\Documents\iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iOpus iMacros
2014-05-29 21:12 - 2014-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\iOpus
2014-05-29 21:03 - 2014-05-29 21:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\UBot Studio
2014-05-29 20:57 - 2014-05-27 04:54 - 00000000 ____D () C:\Users\Michael\AppData\Local\Email_Account_Creator_Ext
2014-05-27 17:37 - 2014-05-27 17:37 - 01566466 _____ () C:\Users\Michael\Downloads\GPTool.rar
2014-05-27 06:08 - 2014-05-27 06:08 - 00002136 _____ () C:\Users\Michael\Desktop\Aspire YouTube Bot 1.1.lnk
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspire YouTube Bot 1.1
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-05-27 06:08 - 2014-05-27 06:08 - 00000000 ____D () C:\Program Files (x86)\Aspire YouTube Bot 1.1
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Windows\Gmail Creator
2014-05-26 21:58 - 2014-05-26 21:58 - 00000000 ____D () C:\Users\Michael\AppData\Local\SkinSoft
2014-05-26 21:56 - 2014-05-26 21:56 - 00000000 ____D () C:\Users\Michael\Documents\HtmlEmailCS
2014-05-26 19:47 - 2014-05-26 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Macromedia
2014-05-26 17:00 - 2014-05-26 17:00 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Skype
2014-05-26 17:00 - 2014-05-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-26 16:59 - 2014-05-10 14:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\Hewlett-Packard_Company
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\44BDA848.exe
C:\Users\Michael\AppData\Local\Temp\44BF6527.exe
C:\Users\Michael\AppData\Local\Temp\application.exe
C:\Users\Michael\AppData\Local\Temp\BExtensionSilent.exe
C:\Users\Michael\AppData\Local\Temp\InstallMonetizer.exe
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Owner\AppData\Local\Temp\59765uninstall.exe
C:\Users\Owner\AppData\Local\Temp\6_Offer_12.exe
C:\Users\Owner\AppData\Local\Temp\CALL OF DUTY GHOST CFG V1.06 REAL.EXE
C:\Users\Owner\AppData\Local\Temp\chrome.exe
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\nsb72A7.exe
C:\Users\Owner\AppData\Local\Temp\nsw54A8.exe
C:\Users\Owner\AppData\Local\Temp\nsw5719.exe
C:\Users\Owner\AppData\Local\Temp\nsw7509.exe
C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-18 17:57
 
==================== End Of Log ============================


#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 06:51 PM

K doing that now btw my names michael thanks for helping me so far :D


Hello Michael, you're quite welcome. :thumbsup: :)

Things are looking good, we're going to remove some items showing in the lastest FRST scan and then clear out your temp files.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
FF NetworkProxy: "backup.ftp", "186.91.205.137"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.91.205.137"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.91.205.137"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.120.248.168"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.120.248.168"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.120.248.168"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "190.120.248.168"
FF NetworkProxy: "ssl_port", 8080
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Clear out Temporary Files


Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Things I need to see in your next post:


Fixlog.txt Log

Question: How is the machine running?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 07:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Michael at 2014-06-22 19:58:56 Run:2
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
FF NetworkProxy: "backup.ftp", "186.91.205.137"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "186.91.205.137"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "186.91.205.137"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "190.120.248.168"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "190.120.248.168"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "190.120.248.168"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "190.120.248.168"
FF NetworkProxy: "ssl_port", 8080
End
*****************
 
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
 
==== End of Fixlog ====
The computers running great :D


#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 07:13 PM

The computers running great :D


Good to hear, let's run a scan for remnants and check for any out of date programs. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 07:16 PM

It wont let me download it it says error 5 access is denied 



#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 07:19 PM

You can't download Malwarebytes? Have you rebooted the machine since the last FRST fix and clearing out the temp files?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 shadow gun

shadow gun
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 22 June 2014 - 07:19 PM

yes should i re do the steps?



#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 AM

Posted 22 June 2014 - 07:20 PM

No, proceed with the ESET Online scanner.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users