Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if im infected or not...


  • This topic is locked This topic is locked
12 replies to this topic

#1 falsepositive_

falsepositive_

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 12:47 AM

Basically I ran RougueKiller to see if anything would turn up, im having trouble decyphering the results.

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : xxxx [Admin rights]
Mode : Remove -- Date : 07/20/2014  22:22:15

¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.16.0.1  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F235AA33-5C4C-4971-B8A8-91CD496F113E} | DhcpNameServer : 172.16.0.1  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F235AA33-5C4C-4971-B8A8-91CD496F113E} | DhcpNameServer : 172.16.0.1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3284888835-1065193200-944460603-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
[EAT:Addr] (explorer.exe) MPR.dll - DllCanUnloadNow : C:\Windows\System32\qmgrprxy.dll @ 0x7ff9df658160
[EAT:Addr] (explorer.exe) MPR.dll - DllGetClassObject : C:\Windows\System32\qmgrprxy.dll @ 0x7ff9df658118
[EAT:Addr] (explorer.exe) MPR.dll - DllRegisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff9df6581b0
[EAT:Addr] (explorer.exe) MPR.dll - DllUnregisterServer : C:\Windows\System32\qmgrprxy.dll @ 0x7ff9df6581e4

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] a975837bb833624aef94847e8ac28af5
[BSP] c291ab2aad28250ecbbc399fbf4273d6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07202014_203306.log - RKreport_DEL_07202014_204117.log - RKreport_SCN_07202014_203250.log - RKreport_SCN_07202014_203321.log
RKreport_SCN_07202014_204107.log - RKreport_SCN_07202014_205504.log - RKreport_SCN_07202014_212133.log - RKreport_SCN_07202014_222203.log


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 21 July 2014 - 09:18 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 11:16 AM

FRST.txt...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by xxxx (administrator) on xxxx-PC on 21-07-2014 09:13:34
Running from C:\Users\xxxx\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\Toontown Rewritten\Launcher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE8E9A508506ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default
FF NewTab: about:blank
FF Homepage: file:///C:/Users/Noah/Documents/Dreamweaver/Home/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Noah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: XKit - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\Extensions\xkit@studioxenix.com.xpi [2014-07-19]
FF Extension: Adblock Plus - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]
FF Extension: Greasemonkey - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-16]

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-19] (Intel Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 09:13 - 2014-07-21 09:13 - 00015417 _____ () C:\Users\Noah\Downloads\FRST.txt
2014-07-21 09:12 - 2014-07-21 09:13 - 00000000 ____D () C:\FRST
2014-07-21 09:11 - 2014-07-21 09:11 - 02089984 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe
2014-07-20 20:40 - 2014-07-20 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 20:27 - 2014-07-20 22:14 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 20:27 - 2014-07-20 20:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 20:26 - 2014-07-20 20:26 - 05336664 _____ () C:\Users\Noah\Downloads\RogueKillerX64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Noah\Downloads\rkill64.exe
2014-07-20 20:16 - 2014-07-21 08:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 20:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 20:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 16:26 - 2014-07-20 16:34 - 00000000 ____D () C:\Users\Noah\Downloads\EFT2.23.1
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Local\Wikimedia
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Program Files (x86)\Huggle
2014-07-19 20:56 - 2014-07-19 21:13 - 00000000 ____D () C:\Users\Noah\Documents\Photoshop
2014-07-19 20:52 - 2014-07-19 20:52 - 00000000 ____D () C:\Users\Noah\Downloads\triangulator
2014-07-12 10:00 - 2014-07-12 10:00 - 00000000 ____D () C:\Users\Noah\Documents\Adobe
2014-07-11 14:32 - 2014-07-11 14:32 - 00007030 _____ () C:\Users\Noah\comcast.txt
2014-07-10 16:18 - 2014-07-10 17:00 - 00046248 _____ () C:\Windows\PFRO.log
2014-07-09 20:52 - 2014-07-09 20:57 - 00001926 _____ () C:\Users\Noah\Tracert2.txt
2014-07-09 20:46 - 2014-07-09 20:50 - 00002031 _____ () C:\Users\Noah\Trace.txt
2014-07-09 20:37 - 2014-07-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-09 17:11 - 2014-07-09 17:29 - 00000405 _____ () C:\Users\Noah\.wct
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.wct-cache
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.swt
2014-07-09 15:23 - 2014-07-09 15:38 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-09 13:59 - 2014-07-09 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-07-09 11:06 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 10:46 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:46 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:46 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:46 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:46 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 10:46 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 10:46 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 10:46 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 10:46 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 10:46 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 10:45 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:45 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:45 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:45 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:45 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:45 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:45 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:45 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:45 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:45 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:45 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:45 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:45 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:45 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:45 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:45 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:45 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:45 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:45 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:45 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:45 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:45 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:45 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:45 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:45 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:45 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:45 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:45 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 10:45 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:45 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 10:45 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 10:45 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 10:45 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 10:45 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:45 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 10:45 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 10:45 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:45 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 10:45 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 10:45 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 10:45 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 10:45 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 10:45 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 10:45 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 10:42 - 2014-07-09 10:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 22:13 - 2014-07-08 22:18 - 00000000 ____D () C:\Users\Noah\greenfoot
2014-07-08 22:13 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\Downloads\noahk
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\Downloads\CINEBENCH_R15
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\MAXON
2014-07-08 20:13 - 2014-07-21 08:44 - 00613403 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 18:56 - 2014-07-08 18:56 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-08 18:40 - 2014-07-08 18:41 - 00000000 ____D () C:\Users\Noah\.gradle
2014-07-08 15:59 - 2014-07-21 02:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\Adobe
2014-07-06 21:07 - 2014-07-06 21:09 - 00000000 ____D () C:\Users\Noah\AppData\Local\Sublime Text 3
2014-07-06 21:07 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Sublime Text 3
2014-07-06 19:23 - 2014-07-06 19:24 - 00000000 ____D () C:\eclipse_Workspace
2014-07-06 10:46 - 2014-07-20 22:08 - 00000000 ____D () C:\Users\Noah\Documents\reg_backups
2014-07-06 10:42 - 2014-07-06 10:42 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 20:40 - 2014-07-05 20:40 - 00001199 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse.lnk
2014-07-05 20:38 - 2014-07-09 11:48 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-07-05 20:28 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\java
2014-07-05 20:25 - 2014-07-05 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\Program Files\Java
2014-06-28 23:03 - 2014-06-28 23:06 - 00002799 ____T () C:\Windows\system32\lic2tmp.xml13221
2014-06-28 15:14 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Noah\Downloads\peacenow_basic
2014-06-28 12:40 - 2014-06-28 12:40 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\eFMer
2014-06-28 11:47 - 2014-06-28 12:22 - 00000000 ____D () C:\Users\Noah\Downloads\boincview
2014-06-28 11:07 - 2014-07-08 20:33 - 00000000 ____D () C:\ProgramData\BOINC
2014-06-28 11:07 - 2014-07-05 20:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-28 11:06 - 2014-06-28 11:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 11:21 - 2014-06-27 11:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Unity
2014-06-27 11:01 - 2014-06-27 11:01 - 00000000 ____D () C:\Users\Noah\AppData\Local\Unity
2014-06-26 16:03 - 2014-06-26 16:03 - 00000000 ____D () C:\Users\Noah\AppData\Local\SKIDROW
2014-06-26 15:46 - 2014-06-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-06-26 15:44 - 2014-06-26 15:44 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\LolClient
2014-06-24 14:05 - 2014-07-09 20:37 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 ____D () C:\Riot Games
2014-06-24 14:05 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-06-24 14:05 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-06-24 14:05 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-06-24 14:04 - 2014-07-10 15:04 - 00000000 ____D () C:\Users\Noah\AppData\Local\PMB Files
2014-06-24 14:04 - 2014-07-10 15:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-21 16:45 - 2014-07-11 18:15 - 00000000 ____D () C:\Program Files\FRAPS
2014-06-21 16:45 - 2014-06-21 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-06-21 15:50 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\Noah\Documents\Heroes of the Storm
2014-06-21 12:26 - 2014-06-23 20:51 - 00000000 ____D () C:\Users\Noah\AppData\Local\Battle.net
2014-06-21 12:26 - 2014-06-21 12:27 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net

==================== One Month Modified Files and Folders =======

2014-07-21 09:13 - 2014-07-21 09:13 - 00015417 _____ () C:\Users\Noah\Downloads\FRST.txt
2014-07-21 09:13 - 2014-07-21 09:12 - 00000000 ____D () C:\FRST
2014-07-21 09:11 - 2014-07-21 09:11 - 02089984 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe
2014-07-21 09:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 08:50 - 2014-06-14 13:40 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 08:44 - 2014-07-08 20:13 - 00613403 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 08:39 - 2014-07-20 20:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 02:00 - 2014-07-08 15:59 - 00000000 ____D () C:\Users\Noah\AppData\Local\Adobe
2014-07-20 22:41 - 2014-05-07 16:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3284888835-1065193200-944460603-1001
2014-07-20 22:14 - 2014-07-20 20:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:08 - 2014-07-06 10:46 - 00000000 ____D () C:\Users\Noah\Documents\reg_backups
2014-07-20 20:41 - 2014-07-20 20:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 20:27 - 2014-07-20 20:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 20:26 - 2014-07-20 20:26 - 05336664 _____ () C:\Users\Noah\Downloads\RogueKillerX64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Noah\Downloads\rkill64.exe
2014-07-20 20:20 - 2014-06-04 21:44 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Skype
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 19:50 - 2014-06-14 13:40 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 19:25 - 2014-05-07 20:53 - 00210944 ___SH () C:\Users\Noah\Downloads\Thumbs.db
2014-07-20 16:34 - 2014-07-20 16:26 - 00000000 ____D () C:\Users\Noah\Downloads\EFT2.23.1
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Local\Wikimedia
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Program Files (x86)\Huggle
2014-07-19 21:45 - 2014-05-09 18:16 - 00000132 _____ () C:\Users\Noah\AppData\Roaming\Adobe PNG Format CC Prefs
2014-07-19 21:13 - 2014-07-19 20:56 - 00000000 ____D () C:\Users\Noah\Documents\Photoshop
2014-07-19 20:52 - 2014-07-19 20:52 - 00000000 ____D () C:\Users\Noah\Downloads\triangulator
2014-07-19 19:23 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-12 10:00 - 2014-07-12 10:00 - 00000000 ____D () C:\Users\Noah\Documents\Adobe
2014-07-12 10:00 - 2014-05-07 07:55 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Adobe
2014-07-12 03:18 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-07-11 22:50 - 2014-05-29 21:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Mumble
2014-07-11 18:15 - 2014-06-21 16:45 - 00000000 ____D () C:\Program Files\FRAPS
2014-07-11 14:32 - 2014-07-11 14:32 - 00007030 _____ () C:\Users\Noah\comcast.txt
2014-07-11 14:32 - 2014-05-07 07:54 - 00000000 ____D () C:\Users\Noah
2014-07-11 10:54 - 2014-05-14 20:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 10:20 - 2014-05-08 16:55 - 00000000 ____D () C:\Users\Noah\Documents\Wallpapers
2014-07-10 17:04 - 2013-09-29 21:04 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 17:00 - 2014-07-10 16:18 - 00046248 _____ () C:\Windows\PFRO.log
2014-07-10 17:00 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 16:59 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-10 16:18 - 2013-08-22 07:44 - 05174632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 16:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\ADFS
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 15:04 - 2014-06-24 14:04 - 00000000 ____D () C:\Users\Noah\AppData\Local\PMB Files
2014-07-10 15:04 - 2014-06-24 14:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-10 11:03 - 2014-05-28 16:58 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\.purple
2014-07-09 20:57 - 2014-07-09 20:52 - 00001926 _____ () C:\Users\Noah\Tracert2.txt
2014-07-09 20:50 - 2014-07-09 20:46 - 00002031 _____ () C:\Users\Noah\Trace.txt
2014-07-09 20:37 - 2014-07-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-09 20:37 - 2014-06-24 14:05 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-07-09 20:23 - 2014-06-11 14:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-09 17:29 - 2014-07-09 17:11 - 00000405 _____ () C:\Users\Noah\.wct
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.wct-cache
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.swt
2014-07-09 15:38 - 2014-07-09 15:23 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-09 14:06 - 2014-05-11 12:02 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\HexChat
2014-07-09 13:59 - 2014-07-09 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-07-09 13:59 - 2014-05-11 12:02 - 00000000 ____D () C:\Program Files\HexChat
2014-07-09 13:59 - 2014-05-07 17:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 11:48 - 2014-07-05 20:38 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-07-09 11:39 - 2014-05-23 17:32 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\.minecraft
2014-07-09 11:08 - 2014-05-08 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:08 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 11:06 - 2014-05-08 20:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:06 - 2013-09-29 20:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:06 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 10:42 - 2014-07-09 10:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 22:18 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\greenfoot
2014-07-08 22:13 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\Downloads\noahk
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\Downloads\CINEBENCH_R15
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\MAXON
2014-07-08 20:33 - 2014-06-28 11:07 - 00000000 ____D () C:\ProgramData\BOINC
2014-07-08 18:56 - 2014-07-08 18:56 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-08 18:41 - 2014-07-08 18:40 - 00000000 ____D () C:\Users\Noah\.gradle
2014-07-08 11:27 - 2014-05-08 21:23 - 00000404 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 13:00 - 2014-05-08 16:55 - 00000000 ____D () C:\Users\Noah\Documents\Techy Stuff
2014-07-06 21:09 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Local\Sublime Text 3
2014-07-06 21:07 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Sublime Text 3
2014-07-06 19:24 - 2014-07-06 19:23 - 00000000 ____D () C:\eclipse_Workspace
2014-07-06 12:59 - 2014-05-17 16:29 - 00077824 ___SH () C:\Users\Noah\Documents\Thumbs.db
2014-07-06 10:46 - 2014-05-18 12:25 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\TS3Client
2014-07-06 10:46 - 2014-05-07 08:36 - 00000000 ____D () C:\Windows\Panther
2014-07-06 10:42 - 2014-07-06 10:42 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 20:40 - 2014-07-05 20:40 - 00001199 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse.lnk
2014-07-05 20:28 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\java
2014-07-05 20:25 - 2014-07-05 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\Program Files\Java
2014-07-05 20:20 - 2014-06-28 11:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-28 23:06 - 2014-06-28 23:03 - 00002799 ____T () C:\Windows\system32\lic2tmp.xml13221
2014-06-28 22:54 - 2014-05-25 22:52 - 00000600 _____ () C:\Users\Noah\AppData\Local\PUTTY.RND
2014-06-28 15:14 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Noah\Downloads\peacenow_basic
2014-06-28 15:12 - 2014-05-12 17:33 - 00227328 ___SH () C:\Users\Noah\Desktop\Thumbs.db
2014-06-28 12:40 - 2014-06-28 12:40 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\eFMer
2014-06-28 12:22 - 2014-06-28 11:47 - 00000000 ____D () C:\Users\Noah\Downloads\boincview
2014-06-28 11:06 - 2014-06-28 11:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 11:21 - 2014-06-27 11:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Unity
2014-06-27 11:01 - 2014-06-27 11:01 - 00000000 ____D () C:\Users\Noah\AppData\Local\Unity
2014-06-26 16:03 - 2014-06-26 16:03 - 00000000 ____D () C:\Users\Noah\AppData\Local\SKIDROW
2014-06-26 15:46 - 2014-06-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-06-26 15:44 - 2014-06-26 15:44 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-26 13:55 - 2013-08-22 08:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 13:55 - 2013-08-22 08:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\LolClient
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 ____D () C:\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-23 20:51 - 2014-06-21 12:26 - 00000000 ____D () C:\Users\Noah\AppData\Local\Battle.net
2014-06-21 19:53 - 2014-05-17 11:59 - 00000000 ____D () C:\Users\Noah\Documents\EVE
2014-06-21 16:45 - 2014-06-21 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-06-21 16:42 - 2014-06-02 21:37 - 00000000 ____D () C:\Program Files\OBS
2014-06-21 15:50 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\Noah\Documents\Heroes of the Storm
2014-06-21 15:50 - 2014-05-10 11:56 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-21 12:30 - 2014-05-08 21:00 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-21 12:27 - 2014-06-21 12:26 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 22:39

==================== End Of Log ============================


Addition.txt...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by xxxx at 2014-07-21 09:14:01
Running from C:\Users\xxxx\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.9 - battleclinic.com)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Greenfoot (HKLM-x32\...\{8C838B70-3A71-41E8-91A6-4ADCF2E483D0}) (Version: 2.3.0 - Greenfoot Team)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.0 - HexChat)
Huggle (HKCU\...\Huggle) (Version: 3.0.5.0 - Wikimedia Project)
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel® Network Connections 18.5.54.0 (Version: 18.5.54.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java 8 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.5 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.5 - MPC-HC Team)
Mumble 1.2.6 (HKLM-x32\...\{461A5021-EE14-4E57-9A06-8ABCE9C38FE4}) (Version: 1.2.6 - Thorvald Natvig)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
qBittorrent 3.1.9.2 (HKLM-x32\...\qbittorrent) (Version: 3.1.9.2 - The qBittorrent project)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7037 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sound Blaster X-Fi MB 2 (HKLM-x32\...\{44DA67A9-C906-4316-94CB-61B036BBDCE5}) (Version: 1.04.02 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.1 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Toontown Rewritten (HKLM-x32\...\Toontown Rewritten) (Version: 00.00.00.00 - The TTR Dev Team)
Tukui Client (HKLM-x32\...\{6517882E-E5E0-40DC-B3B0-A531FF2A06E8}) (Version: 2.4.5 - Tukui)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

==================== Restore Points  =========================

09-07-2014 03:20:40 Installed BOINC.
10-07-2014 03:34:15 Removed League of Legends
20-07-2014 20:46:07 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1BF56BAA-4014-4A8E-AF86-B19DAD911343} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2BF768AB-BB39-4B70-B25B-794C410AD48D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3C975CFD-681C-4E87-AFE0-265713CC5180} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {43C23E15-C162-42D7-BD67-42E32589EEBF} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EE92D48-C7AC-475B-A8FC-24A29A2D7977} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {4F9CE7A5-9BC4-48AF-98C5-64C499CA2032} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {6A94FF8B-A556-431E-93DA-45AE1F07678C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {8440ABFB-143E-4FCB-9E07-7F762ABC8BF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8F67C095-D160-4EE7-BA97-53A126232961} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3284888835-1065193200-944460603-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B4F17590-9FE6-481A-A49E-A6EE6A9F0F8D} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {BBCE9512-F40F-4AD1-BA37-8E813429F86C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {BF76B1A7-C675-4B21-A94F-DA5910E43A5B} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-noahdk@comcast.net => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F17D719E-1DBE-4A1C-BACE-56A4971994EB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {F58C0147-1113-46CA-BD13-EFA3A245827C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-08 21:17 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-05-08 21:17 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-06-04 21:49 - 2014-06-04 21:49 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-14 20:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-07 16:10 - 2014-03-04 06:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-11 10:53 - 2014-05-20 09:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-07 16:52 - 2011-12-16 17:18 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-02-11 11:21 - 2014-02-11 11:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 11:22 - 2014-02-11 11:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 11:21 - 2014-02-11 11:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 11:22 - 2014-02-11 11:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-06-01 20:28 - 2014-06-01 20:28 - 09851785 _____ () C:\Program Files (x86)\Toontown Rewritten\Launcher.exe
2014-05-07 16:54 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-10 12:38 - 2014-06-10 12:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Noah\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Noah\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Noah\Downloads\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\Noah\Downloads\RogueKillerX64.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 05:44:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/21/2014 05:42:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/20/2014 01:46:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/20/2014 11:36:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x1210
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (07/19/2014 10:40:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/19/2014 07:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x18bc
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (07/12/2014 07:10:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0xb3c
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5

Error: (07/12/2014 03:10:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/12/2014 03:09:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (07/12/2014 01:08:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkyDrive.exe, version: 17.3.1165.612, time stamp: 0x539a47b7
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3
Exception code: 0x80000003
Fault offset: 0x000b3425
Faulting process id: 0x12a0
Faulting application start time: 0xSkyDrive.exe0
Faulting application path: SkyDrive.exe1
Faulting module path: SkyDrive.exe2
Report Id: SkyDrive.exe3
Faulting package full name: SkyDrive.exe4
Faulting package-relative application ID: SkyDrive.exe5


System errors:
=============
Error: (07/21/2014 05:43:13 AM) (Source: DCOM) (EventID: 10010) (User: NOAH-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/21/2014 05:42:43 AM) (Source: DCOM) (EventID: 10010) (User: NOAH-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/20/2014 01:04:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:04:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:03:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:03:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:03:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:02:54 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:02:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (07/20/2014 01:02:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.


Microsoft Office Sessions:
=========================
Error: (07/21/2014 05:44:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

Error: (07/21/2014 05:42:32 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

Error: (07/20/2014 01:46:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (07/20/2014 11:36:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425121001cfa44978774a66C:\Users\Noah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dllb786af90-103c-11e4-8263-94de806f6192

Error: (07/19/2014 10:40:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

Error: (07/19/2014 07:16:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342518bc01cfa3c091f14e9eC:\Users\Noah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dlleb82dc6f-0fb3-11e4-8263-94de806f6192

Error: (07/12/2014 07:10:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425b3c01cf9ddafac498d4C:\Users\Noah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dll3910e570-09ce-11e4-8263-94de806f6192

Error: (07/12/2014 03:10:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

Error: (07/12/2014 03:09:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\Dreamweaver.exe

Error: (07/12/2014 01:08:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342512a001cf9da86755d8b1C:\Users\Noah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Windows\SYSTEM32\KERNELBASE.dlla6870be2-099b-11e4-8263-94de806f6192


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 8152.37 MB
Available physical RAM: 4584.9 MB
Total Pagefile: 9432.37 MB
Available Pagefile: 5867.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.17 GB) (Free:778.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D3D096C9)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 21 July 2014 - 12:24 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 04:21 PM

AdwCleaner...

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 13:59:30
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Noah - NOAH-PC
# Running from : C:\Users\Noah\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [902 octets] - [21/07/2014 13:57:40]
AdwCleaner[R1].txt - [961 octets] - [21/07/2014 13:59:06]
AdwCleaner[S0].txt - [846 octets] - [21/07/2014 13:59:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [905 octets] ##########
 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 21 July 2014 - 04:32 PM

Waiting for the other logs.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 04:33 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 2:21:58 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Noah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282661
Time Elapsed: 9 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 04:42 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by Noah on Mon 07/21/2014 at 14:34:15.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Noah\AppData\Roaming\mozilla\firefox\profiles\k21yiogw.default\prefs.js

user_pref("extensions.xkit7.extension_go_to_dash", "{\"script\":\"//* TITLE Go-To-Dash **//\\r\\n//* VERSION 1.0 REV F **//\\r\\n//* DESCRIPTION View a post on a blog on your
user_pref("extensions.xkit7.extension_one_click_postage", "{\"script\":\"//* TITLE One-Click Postage **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you easily
user_pref("extensions.xkit7.extension_one_click_reply", "{\"script\":\"//* TITLE One-Click Reply **//\\r\\n//* VERSION 1.9 REV F **//\\r\\n//* DESCRIPTION Lets you reply to no
user_pref("extensions.xkit7.extension_tweaks", "{\"script\":\"//* TITLE Tweaks **//\\r\\n//* VERSION 2.9 REV D **//\\r\\n//* DESCRIPTION Various little tweaks for your dashboa
user_pref("extensions.xkit7.extension_xinbox", "{\"script\":\"//* TITLE XInbox **//\\r\\n//* VERSION 1.9 REV C **//\\r\\n//* DESCRIPTION Enhances your Inbox experience **//\\r
user_pref("extensions.xkit7.extension_xkit_patches", "{\"script\":\"//* TITLE XKit Patches **//\\r\\n//* VERSION 2.5 REV A **//\\r\\n//* DESCRIPTION Patches framework **//\\r\
user_pref("extensions.xkit7.extension_xkit_preferences", "{\"script\":\"//* TITLE XKit Preferences **//\\r\\n//* VERSION 3.3 REV D **//\\r\\n//* DESCRIPTION Lets you customize
Emptied folder: C:\Users\Noah\AppData\Roaming\mozilla\firefox\profiles\k21yiogw.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 14:41:00.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 04:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Noah (administrator) on NOAH-PC on 21-07-2014 14:44:14
Running from C:\Users\Noah\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13651672 2013-09-03] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10396440 2014-04-14] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe [1517056 2011-08-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE8E9A508506ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default
FF NewTab: about:blank
FF Homepage: file:///C:/Users/Noah/Documents/Dreamweaver/Home/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Noah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Adblock Plus - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]
FF Extension: Greasemonkey - C:\Users\Noah\AppData\Roaming\Mozilla\Firefox\Profiles\k21yiogw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-06-16]

==================== Services (Whitelisted) =================

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-07] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-05-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-12-28] (Creative Technology Ltd) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-04] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-07-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [469264 2013-06-19] (Intel Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 Mv_Process; \??\c:\windows\syswow64\mv_process.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 14:43 - 2014-07-21 14:43 - 00000000 ____D () C:\Users\Noah\Downloads\FRST-OlderVersion
2014-07-21 14:41 - 2014-07-21 14:41 - 00002189 _____ () C:\Users\Noah\Desktop\JRT.txt
2014-07-21 14:35 - 2014-07-21 14:35 - 00000000 ____D () C:\Users\Noah\AppData\Local\CrashDumps
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 14:33 - 2014-07-21 14:33 - 01016261 _____ (Thisisu) C:\Users\Noah\Downloads\JRT.exe
2014-07-21 13:57 - 2014-07-21 13:59 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:57 - 2014-07-21 13:57 - 01354223 _____ () C:\Users\Noah\Downloads\AdwCleaner.exe
2014-07-21 09:14 - 2014-07-21 09:14 - 00033570 _____ () C:\Users\Noah\Downloads\Addition.txt
2014-07-21 09:13 - 2014-07-21 14:44 - 00015008 _____ () C:\Users\Noah\Downloads\FRST.txt
2014-07-21 09:12 - 2014-07-21 14:44 - 00000000 ____D () C:\FRST
2014-07-21 09:11 - 2014-07-21 14:43 - 02090496 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe
2014-07-20 20:40 - 2014-07-20 20:41 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 20:27 - 2014-07-20 22:14 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 20:27 - 2014-07-20 20:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 20:26 - 2014-07-20 20:26 - 05336664 _____ () C:\Users\Noah\Downloads\RogueKillerX64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Noah\Downloads\rkill64.exe
2014-07-20 20:16 - 2014-07-21 14:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 20:16 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 20:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 16:26 - 2014-07-20 16:34 - 00000000 ____D () C:\Users\Noah\Downloads\EFT2.23.1
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Local\Wikimedia
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Program Files (x86)\Huggle
2014-07-19 20:56 - 2014-07-19 21:13 - 00000000 ____D () C:\Users\Noah\Documents\Photoshop
2014-07-19 20:52 - 2014-07-19 20:52 - 00000000 ____D () C:\Users\Noah\Downloads\triangulator
2014-07-12 10:00 - 2014-07-12 10:00 - 00000000 ____D () C:\Users\Noah\Documents\Adobe
2014-07-11 14:32 - 2014-07-11 14:32 - 00007030 _____ () C:\Users\Noah\comcast.txt
2014-07-10 16:18 - 2014-07-21 14:00 - 00048086 _____ () C:\Windows\PFRO.log
2014-07-09 20:52 - 2014-07-09 20:57 - 00001926 _____ () C:\Users\Noah\Tracert2.txt
2014-07-09 20:46 - 2014-07-09 20:50 - 00002031 _____ () C:\Users\Noah\Trace.txt
2014-07-09 20:37 - 2014-07-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-09 17:11 - 2014-07-09 17:29 - 00000405 _____ () C:\Users\Noah\.wct
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.wct-cache
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.swt
2014-07-09 15:23 - 2014-07-09 15:38 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-09 13:59 - 2014-07-09 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-07-09 11:06 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 10:46 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 10:46 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 10:46 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 10:46 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 10:46 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 10:46 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 10:46 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 10:46 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 10:46 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 10:46 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 10:45 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 10:45 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 10:45 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 10:45 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 10:45 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 10:45 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 10:45 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 10:45 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 10:45 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 10:45 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 10:45 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 10:45 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 10:45 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 10:45 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 10:45 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 10:45 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 10:45 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 10:45 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 10:45 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 10:45 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 10:45 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 10:45 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 10:45 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 10:45 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 10:45 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 10:45 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 10:45 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 10:45 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 10:45 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 10:45 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 10:45 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 10:45 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 10:45 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 10:45 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:45 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 10:45 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 10:45 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 10:45 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 10:45 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 10:45 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 10:45 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 10:45 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 10:45 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 10:45 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 10:42 - 2014-07-09 10:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 22:13 - 2014-07-08 22:18 - 00000000 ____D () C:\Users\Noah\greenfoot
2014-07-08 22:13 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\Downloads\noahk
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\Downloads\CINEBENCH_R15
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\MAXON
2014-07-08 20:13 - 2014-07-21 14:30 - 00619838 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 18:56 - 2014-07-08 18:56 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-08 18:40 - 2014-07-08 18:41 - 00000000 ____D () C:\Users\Noah\.gradle
2014-07-08 15:59 - 2014-07-21 02:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\Adobe
2014-07-06 21:07 - 2014-07-06 21:09 - 00000000 ____D () C:\Users\Noah\AppData\Local\Sublime Text 3
2014-07-06 21:07 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Sublime Text 3
2014-07-06 19:23 - 2014-07-06 19:24 - 00000000 ____D () C:\eclipse_Workspace
2014-07-06 10:46 - 2014-07-20 22:08 - 00000000 ____D () C:\Users\Noah\Documents\reg_backups
2014-07-06 10:42 - 2014-07-06 10:42 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 20:40 - 2014-07-05 20:40 - 00001199 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse.lnk
2014-07-05 20:38 - 2014-07-09 11:48 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-07-05 20:28 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\java
2014-07-05 20:25 - 2014-07-05 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\Program Files\Java
2014-06-28 23:03 - 2014-06-28 23:06 - 00002799 ____T () C:\Windows\system32\lic2tmp.xml13221
2014-06-28 15:14 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Noah\Downloads\peacenow_basic
2014-06-28 12:40 - 2014-06-28 12:40 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\eFMer
2014-06-28 11:47 - 2014-06-28 12:22 - 00000000 ____D () C:\Users\Noah\Downloads\boincview
2014-06-28 11:07 - 2014-07-08 20:33 - 00000000 ____D () C:\ProgramData\BOINC
2014-06-28 11:07 - 2014-07-05 20:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-28 11:06 - 2014-06-28 11:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 11:21 - 2014-06-27 11:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Unity
2014-06-27 11:01 - 2014-06-27 11:01 - 00000000 ____D () C:\Users\Noah\AppData\Local\Unity
2014-06-26 16:03 - 2014-06-26 16:03 - 00000000 ____D () C:\Users\Noah\AppData\Local\SKIDROW
2014-06-26 15:46 - 2014-06-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-06-26 15:44 - 2014-06-26 15:44 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\LolClient
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 ____D () C:\Riot Games
2014-06-24 14:05 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-06-24 14:05 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-06-24 14:05 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-06-24 14:04 - 2014-07-10 15:04 - 00000000 ____D () C:\Users\Noah\AppData\Local\PMB Files
2014-06-24 14:04 - 2014-07-10 15:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-21 16:45 - 2014-07-11 18:15 - 00000000 ____D () C:\Program Files\FRAPS
2014-06-21 16:45 - 2014-06-21 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-06-21 15:50 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\Noah\Documents\Heroes of the Storm
2014-06-21 12:26 - 2014-06-23 20:51 - 00000000 ____D () C:\Users\Noah\AppData\Local\Battle.net
2014-06-21 12:26 - 2014-06-21 12:27 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net

==================== One Month Modified Files and Folders =======

2014-07-21 14:44 - 2014-07-21 09:13 - 00015008 _____ () C:\Users\Noah\Downloads\FRST.txt
2014-07-21 14:44 - 2014-07-21 09:12 - 00000000 ____D () C:\FRST
2014-07-21 14:43 - 2014-07-21 14:43 - 00000000 ____D () C:\Users\Noah\Downloads\FRST-OlderVersion
2014-07-21 14:43 - 2014-07-21 09:11 - 02090496 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe
2014-07-21 14:41 - 2014-07-21 14:41 - 00002189 _____ () C:\Users\Noah\Desktop\JRT.txt
2014-07-21 14:40 - 2014-07-21 14:35 - 00000000 ____D () C:\Users\Noah\AppData\Local\CrashDumps
2014-07-21 14:34 - 2014-07-21 14:34 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 14:33 - 2014-07-21 14:33 - 01016261 _____ (Thisisu) C:\Users\Noah\Downloads\JRT.exe
2014-07-21 14:30 - 2014-07-08 20:13 - 00619838 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 14:10 - 2014-07-20 20:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 14:10 - 2014-06-14 13:40 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 14:05 - 2013-09-29 21:04 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 14:00 - 2014-07-10 16:18 - 00048086 _____ () C:\Windows\PFRO.log
2014-07-21 14:00 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 14:00 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-21 13:59 - 2014-07-21 13:57 - 00000000 ____D () C:\AdwCleaner
2014-07-21 13:57 - 2014-07-21 13:57 - 01354223 _____ () C:\Users\Noah\Downloads\AdwCleaner.exe
2014-07-21 13:50 - 2014-06-14 13:40 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 09:14 - 2014-07-21 09:14 - 00033570 _____ () C:\Users\Noah\Downloads\Addition.txt
2014-07-21 02:00 - 2014-07-08 15:59 - 00000000 ____D () C:\Users\Noah\AppData\Local\Adobe
2014-07-20 22:41 - 2014-05-07 16:41 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3284888835-1065193200-944460603-1001
2014-07-20 22:14 - 2014-07-20 20:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:08 - 2014-07-06 10:46 - 00000000 ____D () C:\Users\Noah\Documents\reg_backups
2014-07-20 20:41 - 2014-07-20 20:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-20 20:27 - 2014-07-20 20:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 20:26 - 2014-07-20 20:26 - 05336664 _____ () C:\Users\Noah\Downloads\RogueKillerX64.exe
2014-07-20 20:26 - 2014-07-20 20:26 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Noah\Downloads\rkill64.exe
2014-07-20 20:20 - 2014-06-04 21:44 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Skype
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 20:16 - 2014-07-20 20:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 19:25 - 2014-05-07 20:53 - 00210944 ___SH () C:\Users\Noah\Downloads\Thumbs.db
2014-07-20 16:34 - 2014-07-20 16:26 - 00000000 ____D () C:\Users\Noah\Downloads\EFT2.23.1
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Users\Noah\AppData\Local\Wikimedia
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Huggle
2014-07-20 13:19 - 2014-07-20 13:19 - 00000000 ____D () C:\Program Files (x86)\Huggle
2014-07-19 21:45 - 2014-05-09 18:16 - 00000132 _____ () C:\Users\Noah\AppData\Roaming\Adobe PNG Format CC Prefs
2014-07-19 21:13 - 2014-07-19 20:56 - 00000000 ____D () C:\Users\Noah\Documents\Photoshop
2014-07-19 20:52 - 2014-07-19 20:52 - 00000000 ____D () C:\Users\Noah\Downloads\triangulator
2014-07-19 19:23 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-12 10:00 - 2014-07-12 10:00 - 00000000 ____D () C:\Users\Noah\Documents\Adobe
2014-07-12 10:00 - 2014-05-07 07:55 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Adobe
2014-07-12 03:18 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-07-11 22:50 - 2014-05-29 21:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Mumble
2014-07-11 18:15 - 2014-06-21 16:45 - 00000000 ____D () C:\Program Files\FRAPS
2014-07-11 14:32 - 2014-07-11 14:32 - 00007030 _____ () C:\Users\Noah\comcast.txt
2014-07-11 14:32 - 2014-05-07 07:54 - 00000000 ____D () C:\Users\Noah
2014-07-11 10:54 - 2014-05-14 20:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-11 10:20 - 2014-05-08 16:55 - 00000000 ____D () C:\Users\Noah\Documents\Wallpapers
2014-07-10 16:18 - 2013-08-22 07:44 - 05174632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 16:17 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\ADFS
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 15:04 - 2014-06-24 14:04 - 00000000 ____D () C:\Users\Noah\AppData\Local\PMB Files
2014-07-10 15:04 - 2014-06-24 14:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-10 11:03 - 2014-05-28 16:58 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\.purple
2014-07-09 20:57 - 2014-07-09 20:52 - 00001926 _____ () C:\Users\Noah\Tracert2.txt
2014-07-09 20:50 - 2014-07-09 20:46 - 00002031 _____ () C:\Users\Noah\Trace.txt
2014-07-09 20:37 - 2014-07-09 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-09 20:23 - 2014-06-11 14:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-09 17:29 - 2014-07-09 17:11 - 00000405 _____ () C:\Users\Noah\.wct
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.wct-cache
2014-07-09 17:11 - 2014-07-09 17:11 - 00000000 ____D () C:\Users\Noah\.swt
2014-07-09 15:38 - 2014-07-09 15:23 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-07-09 14:06 - 2014-05-11 12:02 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\HexChat
2014-07-09 13:59 - 2014-07-09 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-07-09 13:59 - 2014-05-11 12:02 - 00000000 ____D () C:\Program Files\HexChat
2014-07-09 13:59 - 2014-05-07 17:05 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-09 11:48 - 2014-07-05 20:38 - 00000000 ____D () C:\Program Files (x86)\eclipse
2014-07-09 11:39 - 2014-05-23 17:32 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\.minecraft
2014-07-09 11:08 - 2014-05-08 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:08 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 11:06 - 2014-05-08 20:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 11:06 - 2013-09-29 20:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 11:06 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-09 10:42 - 2014-07-09 10:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 22:18 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\greenfoot
2014-07-08 22:13 - 2014-07-08 22:13 - 00000000 ____D () C:\Users\Noah\Downloads\noahk
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Greenfoot
2014-07-08 22:06 - 2014-07-08 22:06 - 00000000 ____D () C:\Program Files (x86)\Greenfoot
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\Downloads\CINEBENCH_R15
2014-07-08 20:34 - 2014-07-08 20:34 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\MAXON
2014-07-08 20:33 - 2014-06-28 11:07 - 00000000 ____D () C:\ProgramData\BOINC
2014-07-08 18:56 - 2014-07-08 18:56 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-07-08 18:41 - 2014-07-08 18:40 - 00000000 ____D () C:\Users\Noah\.gradle
2014-07-08 11:27 - 2014-05-08 21:23 - 00000404 __RSH () C:\ProgramData\ntuser.pol
2014-07-07 13:00 - 2014-05-08 16:55 - 00000000 ____D () C:\Users\Noah\Documents\Techy Stuff
2014-07-06 21:09 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Local\Sublime Text 3
2014-07-06 21:07 - 2014-07-06 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Sublime Text 3
2014-07-06 19:24 - 2014-07-06 19:23 - 00000000 ____D () C:\eclipse_Workspace
2014-07-06 12:59 - 2014-05-17 16:29 - 00077824 ___SH () C:\Users\Noah\Documents\Thumbs.db
2014-07-06 10:46 - 2014-05-18 12:25 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\TS3Client
2014-07-06 10:46 - 2014-05-07 08:36 - 00000000 ____D () C:\Windows\Panther
2014-07-06 10:42 - 2014-07-06 10:42 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-06 10:42 - 2014-07-06 10:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-05 20:40 - 2014-07-05 20:40 - 00001199 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse.lnk
2014-07-05 20:28 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\java
2014-07-05 20:25 - 2014-07-05 20:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-05 20:25 - 2014-07-05 20:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-07-05 20:25 - 2014-07-05 20:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-05 20:24 - 2014-07-05 20:24 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-05 20:24 - 2014-07-05 20:24 - 00000000 ____D () C:\Program Files\Java
2014-07-05 20:20 - 2014-06-28 11:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-28 23:06 - 2014-06-28 23:03 - 00002799 ____T () C:\Windows\system32\lic2tmp.xml13221
2014-06-28 22:54 - 2014-05-25 22:52 - 00000600 _____ () C:\Users\Noah\AppData\Local\PUTTY.RND
2014-06-28 15:14 - 2014-06-28 15:14 - 00000000 ____D () C:\Users\Noah\Downloads\peacenow_basic
2014-06-28 15:12 - 2014-05-12 17:33 - 00227328 ___SH () C:\Users\Noah\Desktop\Thumbs.db
2014-06-28 12:40 - 2014-06-28 12:40 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\eFMer
2014-06-28 12:22 - 2014-06-28 11:47 - 00000000 ____D () C:\Users\Noah\Downloads\boincview
2014-06-28 11:06 - 2014-06-28 11:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-27 11:21 - 2014-06-27 11:21 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Unity
2014-06-27 11:01 - 2014-06-27 11:01 - 00000000 ____D () C:\Users\Noah\AppData\Local\Unity
2014-06-26 16:03 - 2014-06-26 16:03 - 00000000 ____D () C:\Users\Noah\AppData\Local\SKIDROW
2014-06-26 15:46 - 2014-06-26 15:46 - 00000000 ____D () C:\Program Files (x86)\Valve
2014-06-26 15:44 - 2014-06-26 15:44 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-06-26 13:55 - 2013-08-22 08:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 13:55 - 2013-08-22 08:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 14:57 - 2014-06-24 14:57 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\LolClient
2014-06-24 14:05 - 2014-06-24 14:05 - 00000000 ____D () C:\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Riot Games
2014-06-24 14:03 - 2014-06-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-06-23 20:51 - 2014-06-21 12:26 - 00000000 ____D () C:\Users\Noah\AppData\Local\Battle.net
2014-06-21 19:53 - 2014-05-17 11:59 - 00000000 ____D () C:\Users\Noah\Documents\EVE
2014-06-21 16:45 - 2014-06-21 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2014-06-21 16:42 - 2014-06-02 21:37 - 00000000 ____D () C:\Program Files\OBS
2014-06-21 15:50 - 2014-06-21 15:50 - 00000000 ____D () C:\Users\Noah\Documents\Heroes of the Storm
2014-06-21 15:50 - 2014-05-10 11:56 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-06-21 12:30 - 2014-05-08 21:00 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-21 12:27 - 2014-06-21 12:26 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-21 12:26 - 2014-06-21 12:26 - 00000000 ____D () C:\Program Files (x86)\Battle.net

Some content of TEMP:
====================
C:\Users\Noah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 22:39

==================== End Of Log ============================



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 21 July 2014 - 04:54 PM

First,
Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
  • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM3_zps83324155.png
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM4_zpse3cd4a79.png
  • The scan may take some time to finish,so please be patient.
    MBAM5_zps36d7537b.png
  • When the scan is complete, it will show you the results. (This one is clean):
    MBAM65_zpsb0aa143c.png
  • Make sure that everything is checked, and click Quarantine All (or similar).
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
    MBAM7_zps782405f0.png
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    MBAM9_zps1f87702b.png
  • Choose the latest Scan Log, and click on the View button:
    MBAM10_zps5a48f689.png
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
    MBAM8_zpsad402941.png
  • Copy & Paste the entire contents of the report log in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

*** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.

Then,
IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Then,
How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 falsepositive_

falsepositive_
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 21 July 2014 - 06:30 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 3:08:18 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Noah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281960
Time Elapsed: 9 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 21 July 2014 - 11:54 PM

Ok, I'm waiting for further logs.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:17 PM

Posted 24 July 2014 - 06:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users