Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan/virus problems


  • This topic is locked This topic is locked
28 replies to this topic

#1 munroe721

munroe721

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 22 August 2014 - 10:00 AM

so ive been getting warning from avg saying i have a trojan called crypt_s and when i click remove infections it generates another copy of the virus/trojan? also my browers is really slow i tried clearing the cache described on this website as well with no improvement plz let me know what i can do to fix this.

EDIT .. PM sent to add DDS log ~~ boopme

Edited by boopme, 22 August 2014 - 10:09 AM.


BC AdBot (Login to Remove)

 


#2 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 22 August 2014 - 04:22 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.60.2
Run by Andrew at 17:10:14 on 2014-08-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8189.5524 [GMT -4:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.215\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5C4D650E-2D53-45AB-9E2F-A74D41E97C15} : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-7-6 74432]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-11 3244048]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-11 289328]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-19 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-21 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-21 21055432]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-21 413128]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-6-21 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-6-21 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-19 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-19 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-21 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-21 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-21 646248]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-7-6 129472]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-21 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-20 14:54:14 -------- d-----w- C:\ProgramData\Licenses
2014-08-20 14:53:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 14:53:44 -------- d-----w- C:\ProgramData\Simply Super Software
2014-08-20 14:53:44 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2014-08-20 01:40:36 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-20 01:40:20 -------- d-----w- C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-20 01:37:52 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-20 01:37:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-20 01:37:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-20 01:37:52 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-20 01:37:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 01:37:42 -------- d-----w- C:\Users\Andrew\AppData\Local\Programs
2014-08-16 22:47:22 -------- d-----w- C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 22:47:08 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-16 19:12:52 -------- d-----w- C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 19:12:39 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2014-08-16 19:12:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-08-16 19:12:27 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2014-08-16 19:12:26 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2014-08-15 17:34:23 -------- d-----w- C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-15 17:33:42 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 17:33:21 -------- d--h--w- C:\$AVG
2014-08-15 17:33:21 -------- d-----w- C:\ProgramData\AVG2014
2014-08-15 17:31:55 -------- d-----w- C:\Program Files (x86)\AVG
2014-08-15 15:42:50 -------- d--h--w- C:\ProgramData\Common Files
2014-08-15 15:42:50 -------- d-----w- C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 15:42:50 -------- d-----w- C:\Users\Andrew\AppData\Local\Avg2014
2014-08-15 15:42:50 -------- d-----w- C:\ProgramData\MFAData
2014-08-15 15:17:36 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EB43C70-DCF3-4CB5-8312-6F62C47636B2}\mpengine.dll
2014-08-15 07:01:28 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 07:01:28 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 07:01:28 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 07:01:28 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 07:01:28 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 07:01:28 171160 ----a-w- C:\Windows\System32\infocardapi(180).dll
2014-08-15 07:01:28 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 07:00:59 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:00:59 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-02 06:22:55 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-02 06:22:10 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-02 06:22:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-02 06:21:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-02 06:21:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-02 06:21:59 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-02 06:21:59 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-07-30 02:19:40 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-07-30 02:19:35 -------- d--h--w- C:\Windows\msdownld.tmp
2014-07-30 02:19:35 -------- d-----w- C:\Windows\SysWow64\directx
2014-07-30 02:18:29 -------- d-----w- C:\Program Files (x86)\Red 5 Studios
2014-07-30 02:07:53 -------- d-----w- C:\Users\Andrew\AppData\Local\Red 5 Studios
2014-07-30 02:04:59 83736 ----a-w- C:\Windows\System32\xinput1_2.dll
.
==================== Find3M  ====================
.
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:11:32 51200 ----a-w- C:\Windows\System32\jsproxy(183).dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9(182).dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent(181).dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl(179).cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 01:39:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 01:39:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 16:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-22 02:00:28 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-21 17:04:03 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-21 17:03:46 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 20:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 20:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 20:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 20:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 20:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 20:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 20:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-29 23:07:51 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-29 11:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
.
============= FINISH: 17:10:42.12 ===============


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 PM

Posted 27 August 2014 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545289 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 27 August 2014 - 07:53 PM

so it started when i got a pop up from avg saying im infected with a trojan called crypt_s. also ive been getting a few blue screens here and there. my computer is a little sluggish and my browser is extremely delayed.

 

heres my dds

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.60.2
Run by Andrew at 20:53:11 on 2014-08-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8189.6029 [GMT -4:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://facebook.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5C4D650E-2D53-45AB-9E2F-A74D41E97C15} : DHCPNameServer = 192.168.1.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2014-7-6 74432]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-11 3244048]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-11 289328]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-19 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-21 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-21 21055432]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-21 413128]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2014-6-21 65408]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2014-6-21 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-19 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-19 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-21 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-21 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-21 646248]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2014-7-6 129472]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-6-21 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-24 00:55:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-24 00:55:10 -------- d-----w- C:\AdwCleaner
2014-08-20 14:54:14 -------- d-----w- C:\ProgramData\Licenses
2014-08-20 14:53:56 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 14:53:44 -------- d-----w- C:\ProgramData\Simply Super Software
2014-08-20 14:53:44 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2014-08-20 01:40:36 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-20 01:40:20 -------- d-----w- C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-20 01:37:52 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-20 01:37:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-20 01:37:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-20 01:37:52 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-20 01:37:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-20 01:37:42 -------- d-----w- C:\Users\Andrew\AppData\Local\Programs
2014-08-16 22:47:22 -------- d-----w- C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 22:47:08 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-16 19:12:52 -------- d-----w- C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 19:12:27 -------- d-----w- C:\ProgramData\AVG Web TuneUp
2014-08-16 19:12:26 -------- d-----w- C:\Program Files (x86)\AVG Web TuneUp
2014-08-15 17:34:23 -------- d-----w- C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-15 17:33:42 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 17:33:21 -------- d--h--w- C:\$AVG
2014-08-15 17:33:21 -------- d-----w- C:\ProgramData\AVG2014
2014-08-15 17:31:55 -------- d-----w- C:\Program Files (x86)\AVG
2014-08-15 15:42:50 -------- d--h--w- C:\ProgramData\Common Files
2014-08-15 15:42:50 -------- d-----w- C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 15:42:50 -------- d-----w- C:\Users\Andrew\AppData\Local\Avg2014
2014-08-15 15:42:50 -------- d-----w- C:\ProgramData\MFAData
2014-08-15 15:17:36 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EB43C70-DCF3-4CB5-8312-6F62C47636B2}\mpengine.dll
2014-08-15 07:01:28 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 07:01:28 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 07:01:28 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 07:01:28 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 07:01:28 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 07:01:28 171160 ----a-w- C:\Windows\System32\infocardapi(180).dll
2014-08-15 07:01:28 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 07:00:59 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:00:59 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-02 06:22:55 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-02 06:22:10 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-02 06:22:10 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-02 06:21:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-02 06:21:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-02 06:21:59 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-02 06:21:59 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-07-30 02:19:40 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-07-30 02:19:35 -------- d--h--w- C:\Windows\msdownld.tmp
2014-07-30 02:19:35 -------- d-----w- C:\Windows\SysWow64\directx
2014-07-30 02:18:29 -------- d-----w- C:\Program Files (x86)\Red 5 Studios
2014-07-30 02:07:53 -------- d-----w- C:\Users\Andrew\AppData\Local\Red 5 Studios
2014-07-30 02:04:59 83736 ----a-w- C:\Windows\System32\xinput1_2.dll
.
==================== Find3M  ====================
.
2014-08-07 02:06:41 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:11:32 51200 ----a-w- C:\Windows\System32\jsproxy(183).dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9(182).dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent(181).dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl(179).cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 01:39:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 01:39:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-30 16:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-22 02:00:28 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-21 17:04:03 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-21 17:03:46 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 20:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 20:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 20:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 20:06:24 190744 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 20:06:22 242968 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 20:06:20 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 20:06:06 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 20:53:32.83 ===============


#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 27 August 2014 - 09:21 PM

Hi, munroe721! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer without asking me first! This will make it practically impossible for me to assist you.
  • Please don't run things without asking me first, this will also make it impossible for me to help you.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First, let's run a scan with FRST to get some more information.

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 27 August 2014 - 10:07 PM

hello thank you for your help

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Andrew (administrator) on ANDREW-PC on 27-08-2014 23:04:04
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Andrew\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\Run: [uTorrent] => C:\Users\Andrew\AppData\Roaming\uTorrent\uTorrent.exe [1329744 2014-07-17] (BitTorrent Inc.)
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbdebe-fa37-11e3-8327-50e549c6de87} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbe13d-fa37-11e3-8327-50e549c6de87} - G:\TL_Bootstrap.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F3C446F728DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={4A1C6F17-41FB-4A54-8312-90503F664ADB}&mid=041f39611a9147d292b281ac0f223774-6a34be55115ed696776f4c2fe878b82f5f9bda5f&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-16 15:12:36&v=3.2.0.14&pid=wtu&sg=&sap=hp
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-06-23]
CHR Extension: (PicMonkey) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-06-23]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 23:04 - 2014-08-27 23:04 - 00015134 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-08-27 23:03 - 2014-08-27 23:04 - 00000000 ____D () C:\FRST
2014-08-27 22:56 - 2014-08-27 23:00 - 02103296 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64 (1).exe
2014-08-27 22:51 - 2014-08-27 22:52 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 22:48 - 2014-08-27 22:49 - 02103296 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:49 - 2014-08-27 20:52 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-23 20:55 - 2014-08-23 20:58 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:14 - 2014-08-23 14:15 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:09 - 2014-08-22 17:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-21 23:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:40 - 2014-08-27 20:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 21:40 - 2014-08-19 21:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 21:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 21:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 21:27 - 2014-08-19 21:52 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-16 18:47 - 2014-08-17 15:49 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-16 18:47 - 2014-08-16 18:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-17 15:49 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 19:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:28 - 2014-08-16 14:29 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-15 13:34 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-15 13:33 - 2014-08-19 20:49 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-15 13:33 - 2014-08-17 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-08-27 22:44 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-15 11:42 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi(180).dll
2014-08-15 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
2014-08-14 20:26 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 20:26 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 20:26 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 20:26 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 20:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 20:26 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 20:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 20:26 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy(183).dll
2014-08-14 20:26 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 20:26 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 20:26 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 20:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 20:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 20:26 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9(182).dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent(181).dll
2014-08-14 20:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 20:26 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 20:26 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 20:26 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 20:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl(179).cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 20:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 20:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 20:26 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 20:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 20:26 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 20:26 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 20:26 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 20:26 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 20:26 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 20:26 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 20:26 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 20:26 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 20:26 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 20:26 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 20:26 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 20:26 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 20:26 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 02:22 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 02:22 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 02:22 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 02:22 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 02:22 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 02:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 02:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 02:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 02:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-07-29 22:18 - 2014-07-29 22:18 - 00000000 ____D () C:\Program Files (x86)\Red 5 Studios
2014-07-29 22:17 - 2014-07-29 22:17 - 18472200 _____ () C:\Users\Andrew\Downloads\FirefallInstaller.exe
2014-07-29 22:07 - 2014-07-29 22:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Red 5 Studios
2014-07-29 22:07 - 2014-07-29 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Firefall
2014-07-29 22:05 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-07-29 22:05 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-07-29 22:05 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-07-29 22:05 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-07-29 22:05 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-07-29 22:05 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-07-29 22:05 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-07-29 22:05 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-07-29 22:05 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-07-29 22:05 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-07-29 22:05 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-07-29 22:05 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-07-29 22:05 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-07-29 22:05 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-07-29 22:05 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-07-29 22:05 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-07-29 22:05 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-07-29 22:05 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-07-29 22:05 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-07-29 22:05 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-29 22:05 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-29 22:05 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-07-29 22:05 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-07-29 22:05 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-07-29 22:05 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-07-29 22:05 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-29 22:05 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-29 22:05 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-29 22:05 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-07-29 22:05 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-07-29 22:05 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-07-29 22:05 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-07-29 22:05 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-07-29 22:05 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-07-29 22:05 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-07-29 22:05 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-07-29 22:05 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-07-29 22:05 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-07-29 22:05 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-07-29 22:05 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-07-29 22:05 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-07-29 22:05 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-07-29 22:05 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-07-29 22:05 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-07-29 22:05 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-07-29 22:05 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-07-29 22:05 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-07-29 22:05 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-07-29 22:05 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-07-29 22:05 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-07-29 22:05 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-07-29 22:05 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-07-29 22:05 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-07-29 22:05 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-07-29 22:05 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-07-29 22:05 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-07-29 22:05 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-07-29 22:05 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-07-29 22:05 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-07-29 22:05 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-07-29 22:05 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-07-29 22:05 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-07-29 22:05 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-07-29 22:05 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-07-29 22:05 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-07-29 22:05 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-07-29 22:05 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-07-29 22:05 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-07-29 22:05 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-07-29 22:05 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-07-29 22:05 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-07-29 22:05 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-07-29 22:05 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-07-29 22:05 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-07-29 22:05 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-07-29 22:05 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-07-29 22:05 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-07-29 22:05 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-07-29 22:05 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-07-29 22:04 - 2014-07-29 22:05 - 00010047 _____ () C:\Windows\DirectX.log
2014-07-29 22:04 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-07-29 22:04 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-07-29 22:04 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-07-29 22:04 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-07-29 22:04 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-07-29 22:04 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-07-29 22:04 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-07-29 22:04 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-07-29 22:04 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-07-29 22:04 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-07-29 22:04 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-07-29 22:04 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-07-29 22:04 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-07-29 22:04 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-07-29 22:04 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-07-29 22:04 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-07-29 22:04 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-07-29 22:04 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-07-29 22:04 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-07-29 22:04 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-07-29 22:04 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-07-29 22:04 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-07-29 22:04 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-07-29 22:04 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-07-29 22:04 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-07-29 22:04 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-07-29 22:04 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-07-29 22:04 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-07-29 22:04 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-07-29 22:04 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-07-29 22:04 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-07-29 22:04 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-07-29 22:04 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-07-29 22:04 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-07-29 22:04 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-07-29 22:04 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-07-29 21:36 - 2014-07-29 21:37 - 00000222 _____ () C:\Users\Andrew\Desktop\Firefall.url
2014-07-29 21:33 - 2014-07-29 21:33 - 00561182 _____ () C:\Users\Andrew\Downloads\Teenage.Mutant.Ninja.Turtles.Quadrilogy.1990.2007.BRRip.x264-x0r(1).torrent
2014-07-29 21:30 - 2014-07-29 21:30 - 00124484 _____ () C:\Users\Andrew\Downloads\Lone.Survivor.2013.DVDSCR.x264.AC3-FooKaS.torrent
2014-07-29 21:30 - 2014-07-29 21:30 - 00008516 _____ () C:\Users\Andrew\Downloads\American.Hustle.2013.DVDSCR.x264.AC3-FooKaS.torrent
2014-07-29 21:28 - 2014-07-29 21:28 - 00096652 _____ () C:\Users\Andrew\Downloads\Bad Neighbors 2014 WEBRIP x264 AC3 TiTAN.torrent
2014-07-29 21:28 - 2014-07-29 21:28 - 00019993 _____ () C:\Users\Andrew\Downloads\A Million Ways To Die In The West 2014 Webrip x264 AC3 TiTAN.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00117538 _____ () C:\Users\Andrew\Downloads\Noah.2013.720p.BluRay.x264-SPARKS.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00023016 _____ () C:\Users\Andrew\Downloads\The.Raid.2.2014.720p.BRRiP.XViD.AC3-LEGi0N.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00014902 _____ () C:\Users\Andrew\Downloads\The.Expendables.3.2014.DVDSCR.XviD-VAiN.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 23:04 - 2014-08-27 23:04 - 00015134 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-08-27 23:04 - 2014-08-27 23:03 - 00000000 ____D () C:\FRST
2014-08-27 23:00 - 2014-08-27 22:56 - 02103296 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64 (1).exe
2014-08-27 22:59 - 2014-06-23 10:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\uTorrent
2014-08-27 22:52 - 2014-08-27 22:51 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 22:52 - 2014-06-27 22:54 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-08-27 22:49 - 2014-08-27 22:48 - 02103296 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-08-27 22:44 - 2014-08-15 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-27 22:14 - 2014-06-21 13:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 22:06 - 2014-07-10 21:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 21:53 - 2014-06-21 11:53 - 02036892 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 21:46 - 2014-06-22 22:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-08-27 21:18 - 2009-07-14 00:51 - 00042053 _____ () C:\Windows\setupact.log
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:52 - 2014-08-27 20:49 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-27 20:47 - 2014-08-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 20:42 - 2014-06-21 13:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 00:07 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 00:07 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-26 00:00 - 2014-06-21 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-26 00:00 - 2014-06-21 11:59 - 517738860 _____ () C:\Windows\MEMORY.DMP
2014-08-26 00:00 - 2014-06-21 11:59 - 00000000 ____D () C:\Windows\Minidump
2014-08-26 00:00 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 23:53 - 2014-06-27 22:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-25 23:52 - 2009-07-14 00:45 - 00296448 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 22:37 - 2014-06-22 22:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-23 21:33 - 2010-11-20 23:47 - 00023768 _____ () C:\Windows\PFRO.log
2014-08-23 20:58 - 2014-08-23 20:55 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:15 - 2014-08-23 14:14 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-23 11:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:10 - 2014-08-22 17:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-21 23:28 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-08-19 21:52 - 2014-08-19 21:27 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-19 21:41 - 2014-08-19 21:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 20:49 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-17 20:22 - 2014-06-22 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 20:21 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-08-17 20:21 - 2014-07-06 02:01 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-17 20:21 - 2014-07-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-17 20:21 - 2014-06-21 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-17 20:18 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-17 20:18 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-17 20:17 - 2014-06-21 13:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 20:17 - 2014-06-21 12:46 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-17 16:45 - 2014-06-21 11:53 - 00000000 ____D () C:\Users\Andrew
2014-08-17 15:49 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-17 15:49 - 2014-08-16 15:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 19:12 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 18:48 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:29 - 2014-08-16 14:28 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-16 13:39 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 16:18 - 2014-06-21 13:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:06 - 2014-06-21 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:04 - 2014-06-21 22:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
2014-08-06 22:06 - 2014-08-14 20:26 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-14 20:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:56 - 2014-06-27 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-31 19:41 - 2014-08-14 20:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 19:16 - 2014-08-14 20:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 22:22 - 2014-07-29 22:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Red 5 Studios
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2014-07-29 22:19 - 2014-07-29 22:19 - 00000000 ____D () C:\Program Files (x86)\Xiph.Org
2014-07-29 22:18 - 2014-07-29 22:18 - 00000000 ____D () C:\Program Files (x86)\Red 5 Studios
2014-07-29 22:17 - 2014-07-29 22:17 - 18472200 _____ () C:\Users\Andrew\Downloads\FirefallInstaller.exe
2014-07-29 22:07 - 2014-07-29 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Firefall
2014-07-29 22:05 - 2014-07-29 22:04 - 00010047 _____ () C:\Windows\DirectX.log
2014-07-29 21:37 - 2014-07-29 21:36 - 00000222 _____ () C:\Users\Andrew\Desktop\Firefall.url
2014-07-29 21:33 - 2014-07-29 21:33 - 00561182 _____ () C:\Users\Andrew\Downloads\Teenage.Mutant.Ninja.Turtles.Quadrilogy.1990.2007.BRRip.x264-x0r(1).torrent
2014-07-29 21:30 - 2014-07-29 21:30 - 00124484 _____ () C:\Users\Andrew\Downloads\Lone.Survivor.2013.DVDSCR.x264.AC3-FooKaS.torrent
2014-07-29 21:30 - 2014-07-29 21:30 - 00008516 _____ () C:\Users\Andrew\Downloads\American.Hustle.2013.DVDSCR.x264.AC3-FooKaS.torrent
2014-07-29 21:28 - 2014-07-29 21:28 - 00096652 _____ () C:\Users\Andrew\Downloads\Bad Neighbors 2014 WEBRIP x264 AC3 TiTAN.torrent
2014-07-29 21:28 - 2014-07-29 21:28 - 00019993 _____ () C:\Users\Andrew\Downloads\A Million Ways To Die In The West 2014 Webrip x264 AC3 TiTAN.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00117538 _____ () C:\Users\Andrew\Downloads\Noah.2013.720p.BluRay.x264-SPARKS.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00023016 _____ () C:\Users\Andrew\Downloads\The.Raid.2.2014.720p.BRRiP.XViD.AC3-LEGi0N.torrent
2014-07-29 21:27 - 2014-07-29 21:27 - 00014902 _____ () C:\Users\Andrew\Downloads\The.Expendables.3.2014.DVDSCR.XviD-VAiN.torrent
2014-07-29 21:25 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Razer
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Andrew\AppData\Local\Temp\tmp2917.exe
C:\Users\Andrew\AppData\Local\Temp\tmp29A6.exe
C:\Users\Andrew\AppData\Local\Temp\tmp2F01.exe
C:\Users\Andrew\AppData\Local\Temp\tmp3625.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 08:57
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Andrew at 2014-08-27 23:04:36
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1D1DCF8A-6961-F848-0DA0-5401969C44CE}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4745 - AVG Technologies) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
Google Chrome (HKLM-x32\...\{A4DE5CD7-96D6-3979-8C39-E864396AFFC0}) (Version: 65.223.153 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.54 - Happy Cloud, Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TERA (HKCU\...\teraenmasse) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
15-08-2014 07:00:18 Windows Update
15-08-2014 17:31:41 Installed AVG 2014
15-08-2014 17:32:04 Installed AVG 2014
16-08-2014 17:37:54 Windows Backup
16-08-2014 18:01:54 Windows Backup
16-08-2014 18:46:23 Windows Backup
17-08-2014 19:43:15 Restore Operation
24-08-2014 23:00:09 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {354B87CD-ED50-4499-9D98-6FF192B32D6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {C598AC71-1E26-4997-B62C-CCEAEAF37AAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-21] (Google Inc.)
Task: {D4456AA5-F359-4649-93B6-494C9B69723F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {FFBA467D-55EA-48C2-BB38-071B44D63E3C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-21 12:08 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-15 16:18 - 2014-08-06 23:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 16:18 - 2014-08-06 23:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 16:18 - 2014-08-06 23:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 16:18 - 2014-08-06 23:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 16:18 - 2014-08-06 23:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: PowerPC Processor
Description: PowerPC Processor
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2014 00:00:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 11:52:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 10:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x15fc
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (08/24/2014 08:31:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: "C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Cookies" Data error (cyclic redundancy check). (0x80070017).
 
Error: (08/24/2014 07:08:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\d3dcompiler_46.dll" Data error (cyclic redundancy check). (0x80070017).
 
Error: (08/23/2014 09:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 02:15:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 02:00:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 11:51:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/27/2014 11:03:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:03:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:03:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:03:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:03:02 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:02:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:02:56 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:02:53 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:02:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (08/27/2014 11:02:47 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (08/26/2014 00:00:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 11:52:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 10:42:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/25/2014 08:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e015fc01cfc0c4ef735e66C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dlle20159d2-2cb8-11e4-bf09-50e549c6de87
 
Error: (08/24/2014 08:31:09 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: "C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Cookies" Data error (cyclic redundancy check). (0x80070017)
 
Error: (08/24/2014 07:08:34 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\d3dcompiler_46.dll" Data error (cyclic redundancy check). (0x80070017)
 
Error: (08/23/2014 09:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 02:15:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 02:00:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/23/2014 11:51:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X6 1045T Processor
Percentage of memory in use: 23%
Total physical RAM: 8189.24 MB
Available physical RAM: 6224.26 MB
Total Pagefile: 16376.66 MB
Available Pagefile: 13926.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1751.99 GB) NTFS
Drive e: (My Book) (Fixed) (Total:931.28 GB) (Free:682.29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 60B54903)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 62E77594)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
==================== End Of Log ============================


#7 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 31 August 2014 - 09:10 AM

Hi,

 

My sincerest apologies about me taking so long to get back to you. All of my responses to you are reviewed by an instructor to ensure quality, so we've been discussing how I should go about helping you next. I've not forgotten about you, rest assured. I will post your further instructions soon. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 01 September 2014 - 10:07 PM

Hi,

 

Excellent. Now, let's get to work! :)

 

First, I see you have uTorrent installed. This is a peer-to-peer program, and although it is useful for sharing files, it is an extreme security risk. Even if not using it for illegal purposes, you may have your personal information shared without your knowledge, and can both download and even spread infections without knowing as well. The risk of this greatly increases with the sharing of illegal data. Because of the risks of using this program, I highly recommend you remove it from your computer. If you still want to keep it, let me know, and don't use it until we're done fixing your problems.

 

Farbar Recovery Scan Tool

Next, I'm going to have you run a script with FRST to get rid of a few things.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbdebe-fa37-11e3-8327-50e549c6de87} - "E:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbe13d-fa37-11e3-8327-50e549c6de87} - G:\TL_Bootstrap.exe
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    C:\ProgramData\TEMP
    C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe
    C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
    C:\Users\Andrew\AppData\Local\Temp\swt-win32-3349.dll
    C:\Users\Andrew\AppData\Local\Temp\tmp2917.exe
    C:\Users\Andrew\AppData\Local\Temp\tmp29A6.exe
    C:\Users\Andrew\AppData\Local\Temp\tmp2F01.exe
    C:\Users\Andrew\AppData\Local\Temp\tmp3625.exe
    AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

    Save it to the same location as FRST as fixlist.txt.

  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

VirusTotal

Now, I need you to scan a few suspicious files with VirusTotal.

  • Visit VirusTotal, and click Choose File. Navigate to the following files and choose them, one at a time:
    C:\Windows\system32\infocardapi(180).dll

    C:\Windows\system32\jsproxy(183).dll

    C:\Windows\system32\jscript9(182).dll

    C:\Windows\system32\JavaScriptCollectionAgent(181).dll

    C:\Windows\system32\inetcpl(179).cpl

  • Click Scan it! after choosing your file. If you receive a message telling you the file has already been scanned, please scan it again anyway.
  • Once VirusTotal is done scanning the file, copy and paste each of the URLs of the scan results into your reply.

CHKDSK

 

Next, there are lines in your system errors log that suggest your hard drive is having some problems. With this in mind, I'm gonna have you run CHKDSK, which should hopefully find and fix any errors your drive is having. :)

  • Go to Start > All Programs > Accessories, and right click Command Prompt, and select Run as administrator.
  • In the Command Prompt that opens, type chkdsk c: /r and hit enter. When CHKDSK prompts you whether to run at the next reboot or not, type in y and hit enter.
  • Reboot your computer, and allow CHKDSK to run. Once it's finished, your PC will reboot normally.
  • Once you're logged in, hold down the Windows key and hit R. Type in eventvwr and hit enter.
  • In the Event Viewer, expand Windows Logs and click Application. Click Source above the list to sort the entries by name.
  • Scroll through the list until you find any entry with a source of Wininit. Click on any present until you find the one that contains the CHKDSK information (it will be the text you saw on the screen while CHKDSK was running).
  • Right click the CHKDSK event in the list of events, hover over Copy and click Copy Details as Text. Then paste it into your reply.

Questions and Final Notes

 

Finally, do you recognize this file in your downloads folder? D600.tmp

Or this folder in your AppData\Local? ToolVoice

 

Please let me know how your PC is running now.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 01 September 2014 - 10:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Andrew at 2014-09-01 23:25:48 Run:1
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbdebe-fa37-11e3-8327-50e549c6de87} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\MountPoints2: {43fbe13d-fa37-11e3-8327-50e549c6de87} - G:\TL_Bootstrap.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\ProgramData\TEMP
C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Andrew\AppData\Local\Temp\tmp2917.exe
C:\Users\Andrew\AppData\Local\Temp\tmp29A6.exe
C:\Users\Andrew\AppData\Local\Temp\tmp2F01.exe
C:\Users\Andrew\AppData\Local\Temp\tmp3625.exe
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-198349542-2925412597-784436698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43fbdebe-fa37-11e3-8327-50e549c6de87}" => Key deleted successfully.
"HKCR\CLSID\{43fbdebe-fa37-11e3-8327-50e549c6de87}" => Key not found.
"HKU\S-1-5-21-198349542-2925412597-784436698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43fbe13d-fa37-11e3-8327-50e549c6de87}" => Key deleted successfully.
"HKCR\CLSID\{43fbe13d-fa37-11e3-8327-50e549c6de87}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\ProgramData\TEMP => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\tmp2917.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\tmp29A6.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\tmp2F01.exe => Moved successfully.
C:\Users\Andrew\AppData\Local\Temp\tmp3625.exe => Moved successfully.
"C:\ProgramData\TEMP" => ":CB0AACC9" ADS not found.
 
==== End of Fixlog ====
 
 
 
 
 
 
i dont know what either of those files you mentioned are for...also i removed utorrent.


#10 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 02 September 2014 - 08:35 PM

also the chkdsk data

 

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          9/2/2014 4:51:08 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Andrew-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  204032 file records processed.                                         
 
File verification completed.
  1010 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  44 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  288628 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  204032 file SDs/SIDs processed.                                        
 
Cleaning up 395 unused index entries from index $SII of file 0x9.
Cleaning up 395 unused index entries from index $SDH of file 0x9.
Cleaning up 395 unused security descriptors.
Security descriptor verification completed.
  42299 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36971056 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x2bc1c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc28000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2bc29000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc29000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2bc2a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc2a000 for 0x1000 bytes.
Windows replaced bad clusters in file 40875
of name \Windows\ehome\WTVGOTHIC-S.ttc.
Read failure with status 0xc000009c at offset 0x2cad9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae7000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2cae8000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae8000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2cae9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae9000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caea000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caeb000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caef000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caf0000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caf3000 for 0x1000 bytes.
Windows replaced bad clusters in file 42222
of name \Windows\winsxs\AMD64_~1.175\wcp.dll.
Read failure with status 0xc000009c at offset 0x2c434000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c43e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2c43f000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c447000 for 0x1000 bytes.
Windows replaced bad clusters in file 109593
of name \PROGRA~2\Google\Chrome\APPLIC~1\360198~1.125\D3DCOM~2.DLL.
Read failure with status 0xc000009c at offset 0x2c579000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c587000 for 0x1000 bytes.
Windows replaced bad clusters in file 111780
of name \Users\Andrew\AppData\Local\Google\Chrome\USERDA~1\Default\Cookies.
  204016 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  460978030 free clusters processed.                                        
 
Free space verification is complete.
Adding 12 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
1953410047 KB total disk space.
 109033396 KB in 149567 files.
     97600 KB in 42300 indexes.
        48 KB in bad sectors.
    366879 KB in use by the system.
     65536 KB occupied by the log file.
1843912124 KB available on disk.
 
      4096 bytes in each allocation unit.
 488352511 total allocation units on disk.
 460978031 allocation units available on disk.
 
Internal Info:
00 1d 03 00 86 ed 02 00 34 3d 05 00 00 00 00 00  ........4=......
2c a4 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ,...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-09-02T08:51:08.000000000Z" />
    <EventRecordID>4491</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Andrew-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  204032 file records processed.                                         
 
File verification completed.
  1010 large file records processed.                                   
 
  0 bad file records processed.                                     
 
  0 EA records processed.                                           
 
  44 reparse records processed.                                      
 
CHKDSK is verifying indexes (stage 2 of 5)...
  288628 index entries processed.                                        
 
Index verification completed.
  0 unindexed files scanned.                                        
 
  0 unindexed files recovered.                                      
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
  204032 file SDs/SIDs processed.                                        
 
Cleaning up 395 unused index entries from index $SII of file 0x9.
Cleaning up 395 unused index entries from index $SDH of file 0x9.
Cleaning up 395 unused security descriptors.
Security descriptor verification completed.
  42299 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
  36971056 USN bytes processed.                                            
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc000009c at offset 0x2bc1c000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc28000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2bc29000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc29000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2bc2a000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2bc2a000 for 0x1000 bytes.
Windows replaced bad clusters in file 40875
of name \Windows\ehome\WTVGOTHIC-S.ttc.
Read failure with status 0xc000009c at offset 0x2cad9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae7000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2cae8000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae8000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2cae9000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2cae9000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caea000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caeb000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caec000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caef000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2caf0000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2caf3000 for 0x1000 bytes.
Windows replaced bad clusters in file 42222
of name \Windows\winsxs\AMD64_~1.175\wcp.dll.
Read failure with status 0xc000009c at offset 0x2c434000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c43e000 for 0x1000 bytes.
Read failure with status 0xc000009c at offset 0x2c43f000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c447000 for 0x1000 bytes.
Windows replaced bad clusters in file 109593
of name \PROGRA~2\Google\Chrome\APPLIC~1\360198~1.125\D3DCOM~2.DLL.
Read failure with status 0xc000009c at offset 0x2c579000 for 0x10000 bytes.
Read failure with status 0xc000009c at offset 0x2c587000 for 0x1000 bytes.
Windows replaced bad clusters in file 111780
of name \Users\Andrew\AppData\Local\Google\Chrome\USERDA~1\Default\Cookies.
  204016 files processed.                                                
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  460978030 free clusters processed.                                        
 
Free space verification is complete.
Adding 12 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
1953410047 KB total disk space.
 109033396 KB in 149567 files.
     97600 KB in 42300 indexes.
        48 KB in bad sectors.
    366879 KB in use by the system.
     65536 KB occupied by the log file.
1843912124 KB available on disk.
 
      4096 bytes in each allocation unit.
 488352511 total allocation units on disk.
 460978031 allocation units available on disk.
 
Internal Info:
00 1d 03 00 86 ed 02 00 34 3d 05 00 00 00 00 00  ........4=......
2c a4 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ,...,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#11 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 04 September 2014 - 02:05 PM

Hi,

 

Very good. Now then, I've got a few questions.

 

Those VirusTotal results look great. However, they're not the files I asked you to upload. They have very similar names, but the files I instructed you to scan all had parenthesized numbers at the ends, before the .dll. For example, inetcpl(179).dll. Did you mistake the names of the files, or could you not find the ones I specified? :)

 

Next, I need you to rerun a scan with FRST to get a fresh look at your system, and I'll also need to see the log. This time, however, Addition.txt will not be made.

 

Finally, please tell me how your computer is running. It's very important that you give me performance updates every time we run a fix, because I may need to do more research depending on how your PC is behaving. I would especially like to know if the AVG notification is still popping up. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#12 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 04 September 2014 - 07:36 PM

yes i was confused i didnt see any of the files with the numbers in the names just files with out the parentheses ... also my computer is running very good my browser seems under my control again and havent had any blue screens since running all the scans and stuff.


Edited by munroe721, 04 September 2014 - 07:41 PM.


#13 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 06 September 2014 - 10:25 AM

Hi,

 

Awesome to hear that the computer's running well! :thumbup2: For now, I'd like you to get a fresh FRST log (like I asked in my previous post) so that I can get an updated look at your system. This will prove vital in deciding our next steps. :)

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#14 munroe721

munroe721
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 06 September 2014 - 12:44 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Andrew (administrator) on ANDREW-PC on 06-09-2014 13:43:14
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4944\Battle.net.exe
(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F3C446F728DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={4A1C6F17-41FB-4A54-8312-90503F664ADB}&mid=041f39611a9147d292b281ac0f223774-6a34be55115ed696776f4c2fe878b82f5f9bda5f&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-16 15:12:36&v=3.2.0.14&pid=wtu&sg=&sap=hp
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-06-23]
CHR Extension: (PicMonkey) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-06-23]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 23:32 - 2014-09-06 00:23 - 00000226 _____ () C:\Users\Andrew\BullseyeCoverageError.txt
2014-09-05 23:32 - 2014-09-05 23:32 - 01202032 _____ (Unity Technologies ApS) C:\Users\Andrew\Downloads\UnityWebPlayer.exe
2014-09-05 23:32 - 2014-09-05 23:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Unity
2014-09-04 22:07 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Diablo III
2014-09-04 21:54 - 2014-09-04 22:07 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-04 21:54 - 2014-09-04 21:54 - 00001138 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-09-04 21:54 - 2014-09-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-04 21:52 - 2014-09-06 13:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Battle.net
2014-09-04 21:52 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\NVIDIA
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-04 21:51 - 2014-09-04 21:51 - 03589024 _____ (Blizzard Entertainment) C:\Users\Andrew\Downloads\Diablo-III-Setup-enUS.exe
2014-09-04 21:51 - 2014-09-04 21:51 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-01 23:25 - 2014-09-01 23:25 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-09-01 09:56 - 2014-09-01 09:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-01 09:56 - 2010-04-24 05:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLMA0.DLL
2014-08-30 11:15 - 2014-08-30 11:15 - 00292792 _____ () C:\Windows\Minidump\083014-78858-01.dmp
2014-08-27 23:04 - 2014-09-06 13:43 - 00014687 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-08-27 23:04 - 2014-08-27 23:05 - 00022681 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-08-27 23:03 - 2014-09-06 13:43 - 00000000 ____D () C:\FRST
2014-08-27 22:51 - 2014-08-27 22:52 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 22:48 - 2014-09-01 23:25 - 02104832 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:49 - 2014-08-27 20:52 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-27 20:39 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:39 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:39 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-23 20:55 - 2014-08-23 20:58 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:14 - 2014-08-23 14:15 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:09 - 2014-08-22 17:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:40 - 2014-08-29 22:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 21:40 - 2014-08-19 21:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 21:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 21:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 21:27 - 2014-08-19 21:52 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-16 18:47 - 2014-08-17 15:49 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-16 18:47 - 2014-08-16 18:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-17 15:49 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 19:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:28 - 2014-08-16 14:29 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-15 13:34 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-15 13:33 - 2014-09-02 21:30 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-15 13:33 - 2014-09-02 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-15 13:33 - 2014-08-19 20:49 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-09-06 12:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-15 11:42 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi(180).dll
2014-08-15 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
2014-08-14 20:26 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 20:26 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 20:26 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 20:26 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 20:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 20:26 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 20:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 20:26 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy(183).dll
2014-08-14 20:26 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 20:26 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 20:26 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 20:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 20:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 20:26 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9(182).dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent(181).dll
2014-08-14 20:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 20:26 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 20:26 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 20:26 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 20:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl(179).cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 20:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 20:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 20:26 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 20:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 20:26 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 20:26 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 20:26 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 20:26 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 20:26 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 20:26 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 20:26 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 20:26 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 20:26 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 20:26 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 13:43 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Battle.net
2014-09-06 13:43 - 2014-08-27 23:04 - 00014687 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-06 13:43 - 2014-08-27 23:03 - 00000000 ____D () C:\FRST
2014-09-06 13:39 - 2014-06-27 22:54 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-09-06 13:14 - 2014-06-21 13:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 13:14 - 2014-06-21 13:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 13:06 - 2014-07-10 21:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 12:39 - 2014-08-15 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 00:23 - 2014-09-05 23:32 - 00000226 _____ () C:\Users\Andrew\BullseyeCoverageError.txt
2014-09-05 23:32 - 2014-09-05 23:32 - 01202032 _____ (Unity Technologies ApS) C:\Users\Andrew\Downloads\UnityWebPlayer.exe
2014-09-05 23:32 - 2014-09-05 23:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Unity
2014-09-05 23:32 - 2014-06-21 11:53 - 00000000 ____D () C:\Users\Andrew
2014-09-05 21:59 - 2014-06-22 22:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-09-05 21:28 - 2014-06-21 11:53 - 01241848 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 20:39 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 20:39 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 10:44 - 2014-06-21 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-05 10:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 10:44 - 2009-07-14 00:51 - 00044807 _____ () C:\Windows\setupact.log
2014-09-04 22:07 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Diablo III
2014-09-04 22:07 - 2014-09-04 21:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-04 22:07 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Battle.net
2014-09-04 21:54 - 2014-09-04 21:54 - 00001138 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-09-04 21:54 - 2014-09-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-04 21:52 - 2014-09-04 21:52 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\NVIDIA
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-04 21:51 - 2014-09-04 21:51 - 03589024 _____ (Blizzard Entertainment) C:\Users\Andrew\Downloads\Diablo-III-Setup-enUS.exe
2014-09-04 21:51 - 2014-09-04 21:51 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-04 20:43 - 2014-06-22 22:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 21:32 - 2014-06-21 13:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-08-15 13:33 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 21:30 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-01 23:25 - 2014-09-01 23:25 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-01 23:25 - 2014-08-27 22:48 - 02104832 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-09-01 09:56 - 2014-09-01 09:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-01 09:50 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 11:15 - 2014-08-30 11:15 - 00292792 _____ () C:\Windows\Minidump\083014-78858-01.dmp
2014-08-30 11:15 - 2014-06-21 11:59 - 542552300 _____ () C:\Windows\MEMORY.DMP
2014-08-30 11:15 - 2014-06-21 11:59 - 00000000 ____D () C:\Windows\Minidump
2014-08-29 22:56 - 2014-08-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 03:18 - 2009-07-14 00:45 - 00268008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 23:05 - 2014-08-27 23:04 - 00022681 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-08-27 22:52 - 2014-08-27 22:51 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:52 - 2014-08-27 20:49 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-25 23:53 - 2014-06-27 22:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-23 21:33 - 2010-11-20 23:47 - 00023768 _____ () C:\Windows\PFRO.log
2014-08-23 20:58 - 2014-08-23 20:55 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:15 - 2014-08-23 14:14 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-23 11:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-08-22 22:07 - 2014-08-27 20:39 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:39 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:39 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:10 - 2014-08-22 17:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-08-19 21:52 - 2014-08-19 21:27 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-19 21:41 - 2014-08-19 21:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 20:49 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-17 20:22 - 2014-06-22 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-08-17 20:21 - 2014-07-06 02:01 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-17 20:21 - 2014-07-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-17 20:21 - 2014-06-21 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-17 20:18 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-17 20:18 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-17 20:17 - 2014-06-21 13:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 20:17 - 2014-06-21 12:46 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-17 15:49 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-17 15:49 - 2014-08-16 15:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 19:12 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 18:48 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:29 - 2014-08-16 14:28 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:06 - 2014-06-21 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:04 - 2014-06-21 22:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signedScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Andrew (administrator) on ANDREW-PC on 06-09-2014 13:43:14
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4944\Battle.net.exe
(Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
HKU\S-1-5-21-198349542-2925412597-784436698-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F3C446F728DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {D68CC080-5810-459E-A9E7-66CFE73B4CCC} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={4A1C6F17-41FB-4A54-8312-90503F664ADB}&mid=041f39611a9147d292b281ac0f223774-6a34be55115ed696776f4c2fe878b82f5f9bda5f&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-16 15:12:36&v=3.2.0.14&pid=wtu&sg=&sap=hp
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-22]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-06-23]
CHR Extension: (PicMonkey) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-06-23]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-05 23:32 - 2014-09-06 00:23 - 00000226 _____ () C:\Users\Andrew\BullseyeCoverageError.txt
2014-09-05 23:32 - 2014-09-05 23:32 - 01202032 _____ (Unity Technologies ApS) C:\Users\Andrew\Downloads\UnityWebPlayer.exe
2014-09-05 23:32 - 2014-09-05 23:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Unity
2014-09-04 22:07 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Diablo III
2014-09-04 21:54 - 2014-09-04 22:07 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-04 21:54 - 2014-09-04 21:54 - 00001138 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-09-04 21:54 - 2014-09-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-04 21:52 - 2014-09-06 13:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Battle.net
2014-09-04 21:52 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\NVIDIA
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-04 21:51 - 2014-09-04 21:51 - 03589024 _____ (Blizzard Entertainment) C:\Users\Andrew\Downloads\Diablo-III-Setup-enUS.exe
2014-09-04 21:51 - 2014-09-04 21:51 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-01 23:25 - 2014-09-01 23:25 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-09-01 09:56 - 2014-09-01 09:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-01 09:56 - 2010-04-24 05:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLMA0.DLL
2014-08-30 11:15 - 2014-08-30 11:15 - 00292792 _____ () C:\Windows\Minidump\083014-78858-01.dmp
2014-08-27 23:04 - 2014-09-06 13:43 - 00014687 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-08-27 23:04 - 2014-08-27 23:05 - 00022681 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-08-27 23:03 - 2014-09-06 13:43 - 00000000 ____D () C:\FRST
2014-08-27 22:51 - 2014-08-27 22:52 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 22:48 - 2014-09-01 23:25 - 02104832 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:49 - 2014-08-27 20:52 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-27 20:39 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:39 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:39 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-23 20:55 - 2014-08-23 20:58 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:14 - 2014-08-23 14:15 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:09 - 2014-08-22 17:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:40 - 2014-08-29 22:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 21:40 - 2014-08-19 21:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-19 21:37 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-19 21:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 21:27 - 2014-08-19 21:52 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-16 18:47 - 2014-08-17 15:49 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-16 18:47 - 2014-08-16 18:48 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-17 15:49 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 19:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:28 - 2014-08-16 14:29 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-15 13:34 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-15 13:33 - 2014-09-02 21:30 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-15 13:33 - 2014-09-02 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-15 13:33 - 2014-08-19 20:49 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-09-06 12:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-15 11:42 - 2014-08-17 20:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi(180).dll
2014-08-15 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
2014-08-14 20:26 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 20:26 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 20:26 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 20:26 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 20:26 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 20:26 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 20:26 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 20:26 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 20:26 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 20:26 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy(183).dll
2014-08-14 20:26 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 20:26 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 20:26 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 20:26 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 20:26 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 20:26 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 20:26 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 20:26 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 20:26 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9(182).dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent(181).dll
2014-08-14 20:26 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 20:26 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 20:26 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 20:26 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 20:26 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 20:26 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 20:26 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 20:26 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 20:26 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl(179).cpl
2014-08-14 20:26 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 20:26 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 20:26 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 20:26 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 20:26 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 20:26 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 20:26 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 20:26 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 20:26 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 20:26 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 20:26 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 20:26 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 20:26 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 20:26 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 20:26 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 20:26 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 20:26 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 20:26 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 20:26 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 20:26 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 20:26 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 20:26 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 20:26 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 20:26 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 20:26 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 20:26 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 13:43 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Battle.net
2014-09-06 13:43 - 2014-08-27 23:04 - 00014687 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-06 13:43 - 2014-08-27 23:03 - 00000000 ____D () C:\FRST
2014-09-06 13:39 - 2014-06-27 22:54 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Skype
2014-09-06 13:14 - 2014-06-21 13:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 13:14 - 2014-06-21 13:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 13:06 - 2014-07-10 21:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 12:39 - 2014-08-15 11:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-06 00:23 - 2014-09-05 23:32 - 00000226 _____ () C:\Users\Andrew\BullseyeCoverageError.txt
2014-09-05 23:32 - 2014-09-05 23:32 - 01202032 _____ (Unity Technologies ApS) C:\Users\Andrew\Downloads\UnityWebPlayer.exe
2014-09-05 23:32 - 2014-09-05 23:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Unity
2014-09-05 23:32 - 2014-06-21 11:53 - 00000000 ____D () C:\Users\Andrew
2014-09-05 21:59 - 2014-06-22 22:04 - 00000000 ____D () C:\Users\Andrew\AppData\Local\PMB Files
2014-09-05 21:28 - 2014-06-21 11:53 - 01241848 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 20:39 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 20:39 - 2009-07-14 00:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 10:44 - 2014-06-21 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-05 10:44 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 10:44 - 2009-07-14 00:51 - 00044807 _____ () C:\Windows\setupact.log
2014-09-04 22:07 - 2014-09-04 22:07 - 00000000 ____D () C:\Users\Andrew\Documents\Diablo III
2014-09-04 22:07 - 2014-09-04 21:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-09-04 22:07 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Battle.net
2014-09-04 21:54 - 2014-09-04 21:54 - 00001138 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-09-04 21:54 - 2014-09-04 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-09-04 21:52 - 2014-09-04 21:52 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\NVIDIA
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-09-04 21:52 - 2014-09-04 21:52 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-04 21:51 - 2014-09-04 21:51 - 03589024 _____ (Blizzard Entertainment) C:\Users\Andrew\Downloads\Diablo-III-Setup-enUS.exe
2014-09-04 21:51 - 2014-09-04 21:51 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-04 20:43 - 2014-06-22 22:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 21:32 - 2014-06-21 13:02 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-09-02 21:30 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-09-02 21:30 - 2014-08-15 13:33 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-02 21:30 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-01 23:25 - 2014-09-01 23:25 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-01 23:25 - 2014-08-27 22:48 - 02104832 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-09-01 09:57 - 2014-09-01 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-09-01 09:56 - 2014-09-01 09:56 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-09-01 09:50 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 11:15 - 2014-08-30 11:15 - 00292792 _____ () C:\Windows\Minidump\083014-78858-01.dmp
2014-08-30 11:15 - 2014-06-21 11:59 - 542552300 _____ () C:\Windows\MEMORY.DMP
2014-08-30 11:15 - 2014-06-21 11:59 - 00000000 ____D () C:\Windows\Minidump
2014-08-29 22:56 - 2014-08-19 21:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 03:18 - 2009-07-14 00:45 - 00268008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 23:05 - 2014-08-27 23:04 - 00022681 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-08-27 22:52 - 2014-08-27 22:51 - 00166802 _____ () C:\Users\Andrew\Downloads\D600.tmp
2014-08-27 20:53 - 2014-08-27 20:53 - 00021347 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-08-27 20:53 - 2014-08-27 20:53 - 00006942 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-08-27 20:52 - 2014-08-27 20:49 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds (2).com
2014-08-26 00:00 - 2014-08-26 00:00 - 00292808 _____ () C:\Windows\Minidump\082614-89731-01.dmp
2014-08-25 23:53 - 2014-06-27 22:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-25 23:52 - 2014-08-25 23:52 - 00292816 _____ () C:\Windows\Minidump\082514-92290-01.dmp
2014-08-23 21:33 - 2010-11-20 23:47 - 00023768 _____ () C:\Windows\PFRO.log
2014-08-23 20:58 - 2014-08-23 20:55 - 00000000 ____D () C:\AdwCleaner
2014-08-23 20:54 - 2014-08-23 20:54 - 01364531 _____ () C:\Users\Andrew\Downloads\AdwCleaner.exe
2014-08-23 14:15 - 2014-08-23 14:14 - 00292784 _____ () C:\Windows\Minidump\082314-71479-01.dmp
2014-08-23 13:54 - 2014-08-23 13:54 - 00292808 _____ () C:\Windows\Minidump\082314-88062-01.dmp
2014-08-23 11:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-08-22 22:07 - 2014-08-27 20:39 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 20:39 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 20:39 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 17:17 - 2014-08-22 17:17 - 00688992 _____ (Swearware) C:\Users\Andrew\Downloads\dds (1).com
2014-08-22 17:10 - 2014-08-22 17:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-08-20 11:32 - 2014-08-20 11:32 - 00292496 _____ () C:\Windows\Minidump\082014-131945-01.dmp
2014-08-20 10:54 - 2014-08-20 10:54 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-20 10:53 - 2014-08-20 10:53 - 21657592 _____ (Simply Super Software ) C:\Users\Andrew\Downloads\trjsetup.exe
2014-08-20 10:53 - 2014-08-20 10:53 - 00001109 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\Documents\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-08-20 10:53 - 2014-08-20 10:53 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-08-19 21:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Branding
2014-08-19 21:52 - 2014-08-19 21:27 - 2564476928 _____ () C:\Users\Andrew\Downloads\X17-58996.iso
2014-08-19 21:41 - 2014-08-19 21:40 - 00000000 ____D () C:\Users\Andrew\AppData\Local\ToolVoice
2014-08-19 21:37 - 2014-08-19 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrew\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-19 21:37 - 2014-08-19 21:37 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 21:37 - 2014-08-19 21:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 21:30 - 2014-08-19 21:30 - 00000017 _____ () C:\Users\Andrew\AppData\Local\resmon.resmoncfg
2014-08-19 20:49 - 2014-08-15 13:33 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-18 20:56 - 2014-08-18 20:56 - 00292816 _____ () C:\Windows\Minidump\081814-150618-01.dmp
2014-08-17 20:22 - 2014-06-22 03:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 20:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TERA
2014-08-17 20:21 - 2014-07-10 21:39 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-08-17 20:21 - 2014-07-06 02:01 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-17 20:21 - 2014-07-04 14:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-17 20:21 - 2014-06-21 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-17 20:21 - 2014-06-21 11:53 - 00000000 ___RD () C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-17 20:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-17 20:18 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\AVG2014
2014-08-17 20:18 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Avg2014
2014-08-17 20:17 - 2014-06-21 13:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-17 20:17 - 2014-06-21 12:46 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-08-17 15:49 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\Spotify
2014-08-17 15:49 - 2014-08-16 15:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-08-16 19:12 - 2014-08-16 15:12 - 00000000 ____D () C:\Users\Andrew\AppData\Local\AVG Web TuneUp
2014-08-16 18:48 - 2014-08-16 18:47 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Spotify
2014-08-16 15:12 - 2014-08-16 15:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-08-16 14:29 - 2014-08-16 14:28 - 00292624 _____ () C:\Windows\Minidump\081614-187903-01.dmp
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ___HD () C:\$AVG
2014-08-15 13:33 - 2014-08-15 13:33 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\TuneUp Software
2014-08-15 13:31 - 2014-08-15 13:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-15 11:42 - 2014-08-15 11:42 - 04763288 _____ (AVG Technologies) C:\Users\Andrew\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\Users\Andrew\AppData\Local\MFAData
2014-08-15 03:06 - 2014-06-21 22:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:04 - 2014-06-21 22:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 21:15 - 2014-08-14 21:15 - 00292720 _____ () C:\Windows\Minidump\081414-44756-01.dmp
2014-08-14 21:12 - 2014-08-14 21:12 - 00292432 _____ () C:\Windows\Minidump\081414-42791-01.dmp
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2014-09-06 01:21
 
==================== End Of Log ============================
 
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


#15 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,284 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:02:13 PM

Posted 09 September 2014 - 09:17 AM

Hi,

 

Very good! We're getting close to being finished, so let's keep going. :thumbup2:

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST. This will take care of a few leftovers.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    C:\Users\Andrew\Downloads\D600.tmp
    C:\Users\Andrew\AppData\Local\ToolVoice
    C:\Users\Andrew\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
    CMD: copy C:\Windows\system32\infocardapi(180).dll C:\Users\Andrew\Desktop
    CMD: copy C:\Windows\system32\jsproxy(183).dll C:\Users\Andrew\Desktop
    CMD: copy C:\Windows\system32\jscript9(182).dll C:\Users\Andrew\Desktop
    CMD: copy C:\Windows\system32\JavaScriptCollectionAgent(181).dll C:\Users\Andrew\Desktop
    CMD: copy C:\Windows\system32\inetcpl(179).cpl C:\Users\Andrew\Desktop
  • Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create fixlog.txt in the same folder. Please copy and paste it into your reply.

Now, assuming the above fix ran correctly, the files I asked you to scan with VirusTotal earlier should be copied to your desktop. If they are, please scan them and send me the results as previously instructed. Once you've done that, you are free to delete the copies from your desktop. :)

 

GSmartControl

 

I need you to check your hard drive's health with GSmartControl. There are several signs in your logs that your hard drive could be failing, so let's get a closer look.

  • Download GSmartControl from here, and save it to your desktop.
  • Extract the contents of the .zip file to a folder, and open gsmartcontrol.exe within it.
  • Once the program opens, you'll see a list of hard drives. The amount will vary depending on your computer, but if you see only one, skip the sub-step below.
    • To find out which drive represents the one you're currently using, click each one once and look at the size (it can be seen at the top, in the Drive information: area). Whichever one has the same size as your current hard drive is the one we need to see, since it's most likely the same one.
  • Double click your hard drive listed. Once the Device Information window opens, click on the Attributes tab. If you see any entries highlighted in red or pink (any shade or hue), please tell me which ones in your reply.
  • Next, click on the Perform Tests tab, select the Extended Self-test option, and click Execute. This test can take a very long time to run, please be patient.
  • Once the test is done running, the results will be displayed at the bottom of the window. Please copy and paste it into your reply.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users