Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 fixem

fixem

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 15 January 2015 - 04:21 PM

Hi,

Helping a friend out with their laptop. seems like some kind of ransomware is on it. Whatever he had done to it at first, I couldn't even get it to boot into safe mode. i was able to run a system restore from command prompt and get it booting. tried running a few removal programs such as adwcleaner, jrt, and anti-malware on it so far. dont think it is quite gone yet. also not sure if there is a decrypt tool for this variant or not.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.71.2
Run by Patton at 15:16:58 on 2015-01-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4008.1724 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.20-delta.exe
c:\a062f168658e9cff5a\mrtstub.exe
C:\windows\system32\MRT.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\ehome\mcupdate.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
mDefault_Search_URL = hxxp://www.google.com
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [arnmklo] rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo
uRun: [notepad.exe] C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 142.13.17.66 142.13.17.43
TCP: Interfaces\{0DC52AE5-FA6D-49DC-96A8-78282CFA390A} : DHCPNameServer = 142.13.17.66 142.13.17.43
TCP: Interfaces\{61725C33-3209-4A8F-BDBF-45F60F54F276} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F} : DHCPNameServer = 192.168.100.254
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}\2375942554832323 : DHCPNameServer = 192.168.100.254
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}\34963736F62463531393 : DHCPNameServer = 216.36.128.4 216.36.128.5 192.168.1.1
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}\C45736B6970596E656 : DHCPNameServer = 192.168.100.254 192.168.1.1
TCP: Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}\C45736B6970596E656D27657563747 : DHCPNameServer = 216.36.128.4 216.36.128.5 192.168.33.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = hxxp://www.toshiba.ca/welcome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Profiles\r7eg38ae.default-1421028351650\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2011-9-17 162824]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2015-1-14 127752]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-11 1153368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-17 2656280]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-9-17 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-17 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-9-17 1103464]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-16 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\drivers\hitmanpro37.sys [2015-1-14 43664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-9-17 250984]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-9-17 54136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-15 16:03:56    --------    d-----w-    C:\a062f168658e9cff5a
2015-01-14 22:37:44    43664    ----a-w-    C:\windows\System32\drivers\hitmanpro37.sys
2015-01-14 21:33:34    11870360    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F46ABB6-4050-48B5-AEDB-75738E67E17A}\mpengine.dll
2015-01-14 21:25:38    --------    d-----w-    C:\Program Files\HitmanPro
2015-01-14 19:55:38    --------    d-----w-    C:\ProgramData\HitmanPro
2015-01-14 19:22:03    --------    d-----w-    C:\Users\Patton\AppData\Roaming\SUPERAntiSpyware.com
2015-01-14 19:21:47    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2015-01-14 19:21:47    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2015-01-14 17:48:43    --------    d-sh--w-    C:\$RECYCLE.BIN
2015-01-14 17:34:11    98816    ----a-w-    C:\windows\sed.exe
2015-01-14 17:34:11    256000    ----a-w-    C:\windows\PEV.exe
2015-01-14 17:34:11    208896    ----a-w-    C:\windows\MBR.exe
2015-01-14 17:30:40    --------    d-----w-    C:\windows\ERUNT
2015-01-14 17:26:25    --------    d-----w-    C:\AdwCleaner
2015-01-12 05:06:36    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Usuhez
2015-01-12 05:01:55    --------    d-----w-    C:\Users\Patton\AppData\Local\Amazon
2015-01-12 04:47:53    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Qyuhre
2015-01-11 19:44:54    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-11 19:44:24    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2015-01-11 19:44:24    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2015-01-11 19:44:24    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2015-01-11 19:44:22    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 19:29:20    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Ohonca
2015-01-11 19:08:58    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Ukcegea
2015-01-11 19:05:02    --------    d-sh--w-    C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO
2015-01-10 05:24:11    --------    d-----w-    C:\Program Files\CCleaner
2015-01-10 05:04:56    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Upweec
2015-01-10 04:42:50    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Uktaozri
2015-01-10 04:35:35    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Imibsu
2015-01-09 04:29:19    --------    d-----w-    C:\Program Files (x86)\HelpUninstaller
2015-01-08 04:39:07    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Ivhipa
2015-01-08 04:38:01    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Local Store
2015-01-08 04:34:56    --------    d-----w-    C:\ProgramData\KifsEtabb
2015-01-08 04:34:41    --------    d-----w-    C:\ProgramData\pei
2015-01-08 04:29:35    --------    d-----w-    C:\Users\Patton\AppData\Roaming\Uvdyxo
2015-01-08 00:24:50    --------    d-----w-    C:\Users\Patton\AppData\Local\Ecgtion
2015-01-08 00:24:38    --------    d-----w-    C:\Users\Patton\AppData\Local\Uqdcmedia
2015-01-08 00:23:52    2224640    ----a-w-    C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2015-01-04 05:10:38    --------    d-----w-    C:\Program Files\iPod
2015-01-04 05:10:37    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-04 05:10:37    --------    d-----w-    C:\Program Files\iTunes
2015-01-04 05:10:37    --------    d-----w-    C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2015-01-15 21:14:11    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 21:14:11    701616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2015-01-06 10:36:02    298120    ------w-    C:\windows\System32\MpSigStub.exe
2014-11-19 10:31:16    1217192    ----a-w-    C:\windows\SysWow64\FM20.DLL
2014-10-21 04:31:31    98216    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 15:20:29.16 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 15 January 2015 - 04:38 PM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 January 2015 - 09:48 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Patton (administrator) on PATTON-PC on 16-01-2015 08:46:30
Running from C:\Users\Patton\Desktop
Loaded Profiles: Patton (Available profiles: Patton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [arnmklo] => rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo <===== ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [notepad.exe] => C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 142.13.17.66 142.13.17.43
Tcpip\..\Interfaces\{61725C33-3209-4A8F-BDBF-45F60F54F276}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Profiles\r7eg38ae.default-1421028351650
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/O1DPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]

Chrome:
=======
CHR Profile: C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Property Helper Object) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-26]
CHR Extension: (Google Drive) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-26]
CHR Extension: (YouTube) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-26]
CHR Extension: (Google Search) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-26]
CHR Extension: (Skype Click to Call) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Gmail) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-01-14] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 08:46 - 2015-01-16 08:47 - 00019589 _____ () C:\Users\Patton\Desktop\FRST.txt
2015-01-16 08:46 - 2015-01-16 08:46 - 00000000 ____D () C:\FRST
2015-01-16 08:45 - 2015-01-16 08:45 - 02125312 _____ (Farbar) C:\Users\Patton\Desktop\FRST64.exe
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\Desktop\ShadowExplorerPortable-0.9
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\www.shadowexplorer.com
2015-01-15 15:20 - 2015-01-15 15:20 - 00021495 _____ () C:\Users\Patton\Desktop\dds.txt
2015-01-15 15:20 - 2015-01-15 15:20 - 00010649 _____ () C:\Users\Patton\Desktop\attach.txt
2015-01-15 15:16 - 2015-01-15 15:16 - 00688992 ____R (Swearware) C:\Users\Patton\Desktop\dds.com
2015-01-15 10:00 - 2015-01-15 10:00 - 03973120 _____ (iText Group NV) C:\Users\Patton\Desktop\itextsharp.dll
2015-01-14 16:37 - 2015-01-14 16:37 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-01-14 15:25 - 2015-01-14 15:25 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 15:23 - 2015-01-14 16:36 - 00000228 _____ () C:\windows\system32\.crusader
2015-01-14 13:59 - 2015-01-15 10:04 - 00000000 ____D () C:\Users\Patton\Desktop\New folder
2015-01-14 13:57 - 2015-01-14 13:57 - 00462336 _____ (Dino Chiesa) C:\Users\Patton\Downloads\Ionic.Zip.dll
2015-01-14 13:55 - 2015-01-14 15:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 13:55 - 2015-01-14 13:58 - 11225840 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro_x64.exe
2015-01-14 13:25 - 2015-01-14 13:25 - 10868379 _____ () C:\Users\Patton\Downloads\Anti-CryptorBitV2.zip
2015-01-14 13:22 - 2015-01-14 13:22 - 09096848 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro.exe
2015-01-14 13:22 - 2015-01-14 13:22 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-14 15:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-14 13:21 - 2015-01-14 13:21 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-14 13:20 - 2015-01-14 13:21 - 21001040 _____ (SUPERAntiSpyware) C:\Users\Patton\Downloads\SUPERAntiSpyware.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00023373 _____ () C:\ComboFix.txt
2015-01-14 11:34 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-14 11:34 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-14 11:34 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-14 11:33 - 2015-01-14 11:48 - 00000000 ____D () C:\Qoobox
2015-01-14 11:33 - 2015-01-14 11:47 - 00000000 ____D () C:\windows\erdnt
2015-01-14 11:32 - 2015-01-14 11:32 - 00002157 _____ () C:\Users\Patton\Desktop\JRT.txt
2015-01-14 11:32 - 2015-01-14 11:32 - 00001447 _____ () C:\Users\Patton\Desktop\ComboFix - Shortcut.lnk
2015-01-14 11:30 - 2015-01-14 11:30 - 00000000 ____D () C:\windows\ERUNT
2015-01-14 11:27 - 2015-01-14 11:27 - 05609736 ____R (Swearware) C:\Users\Patton\Downloads\ComboFix.exe
2015-01-14 11:26 - 2015-01-14 11:28 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:26 - 2015-01-14 11:27 - 01707939 _____ (Thisisu) C:\Users\Patton\Downloads\JRT.exe
2015-01-14 11:26 - 2015-01-14 11:26 - 02191360 _____ () C:\Users\Patton\Downloads\AdwCleaner.exe
2015-01-11 23:06 - 2015-01-11 23:46 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Usuhez
2015-01-11 23:01 - 2015-01-11 23:01 - 00000000 ____D () C:\Users\Patton\AppData\Local\Amazon
2015-01-11 22:47 - 2015-01-14 11:23 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Qyuhre
2015-01-11 22:47 - 2015-01-11 22:47 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 1985879332
2015-01-11 17:52 - 2015-01-11 17:52 - 04320054 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.bmp
2015-01-11 17:52 - 2015-01-11 17:52 - 00001240 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.txt
2015-01-11 15:30 - 2015-01-07 23:24 - 02689152 _____ () C:\Users\Patton\Documents\IMG_0395.JPG.bsnhdzf
2015-01-11 15:30 - 2015-01-07 23:24 - 00326464 _____ () C:\Users\Patton\Documents\Assiniboine Community College.DOCX.bsnhdzf
2015-01-11 15:11 - 2015-01-11 17:52 - 01494871 _____ () C:\ProgramData\omqyzvc.html
2015-01-11 14:59 - 2015-01-11 14:59 - 00003020 _____ () C:\windows\System32\Tasks\cfhzhyd
2015-01-11 13:44 - 2015-01-14 12:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 13:44 - 2015-01-14 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2015-01-11 13:44 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 13:44 - 2015-01-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-11 13:34 - 2015-01-11 13:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patton\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 13:29 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ohonca
2015-01-11 13:08 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ukcegea
2015-01-11 13:05 - 2015-01-11 18:52 - 00000000 __SHD () C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO
2015-01-10 00:48 - 2015-01-10 00:53 - 00017920 ___SH () C:\Users\Patton\Thumbs.db
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-09 23:04 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Upweec
2015-01-09 22:42 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uktaozri
2015-01-09 22:35 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Imibsu
2015-01-08 22:51 - 2015-01-11 20:05 - 00000000 ____D () C:\Users\Patton\Desktop\Old Firefox Data
2015-01-08 22:29 - 2015-01-08 22:29 - 00000042 _____ () C:\windows\SysWOW64\AK083E209605E394C.lie
2015-01-08 22:28 - 2015-01-08 22:28 - 01264554 _____ (My Company, Inc. ) C:\Users\Patton\Downloads\HelpUninstaller_setup.exe
2015-01-08 00:10 - 2015-01-08 00:10 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 00:10 - 2015-01-08 00:10 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 23:26 - 2015-01-07 23:26 - 00004651 _____ () C:\Users\Patton\Downloads\how_decrypt.html
2015-01-07 23:24 - 2015-01-07 23:24 - 00004651 _____ () C:\Users\Patton\Documents\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\AppData\Local\how_decrypt.html
2015-01-07 22:39 - 2015-01-08 00:38 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ivhipa
2015-01-07 22:38 - 2015-01-07 22:44 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Local Store
2015-01-07 22:34 - 2015-01-07 23:56 - 00000000 ____D () C:\ProgramData\pei
2015-01-07 22:34 - 2015-01-07 22:41 - 00000000 ____D () C:\ProgramData\KifsEtabb
2015-01-07 22:29 - 2015-01-08 00:40 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uvdyxo
2015-01-07 18:39 - 2015-01-14 11:31 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2015-01-07 18:24 - 2015-01-14 16:37 - 00000000 ____D () C:\Users\Patton\AppData\Local\Uqdcmedia
2015-01-07 18:24 - 2015-01-14 15:23 - 00000000 ____D () C:\Users\Patton\AppData\Local\Ecgtion
2015-01-07 17:57 - 2015-01-07 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Wild 2014
2015-01-04 16:07 - 2015-01-04 16:09 - 00000000 ____D () C:\Users\Patton\Downloads\Out Of The Cradle
2015-01-03 23:11 - 2015-01-14 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 23:11 - 2015-01-03 23:11 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-03 23:10 - 2015-01-03 23:10 - 00000000 ____D () C:\Program Files\iPod
2015-01-02 16:28 - 2015-01-11 15:10 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Self Titled (2008) & Constant Companion (2010)(Indie Folk Alt-Country)(MP3@320)
2015-01-02 14:59 - 2015-01-02 15:11 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley...Constant Companion(2010)[FLAC]
2015-01-01 00:01 - 2015-01-11 15:24 - 00000000 ____D () C:\Users\Patton\Downloads\Strand Of Oaks - Heal (2014) [mp3@320]
2014-12-31 23:01 - 2014-12-31 23:25 - 00000000 ____D () C:\Users\Patton\Downloads\Thin Lizzy [Discography]
2014-12-31 21:18 - 2015-01-11 17:16 - 00000000 ____D () C:\Users\Patton\Downloads\Ex_Hex-Rips-CD-FLAC-2014-PERFECT
2014-12-31 21:13 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\The Big Picture
2014-12-31 21:10 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\Rodney Crowell - Tarpaper Sky (2014) FLAC16
2014-12-31 21:06 - 2014-12-31 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\XTC-Skylarking (remastered)(Darkside_RG)
2014-12-28 15:28 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Shakey Graves - And the War Came [2014] 320
2014-12-28 15:18 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Janiva Magness - Original (2014) [FLAC]
2014-12-24 15:36 - 2014-12-24 15:36 - 00000000 ____D () C:\Users\Patton\Downloads\Solid Colors
2014-12-24 09:03 - 2014-12-24 09:05 - 00000000 ____D () C:\Users\Patton\Downloads\Escape of the Circus Ponies
2014-12-23 23:53 - 2015-01-02 17:15 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian & Holger Czukay - Flux + Mutability (1989)
2014-12-23 23:52 - 2015-01-02 17:25 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvian, David - Czukay, Holger - Plight & Premonition
2014-12-19 12:34 - 2015-01-11 17:17 - 00000000 ____D () C:\Users\Patton\Downloads\The Nels Cline Singers - Macroscope (2014) [FLAC]
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\Users\Patton\Downloads\Frontier Ruckus  Sitcom Afterlife(320)(Indie){F2D}
2014-12-18 22:54 - 2014-12-18 22:54 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil
2014-12-18 22:22 - 2014-12-22 21:28 - 00000000 ____D () C:\Users\Patton\Downloads\Lynyrd Skynyrd - Original Discography LAME 3.99.5 - 320Kbps
2014-12-18 22:18 - 2014-12-18 22:29 - 00000000 ____D () C:\Users\Patton\Downloads\JJ Cale - Discography (1972-2009) [FLAC][WwW.LoKoTorrents.CoM]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 08:46 - 2013-12-14 03:07 - 05098727 _____ () C:\windows\IE11_main.log
2015-01-16 08:46 - 2011-09-17 04:08 - 01592826 _____ () C:\windows\WindowsUpdate.log
2015-01-16 08:45 - 2013-03-28 23:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 08:45 - 2011-10-29 10:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 08:45 - 2011-10-29 10:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 15:22 - 2013-08-14 01:22 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 15:14 - 2013-03-28 23:11 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 15:14 - 2013-03-28 23:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 15:14 - 2011-10-30 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 15:14 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:14 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:13 - 2009-07-13 23:13 - 00006266 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-15 10:04 - 2012-03-11 08:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-15 09:59 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-15 09:59 - 2009-07-13 22:51 - 00270902 _____ () C:\windows\setupact.log
2015-01-14 16:37 - 2010-11-20 21:47 - 00896638 _____ () C:\windows\PFRO.log
2015-01-14 13:57 - 2014-03-13 21:03 - 11216896 _____ (Microsoft) C:\Users\Patton\Desktop\Anti-CryptorBitV2.exe
2015-01-14 11:48 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 11:46 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-01-14 11:25 - 2014-12-03 15:21 - 00000000 ____D () C:\Users\Patton\Documents\noahs work
2015-01-14 11:24 - 2011-10-28 18:31 - 00000000 ____D () C:\Users\Patton
2015-01-14 11:23 - 2014-09-13 08:00 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\uTorrent
2015-01-14 11:23 - 2012-06-29 11:39 - 00000000 ____D () C:\ProgramData\NexonUS
2015-01-14 11:23 - 2012-02-17 07:43 - 00000000 ____D () C:\windows\system32\Macromed
2015-01-14 11:23 - 2011-11-11 08:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-14 11:23 - 2011-09-17 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-14 11:23 - 2011-09-17 04:36 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2015-01-14 11:23 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2015-01-14 11:22 - 2013-03-29 10:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 11:22 - 2011-09-17 04:50 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-14 11:22 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2015-01-14 11:21 - 2011-02-18 02:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 11:17 - 2011-11-12 20:42 - 00000000 ____D () C:\Users\Patton\AppData\Local\CrashDumps
2015-01-12 00:03 - 2014-09-05 21:13 - 00000000 ____D () C:\Users\Patton\AppData\Local\Adobe
2015-01-11 23:49 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SchCache
2015-01-11 18:52 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\L2Schemas
2015-01-11 17:32 - 2014-10-31 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Matthew Cooper - 2011 - Some Days Are Better Than Others [FLAC] {TRR 191}
2015-01-11 17:22 - 2014-10-30 20:29 - 00000000 ____D () C:\Users\Patton\Downloads\Mark Lanegan Band - Phantom Radio (2014) FLAC Beolab1700
2015-01-11 17:19 - 2014-04-18 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-With_Light_And_With_Love-2014-pLAN9
2015-01-11 17:18 - 2014-10-10 21:44 - 00000000 ____D () C:\Users\Patton\Downloads\Wild Child - Pillow Talk
2015-01-11 17:17 - 2014-12-12 21:46 - 00000000 ____D () C:\Users\Patton\Downloads\Railroad Earth - The Last of the Outlaws (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-12 20:50 - 00000000 ____D () C:\Users\Patton\Downloads\Ry Cooder - Soundtracks [Box Set] (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-09 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Philip Glass - Music From The Thin Blue Line
2015-01-11 17:17 - 2014-10-17 21:49 - 00000000 ____D () C:\Users\Patton\Downloads\Thurston Moore - The Best Day (2014)
2015-01-11 17:17 - 2014-10-10 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Stinnett - A Fire Somewhere (2012 Reissue) [FLAC]
2015-01-11 17:17 - 2014-10-03 21:16 - 00000000 ____D () C:\Users\Patton\Downloads\Shinyribs - 2013 - Gulf Coast Museum
2015-01-11 17:17 - 2014-04-26 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Mumford And Sons (2008-2012)
2015-01-11 17:17 - 2014-04-19 23:04 - 00000000 ____D () C:\Users\Patton\Downloads\The White Buffalo - Shadows, Greys and Evil Ways (2013) MP3@320kbps Beolab1700
2015-01-11 17:17 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Gabriel - Up (2010) (flac)
2015-01-11 17:17 - 2014-02-27 18:17 - 00000000 ____D () C:\Users\Patton\Downloads\Jim White
2015-01-11 17:17 - 2012-12-28 10:27 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Departure Songs (2012)
2015-01-11 17:16 - 2014-12-12 21:43 - 00000000 ____D () C:\Users\Patton\Downloads\First Aid Kit - Stay Gold (2014) FLAC Beolab1700
2015-01-11 17:16 - 2013-02-26 21:47 - 00000000 ____D () C:\Users\Patton\Downloads\Explosions In The Sky
2015-01-11 15:35 - 2013-07-02 18:52 - 00000000 ____D () C:\Users\Patton\Desktop\1 FAT16
2015-01-11 15:35 - 2012-09-03 13:52 - 00000000 ____D () C:\Users\Patton\Documents\house_vegreville
2015-01-11 15:26 - 2014-12-12 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Devon Allman - Ragged & Dirty (2014) MP3VBR Beolab1700
2015-01-11 15:26 - 2014-11-29 00:29 - 00000000 ____D () C:\Users\Patton\Downloads\T Rex - The Albums Collection (2014) 10CD Box Set MP3@320kbps Beolab1700
2015-01-11 15:25 - 2014-10-20 18:57 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Burr - 2010 - O Ye Devastator (FLAC)
2015-01-11 15:25 - 2014-10-19 19:16 - 00000000 ____D () C:\Users\Patton\Downloads\Sallie Ford & The Sound Outside - Untamed Beast
2015-01-11 15:25 - 2014-05-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\shooter jennings - family man (2012) usa, country
2015-01-11 15:25 - 2014-02-23 08:37 - 00000000 ____D () C:\Users\Patton\Downloads\Terje Rypdal
2015-01-11 15:24 - 2014-08-16 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Robin Trower - Original Album Series 5CD (2014) MP3@320kbps Beolab1700
2015-01-11 15:23 - 2014-11-27 21:38 - 00000000 ____D () C:\Users\Patton\Downloads\The Coral - The Curse Of Love   2014
2015-01-11 15:23 - 2014-10-24 23:19 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of Desert Blues (2010) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-24 22:37 - 00000000 ____D () C:\Users\Patton\Downloads\The Strumbellas - We Still Move On Dance Floors (2013) [mp3@320]
2015-01-11 15:23 - 2014-10-24 22:28 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of The Sahara (2005) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-10 22:03 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - 2011 - Gold in the Shadow
2015-01-11 15:23 - 2014-10-03 21:18 - 00000000 ____D () C:\Users\Patton\Downloads\Sandy Bull - Fantasias For Guitar and Banjo (1963) [VINYL] {16 44.1}
2015-01-11 15:23 - 2014-09-05 22:33 - 00000000 ____D () C:\Users\Patton\Downloads\Jack Bruce - Silver Rails 2014 320kbps CBR MP3 [VX]
2015-01-11 15:23 - 2014-06-14 08:22 - 00000000 ____D () C:\Users\Patton\Downloads\Chatham County Line - Tightrope (2014) [FLAC]
2015-01-11 15:23 - 2014-05-18 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Post  Rock  -  Tortoise  Discography
2015-01-11 15:23 - 2014-05-12 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Fennesz - Bécs (2014) 320
2015-01-11 15:23 - 2014-03-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Hammill & Gary Lucas - Other World (2014) NLToppers
2015-01-11 15:23 - 2014-03-26 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\BEN HARPER Discography 320kps
2015-01-11 15:23 - 2014-02-09 20:20 - 00000000 ____D () C:\Users\Patton\Downloads\Tinariwen - Emmaar [2014] 320
2015-01-11 15:23 - 2013-11-11 13:24 - 00000000 ____D () C:\Users\Patton\Downloads\Bob Dylan
2015-01-11 15:22 - 2014-10-24 23:36 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To African Guitar Legends (2011) [EAC-FLAC]
2015-01-11 15:22 - 2014-04-07 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - If [mp3-320-2011]
2015-01-11 15:22 - 2012-04-24 19:43 - 00000000 ____D () C:\Users\Patton\Downloads\PETER GABRIEL - Passion - Music For The Last Temptation Of Christ 1989
2015-01-11 15:22 - 2012-01-26 22:31 - 00000000 ____D () C:\Users\Patton\Downloads\Phil Manzanera-Diamond Head-Vinylrip-Abrasax
2015-01-11 15:21 - 2014-11-27 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\French For Rabbits - Spirits    2014
2015-01-11 15:21 - 2014-10-10 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - Until When We Are Ghosts(2005)
2015-01-11 15:21 - 2014-09-29 20:38 - 00000000 ____D () C:\Users\Patton\Downloads\Sam Amidon - Lily-O (2014)
2015-01-11 15:21 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Pere Ubu - Carnival of Souls [2014] 256
2015-01-11 15:21 - 2014-09-02 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Rowan - Dharma Blues   2014
2015-01-11 15:21 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Oblivion Hymns 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:21 - 2014-06-14 08:57 - 00000000 ____D () C:\Users\Patton\Downloads\Glenn Jones...The Wanting(2011)[FLAC]
2015-01-11 15:21 - 2014-06-07 22:34 - 00000000 ____D () C:\Users\Patton\Downloads\[Folk Rock] Wovenhand - Refractory Obdurate 2014 @320 (By Jamal The Moroccan)
2015-01-11 15:21 - 2014-05-18 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Bump (2000) [EAC-FLAC]
2015-01-11 15:21 - 2014-05-17 23:05 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Isbell And The 400 Unit - Here We Rest (2011) mp3 320 vtwin88cube
2015-01-11 15:21 - 2013-01-30 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\Anywhere
2015-01-11 15:21 - 2012-10-27 08:32 - 00000000 ____D () C:\Users\Patton\Downloads\Kenny Brown Meet Ya In The Bottom
2015-01-11 15:21 - 2012-03-31 23:31 - 00000000 ____D () C:\Users\Patton\Downloads\Otis Taylor - Recapturing the Banjo
2015-01-11 15:20 - 2014-10-12 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Susan Christie...Paint A Lady(1969)(cd 2006)[FLAC]
2015-01-11 15:20 - 2013-08-11 08:05 - 00000000 ____D () C:\Users\Patton\Downloads\Moreland & Arbuckle - 7 Cities
2015-01-11 15:19 - 2014-10-24 18:10 - 00000000 ____D () C:\Users\Patton\Downloads\Prayer for the Forest
2015-01-11 15:19 - 2014-10-18 00:41 - 00000000 ____D () C:\Users\Patton\Downloads\Reverend Moon - Coyote Gospels (2014)
2015-01-11 15:19 - 2014-10-12 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Julia Stone...The Memory Machine(2011)[FLAC]
2015-01-11 15:19 - 2014-10-10 20:49 - 00000000 ____D () C:\Users\Patton\Downloads\Adam Green & Binki Shapiro [2013]
2015-01-11 15:19 - 2014-09-06 00:16 - 00000000 ____D () C:\Users\Patton\Downloads\(Desert Blues) Boubacar Traoré - Mali Denhou
2015-01-11 15:19 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Dream River 2013 Indie 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:19 - 2013-12-27 18:14 - 00000000 ____D () C:\Users\Patton\Downloads\Iron And Wine - Ghost On Ghost 2013
2015-01-11 15:19 - 2013-06-26 20:41 - 00000000 ____D () C:\Users\Patton\Downloads\Heartless Bastards-The Mountain-2009
2015-01-11 15:19 - 2012-05-07 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Left Lane Cruiser - Junkyard Speed Ball
2015-01-11 15:19 - 2012-04-14 08:16 - 00000000 ____D () C:\Users\Patton\Downloads\Great Lake Swimmers - New Wild Everywhere (2012) [MP3 320]
2015-01-11 15:18 - 2014-09-05 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Peace 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:18 - 2014-09-05 22:02 - 00000000 ____D () C:\Users\Patton\Downloads\[Alt. Rock] Steve Wynn - Sketches In Spain 2014 (Jamal the Moroccan)
2015-01-11 15:18 - 2014-03-09 00:27 - 00000000 ____D () C:\Users\Patton\Downloads\Golden Earring - Moontan (1973) [2001 Reissue] [mp3@320]
2015-01-11 15:18 - 2013-07-05 21:14 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Uberjam Deux 2013 Jazz 320kbps CBR MP3 [VX]
2015-01-11 15:18 - 2013-07-03 15:59 - 00000000 ____D () C:\Users\Patton\Downloads\Alex Chilton-Like Flies On Sherbert [1979
2015-01-11 15:18 - 2012-11-05 14:10 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-Bend.Beyond.2012.VBR-FNT
2015-01-11 15:18 - 2012-01-22 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Bonneville - Bad Man’s Blood 2011
2015-01-11 15:17 - 2014-12-09 23:33 - 00000000 ____D () C:\Users\Patton\Downloads\Alice Gerrard - Follow The Music   2014
2015-01-11 15:17 - 2014-10-17 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\The Barr Brothers - Sleeping Operator   2014
2015-01-11 15:17 - 2014-09-12 17:03 - 00000000 ____D () C:\Users\Patton\Downloads\Hiss Golden Messenger - Lateness Of Dancers   2014
2015-01-11 15:17 - 2014-09-03 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\Robert Plant - Lullaby... and the Ceaseless Roar   2014
2015-01-11 15:17 - 2012-05-14 21:11 - 00000000 ____D () C:\Users\Patton\Downloads\Julian Lynch - Mare (Olde English Spelling Bee 2010)
2015-01-11 15:16 - 2014-12-07 18:06 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian - Weatherbox
2015-01-11 15:16 - 2014-10-17 21:08 - 00000000 ____D () C:\Users\Patton\Downloads\Pieta Brown - Paradise Outlaw   2014
2015-01-11 15:16 - 2014-10-04 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Richard Buckner - 1998 - Since [FLAC]
2015-01-11 15:16 - 2014-09-29 20:53 - 00000000 ____D () C:\Users\Patton\Downloads\Bonnie 'Prince' Billy - Singers Grave A Sea Of Tongues (2014)
2015-01-11 15:16 - 2014-04-30 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Ray LaMontagne - Supernova (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-04-19 23:51 - 00000000 ____D () C:\Users\Patton\Downloads\The Secret Sisters - Put Your Needle Down (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-03-28 19:27 - 00000000 ____D () C:\Users\Patton\Downloads\Roy Harper  Man & Myth 2013
2015-01-11 15:16 - 2013-10-13 19:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Blood of the Ram (2004)
2015-01-11 15:16 - 2013-08-10 20:31 - 00000000 ____D () C:\Users\Patton\Downloads\Daughn Gibson - Me Moan 2013 Alternative 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:16 - 2012-05-22 22:30 - 00000000 ____D () C:\Users\Patton\Downloads\James McMurtry - Childish Things (2005)
2015-01-11 15:16 - 2012-04-30 17:52 - 00000000 ____D () C:\Users\Patton\Downloads\Widowspeak - Widowspeak
2015-01-11 15:15 - 2014-10-31 22:53 - 00000000 ____D () C:\Users\Patton\Downloads\Jim James-2012-Regions Of Light And Sound Of God
2015-01-11 15:15 - 2014-10-17 20:51 - 00000000 ____D () C:\Users\Patton\Downloads\Maggie Björklund - Shaken (2014)
2015-01-11 15:15 - 2014-08-16 21:31 - 00000000 ____D () C:\Users\Patton\Downloads\Passenger - Whispers (Deluxe Edition) 2014 320kbps CBR MP3 [VX]
2015-01-11 15:15 - 2014-03-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Strong Feelings (2014) 320K
2015-01-11 15:15 - 2014-02-23 20:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hungry Ghosts - 2000 - Alone, Alone
2015-01-11 15:15 - 2012-11-15 23:20 - 00000000 ____D () C:\Users\Patton\Downloads\Today's Active Lifestyles
2015-01-11 15:15 - 2012-07-16 07:38 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Webley - Only Just Beginning
2015-01-11 15:15 - 2012-05-15 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Raising Your Voice... Trying to Stop an Echo
2015-01-11 15:15 - 2012-02-29 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Jerry Douglas - Lookout for Hope (2002)
2015-01-11 15:14 - 2014-10-31 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\All Hell
2015-01-11 15:13 - 2014-07-26 14:38 - 00000000 ____D () C:\Users\Patton\Downloads\[Neo Soul] Cold Specks - Neuroplasticity 2014 (Jamal The Moroccan)
2015-01-11 15:13 - 2014-05-17 22:04 - 00000000 ____D () C:\Users\Patton\Downloads\Tedeschi Trucks Band - 2013 Made Up Mind
2015-01-11 15:13 - 2014-05-09 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\John Martyn
2015-01-11 15:13 - 2013-12-28 18:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Civil Wars
2015-01-11 15:13 - 2013-01-30 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Forbert - Over with You (2012)
2015-01-11 15:13 - 2012-06-13 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Mount Eerie - Clear Moon (2012)
2015-01-11 15:13 - 2012-05-15 23:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Kenotic
2015-01-11 15:12 - 2014-10-12 23:12 - 00000000 ____D () C:\Users\Patton\Downloads\Corinne West & Kelly Joe Phelps ...Magnetic Skyline(2010)[FLAC]
2015-01-11 15:12 - 2014-10-12 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Shearwater...Rook(2008)[FLAC]
2015-01-11 15:12 - 2014-09-12 16:23 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat...Oh, My Darling(2007)[FLAC]
2015-01-11 15:12 - 2014-09-05 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down
2015-01-11 15:12 - 2014-05-17 21:58 - 00000000 ____D () C:\Users\Patton\Downloads\Shooter Jennings - Put the O Back in Country (2005)
2015-01-11 15:12 - 2014-04-01 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\Timber Timbre - Hot Dreams (2014) MP3@320kbps Beolab1700
2015-01-11 15:12 - 2014-02-14 00:23 - 00000000 ____D () C:\Users\Patton\Downloads\Eels_Beautiful Freak
2015-01-11 15:12 - 2013-12-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Tony Joe White
2015-01-11 15:12 - 2013-09-30 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Mazzy Star - Seasons of Your Day (2013) [MP3 320]
2015-01-11 15:12 - 2013-08-05 20:57 - 00000000 ____D () C:\Users\Patton\Downloads\The Wooden Sky...Every Child a Daughter, Every Moon a Sun(2012)[FLAC]
2015-01-11 15:12 - 2013-08-05 19:52 - 00000000 ____D () C:\Users\Patton\Downloads\Empty Glass [Bonus Tracks]
2015-01-11 15:12 - 2013-08-05 19:47 - 00000000 ____D () C:\Users\Patton\Downloads\Over the Rhine_Drunkard's Prayer
2015-01-11 15:12 - 2012-10-27 08:26 - 00000000 ____D () C:\Users\Patton\Downloads\Juke Boy Bonner - Nowhere To Run
2015-01-11 15:12 - 2012-08-18 09:18 - 00000000 ____D () C:\Users\Patton\Downloads\Trampled By Turtles - 2012 - Stars and Satellites
2015-01-11 15:12 - 2012-04-17 17:11 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Wylie Hubbard-9 Discs(MP3@320){19glide58}[H33T]
2015-01-11 15:12 - 2012-03-20 17:27 - 00000000 ____D () C:\Users\Patton\Downloads\Willard Grant Conspiracy - Regard The End
2015-01-11 15:12 - 2012-03-11 22:17 - 00000000 ____D () C:\Users\Patton\Downloads\Fleetwood Mac Discography by Sketch
2015-01-11 15:12 - 2012-03-02 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil_Endless Falls
2015-01-11 15:12 - 2012-03-02 20:16 - 00000000 ____D () C:\Users\Patton\Downloads\Tab Benoit - Medicine (2011)
2015-01-11 15:12 - 2012-02-27 08:49 - 00000000 ____D () C:\Users\Patton\Downloads\Fred Frith
2015-01-11 15:12 - 2012-02-23 17:21 - 00000000 ____D () C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]
2015-01-11 15:12 - 2012-01-23 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Wilco_The Whole Love
2015-01-11 15:11 - 2014-11-15 01:02 - 00000000 ____D () C:\Users\Patton\Downloads\Willie Nelson - Teatro (1998)
2015-01-11 15:11 - 2014-10-14 13:07 - 00000000 ____D () C:\Users\Patton\Downloads\Hookfoot...Hookfoot(1971) cd(2004)[FLAC]
2015-01-11 15:11 - 2014-02-17 20:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Dead Texan
2015-01-11 15:11 - 2012-05-15 18:35 - 00000000 ____D () C:\Users\Patton\Downloads\Willy DeVille Discography
2015-01-11 15:11 - 2012-02-09 18:26 - 00000000 ____D () C:\Users\Patton\Downloads\Wovenhand-Black Of The Ink-2011
2015-01-11 15:11 - 2012-01-20 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\woven hand - blush music (2003)
2015-01-11 15:10 - 2014-11-26 23:18 - 00000000 ____D () C:\Users\Patton\Downloads\Captain Beefheart - Sun Zoom Spark 1970 - 72 [Box Set] (2014) FLAC Beolab1700
2015-01-11 15:10 - 2014-10-12 16:28 - 00000000 ____D () C:\Users\Patton\Downloads\Jenny Owen Youngs...Transmitter Failure(2009)[FLAC]
2015-01-11 15:10 - 2014-10-04 14:16 - 00000000 ____D () C:\Users\Patton\Downloads\James Yorkston – The Cellardyke Recording and Wassailing Society (2014) ~{Batman}
2015-01-11 15:10 - 2014-10-03 21:45 - 00000000 ____D () C:\Users\Patton\Downloads\Tiny Ruins - Brightly Painted One (2014) [FLAC]
2015-01-11 15:10 - 2014-09-20 01:09 - 00000000 ____D () C:\Users\Patton\Downloads\Turkish Instrumental Music Collection - KONTINYU
2015-01-11 15:10 - 2014-09-19 23:43 - 00000000 ____D () C:\Users\Patton\Downloads\Complete Solo Piano Recordings 1972 - 1996
2015-01-11 15:10 - 2014-06-14 10:08 - 00000000 ____D () C:\Users\Patton\Downloads\Rachael Yamagata...Elephants Teeth Sinking Into Heart(2008)[FLAC]
2015-01-11 15:10 - 2014-05-23 20:00 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Stadium Blitzer
2015-01-11 15:10 - 2014-05-09 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\Elmore James - The Sky is Crying, The History of Elmore James (1993) [FLAC]
2015-01-11 15:10 - 2014-04-26 10:10 - 00000000 ____D () C:\Users\Patton\Downloads\Cockburn 1980-1994
2015-01-11 15:10 - 2014-04-13 08:30 - 00000000 ____D () C:\Users\Patton\Downloads\Woven Hand...The Threshingfloor(2010)[FLAC]
2015-01-11 15:10 - 2014-04-07 23:32 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvain Chauveau
2015-01-11 15:10 - 2013-05-21 06:42 - 00000000 ____D () C:\Users\Patton\Downloads\Marc Ribot
2015-01-11 15:10 - 2013-05-21 06:40 - 00000000 ____D () C:\Users\Patton\Downloads\Danny Schmidt Full Album Discography 1999 - 2011 (FLAC)
2015-01-11 15:10 - 2012-07-04 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\The Walkabouts
2015-01-11 15:10 - 2012-05-16 22:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Wonderful And Fantastical Music Of New-Zea-Land
2015-01-11 15:01 - 2011-09-17 04:51 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 01:16 - 2011-10-28 18:31 - 00118800 _____ () C:\Users\Patton\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 00:40 - 2014-12-10 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-08 00:10 - 2014-10-25 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-07 23:55 - 2014-04-07 22:52 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - A Bad Wind Blows In My Heart [mp3-vbr-2013]
2015-01-07 23:51 - 2014-02-23 21:07 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)
2015-01-07 23:50 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Apocalypse [mp3-320-2011]
2015-01-07 23:50 - 2014-02-05 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Big Head Todd and The Monsters - Black Beehive [2014] [Mp3-320]-V3nom [GLT]
2015-01-07 23:50 - 2012-08-31 16:32 - 00000000 ____D () C:\Users\Patton\Downloads\Benoit Pioulard - Lasted (2010)
2015-01-07 23:49 - 2014-10-12 21:04 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Francis Leftwich...Last Smoke Before the Snowstorm(2011)[FLAC]
2015-01-07 23:49 - 2014-09-03 22:42 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Booker - Benjamin Booker (2014) MP3@320kbps Beolab1700
2015-01-07 23:49 - 2014-06-21 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Ben Nichols - Last Pale Light
2015-01-07 23:45 - 2014-10-10 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Beaubrummels - Bradley's Barn (1968) [FLAC]
2015-01-07 23:45 - 2012-10-03 19:50 - 00000000 ____D () C:\Users\Patton\Downloads\Beachwood Sparks - Tarnished Gold (2012)
2015-01-07 23:44 - 2014-09-12 16:19 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Heart Of My Own (2010)
2015-01-07 23:44 - 2014-09-06 12:06 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Tall Tall Shadow (2013) [FLAC]
2015-01-07 23:44 - 2013-05-06 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Bassekou Kouyate & Ngoni ba - Jama ko (2013)
2015-01-07 23:42 - 2014-10-13 20:33 - 00000000 ____D () C:\Users\Patton\Downloads\Ariana Gillis - Forget Me Not [2011] FLAC
2015-01-07 23:42 - 2014-09-05 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\Arve Henriksen - Strjon (2007) (192 vbr)
2015-01-07 23:42 - 2014-08-09 21:21 - 00000000 ____D () C:\Users\Patton\Downloads\Angus & Julia Stone - Angus & Julia Stone (2014)
2015-01-07 23:42 - 2014-06-12 21:15 - 00000000 ____D () C:\Users\Patton\Downloads\Andrew Bird - Things Are Really Great Here, Sort of... (2014) [FLAC]
2015-01-07 23:42 - 2014-05-20 23:55 - 00000000 ____D () C:\Users\Patton\Downloads\Angel Olsen-Half Way Home (2012) V0
2015-01-07 23:39 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Black Eye Galaxy 2012 Flac
2015-01-07 23:37 - 2014-01-14 07:06 - 00000000 ____D () C:\Users\Patton\Downloads\Agnes Obel - 2013 - Aventine [FLAC]
2015-01-07 23:37 - 2012-12-27 21:09 - 00000000 ____D () C:\Users\Patton\Downloads\Alabama Shakes - Boys & Girls (2012) FLAC Beolab1700
2015-01-07 23:36 - 2014-10-08 21:00 - 00000000 ____D () C:\Users\Patton\Downloads\A Winged Victory for the Sullen - A Winged Victory for the Sullen ERATP032CD 2011 flac
2015-01-07 23:36 - 2012-05-07 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\A.A. Bondy - Believers(2011)MP3 Nlt-release
2015-01-07 23:31 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\1992 - Peter Gabriel - US (2002, 24-96)
2015-01-07 23:31 - 2013-07-14 21:27 - 00000000 ____D () C:\Users\Patton\Downloads\1977 - Pete Townshend & Ronnie Lane - Rough Mix (24-96)
2015-01-07 23:30 - 2012-01-20 19:19 - 00000000 ____D () C:\Users\Patton\Downloads\16 horsepower - low estate (1998)
2015-01-07 23:28 - 2014-09-06 00:36 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) T-Model Ford - The Ladies Man (2010)
2015-01-07 23:27 - 2014-05-18 10:16 - 00000000 ____D () C:\Users\Patton\Downloads\(2003) Songs Ohia - Magnolia Electric Co. [Reissue 2013] [FLAC]
2015-01-07 23:27 - 2014-04-12 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\(1994) Metatron [256]
2015-01-07 23:27 - 2012-03-09 00:14 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) CeDell Davis & Herman Alexander - Highway 61
2015-01-07 23:26 - 2010-06-01 16:44 - 00061472 _____ () C:\Users\Patton\Downloads\WestBromCelePA_468x404.JPG.bsnhdzf
2015-01-07 23:26 - 2010-06-01 16:44 - 00014688 _____ () C:\Users\Patton\Downloads\new resume.DOCX.bsnhdzf
2015-01-07 23:26 - 2009-03-10 11:28 - 117393232 _____ () C:\Users\Patton\Downloads\Lloyd Banks - V6  The Gift - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2010-06-01 16:44 - 00032544 ___SH () C:\Users\Patton\Downloads\Folder.JPG.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 95069568 _____ () C:\Users\Patton\Downloads\Lloyd Banks - Cold Corner 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 94647232 _____ () C:\Users\Patton\Downloads\King Los - Zero Gravity II - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 141742320 _____ () C:\Users\Patton\Downloads\Joey Bada$$ - Summer Knights  - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 132888240 _____ () C:\Users\Patton\Downloads\Lil Durk - Signed To The Streets 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 128775504 _____ () C:\Users\Patton\Downloads\ChapterOne.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 104454928 _____ () C:\Users\Patton\Downloads\Juicy J - Rubba Band Business (Hosted By Trap-A-Holics) Feat. Lex Luger - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:24 - 2012-08-17 22:11 - 00021504 ___SH () C:\Users\Patton\Documents\Thumbs.db
2015-01-07 23:24 - 2010-06-01 16:44 - 00020608 _____ () C:\Users\Patton\Documents\hannah housing mru_2014.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00017680 _____ () C:\Users\Patton\Documents\under the influence- hannah.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00016528 _____ () C:\Users\Patton\Documents\17.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00015056 _____ () C:\Users\Patton\Documents\Dear noah patton.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00013088 _____ () C:\Users\Patton\Documents\soccer reality.DOCX.bsnhdzf
2015-01-07 23:20 - 2012-01-21 12:07 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Winamp
2015-01-07 23:11 - 2011-12-16 14:45 - 00000000 ____D () C:\Users\Patton\AppData\Local\Windows Live
2015-01-07 23:08 - 2012-02-21 22:21 - 00000000 ____D () C:\Users\Patton\AppData\Local\Microsoft Help
2015-01-07 22:41 - 2014-05-15 17:38 - 00000000 ____D () C:\temp
2015-01-07 22:41 - 2011-09-17 04:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-03 23:10 - 2013-11-01 18:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-03 23:10 - 2011-12-25 17:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 23:07 - 2011-12-25 17:50 - 00000000 ____D () C:\ProgramData\Apple
2015-01-03 11:05 - 2013-03-29 10:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-02 16:34 - 2014-10-11 08:55 - 00000000 ____D () C:\Users\Patton\Downloads\Dinosaur Feathers...Whistle Tips(2012)[FLAC]
2015-01-02 14:35 - 2014-11-27 21:23 - 00000000 ____D () C:\Users\Patton\Downloads\Elliott Brood - Work And Love [Deluxe Edition] (2014)
2015-01-01 00:03 - 2014-10-31 22:47 - 00000000 ____D () C:\Users\Patton\Downloads\Grouper - The Man Who Died in His Boa (2013) [FLAC]
2014-12-31 23:45 - 2014-10-30 20:42 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Gunn - Way Out Weather   2014
2014-12-31 19:59 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Patton\Downloads\Harold Budd
2014-12-31 19:50 - 2014-11-27 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\The Budos Band – Burnt Offering [2014] 320
2014-12-31 18:33 - 2014-11-15 02:14 - 00000000 ____D () C:\Users\Patton\Downloads\The Ventures-14 albums
2014-12-31 08:16 - 2009-07-13 23:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-28 09:39 - 2014-02-14 00:33 - 00000000 ____D () C:\Users\Patton\Downloads\Stars Of The Lid
2014-12-23 23:27 - 2014-09-19 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\bcer

Some content of TEMP:
====================
C:\Users\Patton\AppData\Local\Temp\OLMAPI32.DLL


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 10:36

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Patton at 2015-01-16 08:47:48
Running from C:\Users\Patton\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Amazon Kindle For PC v1.1 (HKLM-x32\...\Amazon Kindle For PC) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6289 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartMusic 2012 (HKLM-x32\...\SmartMusic 2012) (Version: 14.0.0 - MakeMusic)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}) (Version: 2.0.16.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.23.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0010 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0006 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.13 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}) (Version: 1.0.2 - TOSHIBA CORPORATION)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

11-01-2015 22:58:51 Removed Adobe Reader XI (11.0.10).
12-01-2015 00:15:11 Windows Update
12-01-2015 07:45:27 Windows Update
14-01-2015 10:03:05 Windows Update
14-01-2015 15:28:10 Windows Update
14-01-2015 16:36:03 Checkpoint by HitmanPro
15-01-2015 10:03:14 Windows Update
16-01-2015 08:45:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-01-14 11:46 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0070FD2A-F6EC-4413-A57C-E4E34DC9EE79} - System32\Tasks\cfhzhyd => C:\Users\Patton\AppData\Local\Temp\qdgpemi.exe <==== ATTENTION
Task: {29E6238D-7122-4A59-B2C2-A55F61F1F55D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {31EFA4D0-9302-44D7-8D63-BC958E618F61} - System32\Tasks\Security Center Update - 1985879332 => C:\Users\Patton\AppData\Roaming\Qyuhre\ozotmyb.exe [2013-02-09] () <==== ATTENTION
Task: {4E3A21C8-89C1-4E3C-9435-849CF57875ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {51AD3C86-AF50-4CFA-869F-75B507E90978} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6834E05B-DD25-408C-9BB6-4B80B604424D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-17] (Google Inc.)
Task: {8A67EBA3-5BD3-4D37-B36B-4DF30BD89861} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {CB7ADCE1-5F4E-4F19-8DF2-74A490B84474} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1944314226-4241285889-3694376531-1000Core => C:\Users\Patton\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {FF255376-8CD6-4C8B-BE15-9CDCFFCD9CC6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1944314226-4241285889-3694376531-1000UA => C:\Users\Patton\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-17 04:15 - 2010-09-09 18:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-05 22:34 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-04-04 20:18 - 2011-04-04 20:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2010-12-08 16:42 - 2010-12-08 16:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-08 00:10 - 2014-11-26 10:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1944314226-4241285889-3694376531-500 - Administrator - Disabled)
Guest (S-1-5-21-1944314226-4241285889-3694376531-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1944314226-4241285889-3694376531-1002 - Limited - Enabled)
Patton (S-1-5-21-1944314226-4241285889-3694376531-1000 - Administrator - Enabled) => C:\Users\Patton

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 03:13:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (01/15/2015 03:13:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (01/15/2015 09:59:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 04:37:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000214,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000173ECB0.72).  hr = 0x80070005, Access is denied.
.

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,000000000219E570.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e9df347-9b77-4a43-ad7a-edad534a5b9e}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b48,(null),0,REG_BINARY,000000000562E3D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {820b31c2-5bf6-4cf9-a30f-31744952bc34}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000000E5E3B0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {c85ef064-ed92-4a38-98d7-b17575ed6fc6}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000330,(null),0,REG_BINARY,000000000219E570.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e9df347-9b77-4a43-ad7a-edad534a5b9e}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000b48,(null),0,REG_BINARY,000000000562E3D0.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {820b31c2-5bf6-4cf9-a30f-31744952bc34}


System errors:
=============
Error: (01/16/2015 08:47:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (01/15/2015 03:24:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Error: (01/14/2015 04:37:48 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/14/2015 03:24:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/14/2015 01:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/14/2015 01:19:00 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/14/2015 01:18:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (01/14/2015 01:18:53 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/14/2015 01:15:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
spldr
Wanarpv6

Error: (01/14/2015 11:46:52 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 03:13:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (01/15/2015 03:13:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (01/15/2015 09:59:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 04:37:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000214,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000173ECB0.72)0x80070005, Access is denied.

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000330,(null),0,REG_BINARY,000000000219E570.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e9df347-9b77-4a43-ad7a-edad534a5b9e}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b48,(null),0,REG_BINARY,000000000562E3D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {820b31c2-5bf6-4cf9-a30f-31744952bc34}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000744,(null),0,REG_BINARY,0000000000E5E3B0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {c85ef064-ed92-4a38-98d7-b17575ed6fc6}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000330,(null),0,REG_BINARY,000000000219E570.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8e9df347-9b77-4a43-ad7a-edad534a5b9e}

Error: (01/14/2015 04:36:43 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b48,(null),0,REG_BINARY,000000000562E3D0.72)0x80070005, Access is denied.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {820b31c2-5bf6-4cf9-a30f-31744952bc34}


CodeIntegrity Errors:
===================================
  Date: 2015-01-14 11:44:22.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-14 11:44:22.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 57%
Total physical RAM: 4007.98 MB
Available physical RAM: 1704.85 MB
Total Pagefile: 8014.15 MB
Available Pagefile: 5694.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (S3A9375D004) (Fixed) (Total:634.68 GB) (Free:303.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: 28972BA1)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=634.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.7 GB) - (Type=17)
Partition 4: (Not Active) - (Size=39.8 GB) - (Type=17)

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 16 January 2015 - 10:19 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 January 2015 - 12:00 PM

# AdwCleaner v4.107 - Report created 16/01/2015 at 09:38:20
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Patton - PATTON-PC
# Running from : C:\Users\Patton\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [15144 octets] - [14/01/2015 11:26:28]
AdwCleaner[R1].txt - [931 octets] - [16/01/2015 09:37:01]
AdwCleaner[S0].txt - [16361 octets] - [14/01/2015 11:28:06]
AdwCleaner[S1].txt - [853 octets] - [16/01/2015 09:38:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [912 octets] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/01/2015
Scan Time: 9:52:08 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.07
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Patton

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425356
Time Elapsed: 28 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Patton on 16/01/2015 at 10:45:06.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/01/2015 at 10:47:54.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Patton (administrator) on PATTON-PC on 16-01-2015 10:48:50
Running from C:\Users\Patton\Desktop
Loaded Profiles: Patton (Available profiles: Patton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [arnmklo] => rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo <===== ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [notepad.exe] => C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 142.13.17.66 142.13.17.43
Tcpip\..\Interfaces\{61725C33-3209-4A8F-BDBF-45F60F54F276}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Profiles\r7eg38ae.default-1421028351650
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/O1DPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]

Chrome:
=======
CHR Profile: C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Property Helper Object) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-26]
CHR Extension: (Google Drive) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-26]
CHR Extension: (YouTube) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-26]
CHR Extension: (Google Search) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-26]
CHR Extension: (Skype Click to Call) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Gmail) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 10:47 - 2015-01-16 10:47 - 00000626 _____ () C:\Users\Patton\Desktop\JRT.txt
2015-01-16 10:44 - 2015-01-16 10:44 - 01707939 _____ (Thisisu) C:\Users\Patton\Downloads\JRT(1).exe
2015-01-16 10:43 - 2015-01-16 10:43 - 00001055 _____ () C:\Users\Patton\Desktop\mbam.txt
2015-01-16 09:52 - 2015-01-16 09:52 - 00000991 _____ () C:\Users\Patton\Desktop\AdwCleaner[S1].txt
2015-01-16 09:41 - 2015-01-16 09:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patton\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-16 09:36 - 2015-01-16 09:36 - 02191360 _____ () C:\Users\Patton\Downloads\AdwCleaner(1).exe
2015-01-16 08:47 - 2015-01-16 08:48 - 00028677 _____ () C:\Users\Patton\Desktop\Addition.txt
2015-01-16 08:46 - 2015-01-16 10:48 - 00019269 _____ () C:\Users\Patton\Desktop\FRST.txt
2015-01-16 08:46 - 2015-01-16 10:48 - 00000000 ____D () C:\FRST
2015-01-16 08:45 - 2015-01-16 08:45 - 02125312 _____ (Farbar) C:\Users\Patton\Desktop\FRST64.exe
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\Desktop\ShadowExplorerPortable-0.9
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\www.shadowexplorer.com
2015-01-15 15:20 - 2015-01-15 15:20 - 00021495 _____ () C:\Users\Patton\Desktop\dds.txt
2015-01-15 15:20 - 2015-01-15 15:20 - 00010649 _____ () C:\Users\Patton\Desktop\attach.txt
2015-01-15 15:16 - 2015-01-15 15:16 - 00688992 ____R (Swearware) C:\Users\Patton\Desktop\dds.com
2015-01-15 10:00 - 2015-01-15 10:00 - 03973120 _____ (iText Group NV) C:\Users\Patton\Desktop\itextsharp.dll
2015-01-14 15:25 - 2015-01-14 15:25 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 15:23 - 2015-01-14 16:36 - 00000228 _____ () C:\windows\system32\.crusader
2015-01-14 13:59 - 2015-01-15 10:04 - 00000000 ____D () C:\Users\Patton\Desktop\New folder
2015-01-14 13:57 - 2015-01-14 13:57 - 00462336 _____ (Dino Chiesa) C:\Users\Patton\Downloads\Ionic.Zip.dll
2015-01-14 13:55 - 2015-01-14 15:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 13:55 - 2015-01-14 13:58 - 11225840 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro_x64.exe
2015-01-14 13:25 - 2015-01-14 13:25 - 10868379 _____ () C:\Users\Patton\Downloads\Anti-CryptorBitV2.zip
2015-01-14 13:22 - 2015-01-14 13:22 - 09096848 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro.exe
2015-01-14 13:22 - 2015-01-14 13:22 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-16 09:39 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-14 13:21 - 2015-01-14 13:21 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-14 13:20 - 2015-01-14 13:21 - 21001040 _____ (SUPERAntiSpyware) C:\Users\Patton\Downloads\SUPERAntiSpyware.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00023373 _____ () C:\ComboFix.txt
2015-01-14 11:34 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-14 11:34 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-14 11:34 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-14 11:33 - 2015-01-14 11:48 - 00000000 ____D () C:\Qoobox
2015-01-14 11:33 - 2015-01-14 11:47 - 00000000 ____D () C:\windows\erdnt
2015-01-14 11:32 - 2015-01-14 11:32 - 00001447 _____ () C:\Users\Patton\Desktop\ComboFix - Shortcut.lnk
2015-01-14 11:30 - 2015-01-14 11:30 - 00000000 ____D () C:\windows\ERUNT
2015-01-14 11:27 - 2015-01-14 11:27 - 05609736 ____R (Swearware) C:\Users\Patton\Downloads\ComboFix.exe
2015-01-14 11:26 - 2015-01-16 09:38 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:26 - 2015-01-14 11:27 - 01707939 _____ (Thisisu) C:\Users\Patton\Downloads\JRT.exe
2015-01-14 11:26 - 2015-01-14 11:26 - 02191360 _____ () C:\Users\Patton\Downloads\AdwCleaner.exe
2015-01-11 23:06 - 2015-01-11 23:46 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Usuhez
2015-01-11 23:01 - 2015-01-11 23:01 - 00000000 ____D () C:\Users\Patton\AppData\Local\Amazon
2015-01-11 22:47 - 2015-01-14 11:23 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Qyuhre
2015-01-11 22:47 - 2015-01-11 22:47 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 1985879332
2015-01-11 17:52 - 2015-01-11 17:52 - 04320054 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.bmp
2015-01-11 17:52 - 2015-01-11 17:52 - 00001240 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.txt
2015-01-11 15:30 - 2015-01-07 23:24 - 02689152 _____ () C:\Users\Patton\Documents\IMG_0395.JPG.bsnhdzf
2015-01-11 15:30 - 2015-01-07 23:24 - 00326464 _____ () C:\Users\Patton\Documents\Assiniboine Community College.DOCX.bsnhdzf
2015-01-11 15:11 - 2015-01-11 17:52 - 01494871 _____ () C:\ProgramData\omqyzvc.html
2015-01-11 14:59 - 2015-01-11 14:59 - 00003020 _____ () C:\windows\System32\Tasks\cfhzhyd
2015-01-11 13:44 - 2015-01-16 09:52 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 13:44 - 2015-01-16 09:44 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 13:44 - 2015-01-16 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2015-01-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-11 13:34 - 2015-01-11 13:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patton\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 13:29 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ohonca
2015-01-11 13:08 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ukcegea
2015-01-11 13:05 - 2015-01-11 18:52 - 00000000 __SHD () C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO
2015-01-10 00:48 - 2015-01-10 00:53 - 00017920 ___SH () C:\Users\Patton\Thumbs.db
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-09 23:04 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Upweec
2015-01-09 22:42 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uktaozri
2015-01-09 22:35 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Imibsu
2015-01-08 22:51 - 2015-01-11 20:05 - 00000000 ____D () C:\Users\Patton\Desktop\Old Firefox Data
2015-01-08 22:29 - 2015-01-08 22:29 - 00000042 _____ () C:\windows\SysWOW64\AK083E209605E394C.lie
2015-01-08 22:28 - 2015-01-08 22:28 - 01264554 _____ (My Company, Inc. ) C:\Users\Patton\Downloads\HelpUninstaller_setup.exe
2015-01-08 00:10 - 2015-01-08 00:10 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 00:10 - 2015-01-08 00:10 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 23:26 - 2015-01-07 23:26 - 00004651 _____ () C:\Users\Patton\Downloads\how_decrypt.html
2015-01-07 23:24 - 2015-01-07 23:24 - 00004651 _____ () C:\Users\Patton\Documents\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\AppData\Local\how_decrypt.html
2015-01-07 22:39 - 2015-01-08 00:38 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ivhipa
2015-01-07 22:38 - 2015-01-07 22:44 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Local Store
2015-01-07 22:34 - 2015-01-07 23:56 - 00000000 ____D () C:\ProgramData\pei
2015-01-07 22:34 - 2015-01-07 22:41 - 00000000 ____D () C:\ProgramData\KifsEtabb
2015-01-07 22:29 - 2015-01-08 00:40 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uvdyxo
2015-01-07 18:39 - 2015-01-14 11:31 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2015-01-07 18:24 - 2015-01-14 16:37 - 00000000 ____D () C:\Users\Patton\AppData\Local\Uqdcmedia
2015-01-07 18:24 - 2015-01-14 15:23 - 00000000 ____D () C:\Users\Patton\AppData\Local\Ecgtion
2015-01-07 17:57 - 2015-01-07 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Wild 2014
2015-01-04 16:07 - 2015-01-04 16:09 - 00000000 ____D () C:\Users\Patton\Downloads\Out Of The Cradle
2015-01-03 23:11 - 2015-01-14 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 23:11 - 2015-01-03 23:11 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-03 23:10 - 2015-01-03 23:10 - 00000000 ____D () C:\Program Files\iPod
2015-01-02 16:28 - 2015-01-11 15:10 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Self Titled (2008) & Constant Companion (2010)(Indie Folk Alt-Country)(MP3@320)
2015-01-02 14:59 - 2015-01-02 15:11 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley...Constant Companion(2010)[FLAC]
2015-01-01 00:01 - 2015-01-11 15:24 - 00000000 ____D () C:\Users\Patton\Downloads\Strand Of Oaks - Heal (2014) [mp3@320]
2014-12-31 23:01 - 2014-12-31 23:25 - 00000000 ____D () C:\Users\Patton\Downloads\Thin Lizzy [Discography]
2014-12-31 21:18 - 2015-01-11 17:16 - 00000000 ____D () C:\Users\Patton\Downloads\Ex_Hex-Rips-CD-FLAC-2014-PERFECT
2014-12-31 21:13 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\The Big Picture
2014-12-31 21:10 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\Rodney Crowell - Tarpaper Sky (2014) FLAC16
2014-12-31 21:06 - 2014-12-31 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\XTC-Skylarking (remastered)(Darkside_RG)
2014-12-28 15:28 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Shakey Graves - And the War Came [2014] 320
2014-12-28 15:18 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Janiva Magness - Original (2014) [FLAC]
2014-12-24 15:36 - 2014-12-24 15:36 - 00000000 ____D () C:\Users\Patton\Downloads\Solid Colors
2014-12-24 09:03 - 2014-12-24 09:05 - 00000000 ____D () C:\Users\Patton\Downloads\Escape of the Circus Ponies
2014-12-23 23:53 - 2015-01-02 17:15 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian & Holger Czukay - Flux + Mutability (1989)
2014-12-23 23:52 - 2015-01-02 17:25 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvian, David - Czukay, Holger - Plight & Premonition
2014-12-19 12:34 - 2015-01-11 17:17 - 00000000 ____D () C:\Users\Patton\Downloads\The Nels Cline Singers - Macroscope (2014) [FLAC]
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\Users\Patton\Downloads\Frontier Ruckus  Sitcom Afterlife(320)(Indie){F2D}
2014-12-18 22:54 - 2014-12-18 22:54 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil
2014-12-18 22:22 - 2014-12-22 21:28 - 00000000 ____D () C:\Users\Patton\Downloads\Lynyrd Skynyrd - Original Discography LAME 3.99.5 - 320Kbps
2014-12-18 22:18 - 2014-12-18 22:29 - 00000000 ____D () C:\Users\Patton\Downloads\JJ Cale - Discography (1972-2009) [FLAC][WwW.LoKoTorrents.CoM]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 10:31 - 2011-10-29 10:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 10:21 - 2013-03-28 23:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 09:47 - 2011-09-17 04:08 - 01637659 _____ () C:\windows\WindowsUpdate.log
2015-01-16 09:47 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 09:47 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 09:46 - 2009-07-13 23:13 - 00006266 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-16 09:39 - 2011-10-29 10:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 09:39 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 09:39 - 2009-07-13 22:51 - 00270958 _____ () C:\windows\setupact.log
2015-01-16 09:38 - 2010-11-20 21:47 - 00896948 _____ () C:\windows\PFRO.log
2015-01-16 08:46 - 2013-12-14 03:07 - 05098727 _____ () C:\windows\IE11_main.log
2015-01-15 15:22 - 2013-08-14 01:22 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 15:14 - 2013-03-28 23:11 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 15:14 - 2013-03-28 23:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 15:14 - 2011-10-30 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 10:04 - 2012-03-11 08:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 13:57 - 2014-03-13 21:03 - 11216896 _____ (Microsoft) C:\Users\Patton\Desktop\Anti-CryptorBitV2.exe
2015-01-14 11:48 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 11:46 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-01-14 11:25 - 2014-12-03 15:21 - 00000000 ____D () C:\Users\Patton\Documents\noahs work
2015-01-14 11:24 - 2011-10-28 18:31 - 00000000 ____D () C:\Users\Patton
2015-01-14 11:23 - 2014-09-13 08:00 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\uTorrent
2015-01-14 11:23 - 2012-06-29 11:39 - 00000000 ____D () C:\ProgramData\NexonUS
2015-01-14 11:23 - 2012-02-17 07:43 - 00000000 ____D () C:\windows\system32\Macromed
2015-01-14 11:23 - 2011-11-11 08:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-14 11:23 - 2011-09-17 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-14 11:23 - 2011-09-17 04:36 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2015-01-14 11:23 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2015-01-14 11:22 - 2013-03-29 10:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 11:22 - 2011-09-17 04:50 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-14 11:22 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2015-01-14 11:21 - 2011-02-18 02:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 11:17 - 2011-11-12 20:42 - 00000000 ____D () C:\Users\Patton\AppData\Local\CrashDumps
2015-01-12 00:03 - 2014-09-05 21:13 - 00000000 ____D () C:\Users\Patton\AppData\Local\Adobe
2015-01-11 23:49 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SchCache
2015-01-11 18:52 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\L2Schemas
2015-01-11 17:32 - 2014-10-31 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Matthew Cooper - 2011 - Some Days Are Better Than Others [FLAC] {TRR 191}
2015-01-11 17:22 - 2014-10-30 20:29 - 00000000 ____D () C:\Users\Patton\Downloads\Mark Lanegan Band - Phantom Radio (2014) FLAC Beolab1700
2015-01-11 17:19 - 2014-04-18 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-With_Light_And_With_Love-2014-pLAN9
2015-01-11 17:18 - 2014-10-10 21:44 - 00000000 ____D () C:\Users\Patton\Downloads\Wild Child - Pillow Talk
2015-01-11 17:17 - 2014-12-12 21:46 - 00000000 ____D () C:\Users\Patton\Downloads\Railroad Earth - The Last of the Outlaws (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-12 20:50 - 00000000 ____D () C:\Users\Patton\Downloads\Ry Cooder - Soundtracks [Box Set] (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-09 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Philip Glass - Music From The Thin Blue Line
2015-01-11 17:17 - 2014-10-17 21:49 - 00000000 ____D () C:\Users\Patton\Downloads\Thurston Moore - The Best Day (2014)
2015-01-11 17:17 - 2014-10-10 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Stinnett - A Fire Somewhere (2012 Reissue) [FLAC]
2015-01-11 17:17 - 2014-10-03 21:16 - 00000000 ____D () C:\Users\Patton\Downloads\Shinyribs - 2013 - Gulf Coast Museum
2015-01-11 17:17 - 2014-04-26 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Mumford And Sons (2008-2012)
2015-01-11 17:17 - 2014-04-19 23:04 - 00000000 ____D () C:\Users\Patton\Downloads\The White Buffalo - Shadows, Greys and Evil Ways (2013) MP3@320kbps Beolab1700
2015-01-11 17:17 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Gabriel - Up (2010) (flac)
2015-01-11 17:17 - 2014-02-27 18:17 - 00000000 ____D () C:\Users\Patton\Downloads\Jim White
2015-01-11 17:17 - 2012-12-28 10:27 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Departure Songs (2012)
2015-01-11 17:16 - 2014-12-12 21:43 - 00000000 ____D () C:\Users\Patton\Downloads\First Aid Kit - Stay Gold (2014) FLAC Beolab1700
2015-01-11 17:16 - 2013-02-26 21:47 - 00000000 ____D () C:\Users\Patton\Downloads\Explosions In The Sky
2015-01-11 15:35 - 2013-07-02 18:52 - 00000000 ____D () C:\Users\Patton\Desktop\1 FAT16
2015-01-11 15:35 - 2012-09-03 13:52 - 00000000 ____D () C:\Users\Patton\Documents\house_vegreville
2015-01-11 15:26 - 2014-12-12 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Devon Allman - Ragged & Dirty (2014) MP3VBR Beolab1700
2015-01-11 15:26 - 2014-11-29 00:29 - 00000000 ____D () C:\Users\Patton\Downloads\T Rex - The Albums Collection (2014) 10CD Box Set MP3@320kbps Beolab1700
2015-01-11 15:25 - 2014-10-20 18:57 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Burr - 2010 - O Ye Devastator (FLAC)
2015-01-11 15:25 - 2014-10-19 19:16 - 00000000 ____D () C:\Users\Patton\Downloads\Sallie Ford & The Sound Outside - Untamed Beast
2015-01-11 15:25 - 2014-05-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\shooter jennings - family man (2012) usa, country
2015-01-11 15:25 - 2014-02-23 08:37 - 00000000 ____D () C:\Users\Patton\Downloads\Terje Rypdal
2015-01-11 15:24 - 2014-08-16 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Robin Trower - Original Album Series 5CD (2014) MP3@320kbps Beolab1700
2015-01-11 15:23 - 2014-11-27 21:38 - 00000000 ____D () C:\Users\Patton\Downloads\The Coral - The Curse Of Love   2014
2015-01-11 15:23 - 2014-10-24 23:19 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of Desert Blues (2010) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-24 22:37 - 00000000 ____D () C:\Users\Patton\Downloads\The Strumbellas - We Still Move On Dance Floors (2013) [mp3@320]
2015-01-11 15:23 - 2014-10-24 22:28 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of The Sahara (2005) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-10 22:03 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - 2011 - Gold in the Shadow
2015-01-11 15:23 - 2014-10-03 21:18 - 00000000 ____D () C:\Users\Patton\Downloads\Sandy Bull - Fantasias For Guitar and Banjo (1963) [VINYL] {16 44.1}
2015-01-11 15:23 - 2014-09-05 22:33 - 00000000 ____D () C:\Users\Patton\Downloads\Jack Bruce - Silver Rails 2014 320kbps CBR MP3 [VX]
2015-01-11 15:23 - 2014-06-14 08:22 - 00000000 ____D () C:\Users\Patton\Downloads\Chatham County Line - Tightrope (2014) [FLAC]
2015-01-11 15:23 - 2014-05-18 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Post  Rock  -  Tortoise  Discography
2015-01-11 15:23 - 2014-05-12 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Fennesz - Bécs (2014) 320
2015-01-11 15:23 - 2014-03-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Hammill & Gary Lucas - Other World (2014) NLToppers
2015-01-11 15:23 - 2014-03-26 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\BEN HARPER Discography 320kps
2015-01-11 15:23 - 2014-02-09 20:20 - 00000000 ____D () C:\Users\Patton\Downloads\Tinariwen - Emmaar [2014] 320
2015-01-11 15:23 - 2013-11-11 13:24 - 00000000 ____D () C:\Users\Patton\Downloads\Bob Dylan
2015-01-11 15:22 - 2014-10-24 23:36 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To African Guitar Legends (2011) [EAC-FLAC]
2015-01-11 15:22 - 2014-04-07 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - If [mp3-320-2011]
2015-01-11 15:22 - 2012-04-24 19:43 - 00000000 ____D () C:\Users\Patton\Downloads\PETER GABRIEL - Passion - Music For The Last Temptation Of Christ 1989
2015-01-11 15:22 - 2012-01-26 22:31 - 00000000 ____D () C:\Users\Patton\Downloads\Phil Manzanera-Diamond Head-Vinylrip-Abrasax
2015-01-11 15:21 - 2014-11-27 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\French For Rabbits - Spirits    2014
2015-01-11 15:21 - 2014-10-10 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - Until When We Are Ghosts(2005)
2015-01-11 15:21 - 2014-09-29 20:38 - 00000000 ____D () C:\Users\Patton\Downloads\Sam Amidon - Lily-O (2014)
2015-01-11 15:21 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Pere Ubu - Carnival of Souls [2014] 256
2015-01-11 15:21 - 2014-09-02 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Rowan - Dharma Blues   2014
2015-01-11 15:21 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Oblivion Hymns 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:21 - 2014-06-14 08:57 - 00000000 ____D () C:\Users\Patton\Downloads\Glenn Jones...The Wanting(2011)[FLAC]
2015-01-11 15:21 - 2014-06-07 22:34 - 00000000 ____D () C:\Users\Patton\Downloads\[Folk Rock] Wovenhand - Refractory Obdurate 2014 @320 (By Jamal The Moroccan)
2015-01-11 15:21 - 2014-05-18 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Bump (2000) [EAC-FLAC]
2015-01-11 15:21 - 2014-05-17 23:05 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Isbell And The 400 Unit - Here We Rest (2011) mp3 320 vtwin88cube
2015-01-11 15:21 - 2013-01-30 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\Anywhere
2015-01-11 15:21 - 2012-10-27 08:32 - 00000000 ____D () C:\Users\Patton\Downloads\Kenny Brown Meet Ya In The Bottom
2015-01-11 15:21 - 2012-03-31 23:31 - 00000000 ____D () C:\Users\Patton\Downloads\Otis Taylor - Recapturing the Banjo
2015-01-11 15:20 - 2014-10-12 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Susan Christie...Paint A Lady(1969)(cd 2006)[FLAC]
2015-01-11 15:20 - 2013-08-11 08:05 - 00000000 ____D () C:\Users\Patton\Downloads\Moreland & Arbuckle - 7 Cities
2015-01-11 15:19 - 2014-10-24 18:10 - 00000000 ____D () C:\Users\Patton\Downloads\Prayer for the Forest
2015-01-11 15:19 - 2014-10-18 00:41 - 00000000 ____D () C:\Users\Patton\Downloads\Reverend Moon - Coyote Gospels (2014)
2015-01-11 15:19 - 2014-10-12 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Julia Stone...The Memory Machine(2011)[FLAC]
2015-01-11 15:19 - 2014-10-10 20:49 - 00000000 ____D () C:\Users\Patton\Downloads\Adam Green & Binki Shapiro [2013]
2015-01-11 15:19 - 2014-09-06 00:16 - 00000000 ____D () C:\Users\Patton\Downloads\(Desert Blues) Boubacar Traoré - Mali Denhou
2015-01-11 15:19 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Dream River 2013 Indie 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:19 - 2013-12-27 18:14 - 00000000 ____D () C:\Users\Patton\Downloads\Iron And Wine - Ghost On Ghost 2013
2015-01-11 15:19 - 2013-06-26 20:41 - 00000000 ____D () C:\Users\Patton\Downloads\Heartless Bastards-The Mountain-2009
2015-01-11 15:19 - 2012-05-07 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Left Lane Cruiser - Junkyard Speed Ball
2015-01-11 15:19 - 2012-04-14 08:16 - 00000000 ____D () C:\Users\Patton\Downloads\Great Lake Swimmers - New Wild Everywhere (2012) [MP3 320]
2015-01-11 15:18 - 2014-09-05 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Peace 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:18 - 2014-09-05 22:02 - 00000000 ____D () C:\Users\Patton\Downloads\[Alt. Rock] Steve Wynn - Sketches In Spain 2014 (Jamal the Moroccan)
2015-01-11 15:18 - 2014-03-09 00:27 - 00000000 ____D () C:\Users\Patton\Downloads\Golden Earring - Moontan (1973) [2001 Reissue] [mp3@320]
2015-01-11 15:18 - 2013-07-05 21:14 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Uberjam Deux 2013 Jazz 320kbps CBR MP3 [VX]
2015-01-11 15:18 - 2013-07-03 15:59 - 00000000 ____D () C:\Users\Patton\Downloads\Alex Chilton-Like Flies On Sherbert [1979
2015-01-11 15:18 - 2012-11-05 14:10 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-Bend.Beyond.2012.VBR-FNT
2015-01-11 15:18 - 2012-01-22 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Bonneville - Bad Man’s Blood 2011
2015-01-11 15:17 - 2014-12-09 23:33 - 00000000 ____D () C:\Users\Patton\Downloads\Alice Gerrard - Follow The Music   2014
2015-01-11 15:17 - 2014-10-17 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\The Barr Brothers - Sleeping Operator   2014
2015-01-11 15:17 - 2014-09-12 17:03 - 00000000 ____D () C:\Users\Patton\Downloads\Hiss Golden Messenger - Lateness Of Dancers   2014
2015-01-11 15:17 - 2014-09-03 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\Robert Plant - Lullaby... and the Ceaseless Roar   2014
2015-01-11 15:17 - 2012-05-14 21:11 - 00000000 ____D () C:\Users\Patton\Downloads\Julian Lynch - Mare (Olde English Spelling Bee 2010)
2015-01-11 15:16 - 2014-12-07 18:06 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian - Weatherbox
2015-01-11 15:16 - 2014-10-17 21:08 - 00000000 ____D () C:\Users\Patton\Downloads\Pieta Brown - Paradise Outlaw   2014
2015-01-11 15:16 - 2014-10-04 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Richard Buckner - 1998 - Since [FLAC]
2015-01-11 15:16 - 2014-09-29 20:53 - 00000000 ____D () C:\Users\Patton\Downloads\Bonnie 'Prince' Billy - Singers Grave A Sea Of Tongues (2014)
2015-01-11 15:16 - 2014-04-30 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Ray LaMontagne - Supernova (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-04-19 23:51 - 00000000 ____D () C:\Users\Patton\Downloads\The Secret Sisters - Put Your Needle Down (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-03-28 19:27 - 00000000 ____D () C:\Users\Patton\Downloads\Roy Harper  Man & Myth 2013
2015-01-11 15:16 - 2013-10-13 19:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Blood of the Ram (2004)
2015-01-11 15:16 - 2013-08-10 20:31 - 00000000 ____D () C:\Users\Patton\Downloads\Daughn Gibson - Me Moan 2013 Alternative 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:16 - 2012-05-22 22:30 - 00000000 ____D () C:\Users\Patton\Downloads\James McMurtry - Childish Things (2005)
2015-01-11 15:16 - 2012-04-30 17:52 - 00000000 ____D () C:\Users\Patton\Downloads\Widowspeak - Widowspeak
2015-01-11 15:15 - 2014-10-31 22:53 - 00000000 ____D () C:\Users\Patton\Downloads\Jim James-2012-Regions Of Light And Sound Of God
2015-01-11 15:15 - 2014-10-17 20:51 - 00000000 ____D () C:\Users\Patton\Downloads\Maggie Björklund - Shaken (2014)
2015-01-11 15:15 - 2014-08-16 21:31 - 00000000 ____D () C:\Users\Patton\Downloads\Passenger - Whispers (Deluxe Edition) 2014 320kbps CBR MP3 [VX]
2015-01-11 15:15 - 2014-03-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Strong Feelings (2014) 320K
2015-01-11 15:15 - 2014-02-23 20:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hungry Ghosts - 2000 - Alone, Alone
2015-01-11 15:15 - 2012-11-15 23:20 - 00000000 ____D () C:\Users\Patton\Downloads\Today's Active Lifestyles
2015-01-11 15:15 - 2012-07-16 07:38 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Webley - Only Just Beginning
2015-01-11 15:15 - 2012-05-15 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Raising Your Voice... Trying to Stop an Echo
2015-01-11 15:15 - 2012-02-29 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Jerry Douglas - Lookout for Hope (2002)
2015-01-11 15:14 - 2014-10-31 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\All Hell
2015-01-11 15:13 - 2014-07-26 14:38 - 00000000 ____D () C:\Users\Patton\Downloads\[Neo Soul] Cold Specks - Neuroplasticity 2014 (Jamal The Moroccan)
2015-01-11 15:13 - 2014-05-17 22:04 - 00000000 ____D () C:\Users\Patton\Downloads\Tedeschi Trucks Band - 2013 Made Up Mind
2015-01-11 15:13 - 2014-05-09 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\John Martyn
2015-01-11 15:13 - 2013-12-28 18:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Civil Wars
2015-01-11 15:13 - 2013-01-30 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Forbert - Over with You (2012)
2015-01-11 15:13 - 2012-06-13 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Mount Eerie - Clear Moon (2012)
2015-01-11 15:13 - 2012-05-15 23:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Kenotic
2015-01-11 15:12 - 2014-10-12 23:12 - 00000000 ____D () C:\Users\Patton\Downloads\Corinne West & Kelly Joe Phelps ...Magnetic Skyline(2010)[FLAC]
2015-01-11 15:12 - 2014-10-12 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Shearwater...Rook(2008)[FLAC]
2015-01-11 15:12 - 2014-09-12 16:23 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat...Oh, My Darling(2007)[FLAC]
2015-01-11 15:12 - 2014-09-05 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down
2015-01-11 15:12 - 2014-05-17 21:58 - 00000000 ____D () C:\Users\Patton\Downloads\Shooter Jennings - Put the O Back in Country (2005)
2015-01-11 15:12 - 2014-04-01 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\Timber Timbre - Hot Dreams (2014) MP3@320kbps Beolab1700
2015-01-11 15:12 - 2014-02-14 00:23 - 00000000 ____D () C:\Users\Patton\Downloads\Eels_Beautiful Freak
2015-01-11 15:12 - 2013-12-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Tony Joe White
2015-01-11 15:12 - 2013-09-30 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Mazzy Star - Seasons of Your Day (2013) [MP3 320]
2015-01-11 15:12 - 2013-08-05 20:57 - 00000000 ____D () C:\Users\Patton\Downloads\The Wooden Sky...Every Child a Daughter, Every Moon a Sun(2012)[FLAC]
2015-01-11 15:12 - 2013-08-05 19:52 - 00000000 ____D () C:\Users\Patton\Downloads\Empty Glass [Bonus Tracks]
2015-01-11 15:12 - 2013-08-05 19:47 - 00000000 ____D () C:\Users\Patton\Downloads\Over the Rhine_Drunkard's Prayer
2015-01-11 15:12 - 2012-10-27 08:26 - 00000000 ____D () C:\Users\Patton\Downloads\Juke Boy Bonner - Nowhere To Run
2015-01-11 15:12 - 2012-08-18 09:18 - 00000000 ____D () C:\Users\Patton\Downloads\Trampled By Turtles - 2012 - Stars and Satellites
2015-01-11 15:12 - 2012-04-17 17:11 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Wylie Hubbard-9 Discs(MP3@320){19glide58}[H33T]
2015-01-11 15:12 - 2012-03-20 17:27 - 00000000 ____D () C:\Users\Patton\Downloads\Willard Grant Conspiracy - Regard The End
2015-01-11 15:12 - 2012-03-11 22:17 - 00000000 ____D () C:\Users\Patton\Downloads\Fleetwood Mac Discography by Sketch
2015-01-11 15:12 - 2012-03-02 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil_Endless Falls
2015-01-11 15:12 - 2012-03-02 20:16 - 00000000 ____D () C:\Users\Patton\Downloads\Tab Benoit - Medicine (2011)
2015-01-11 15:12 - 2012-02-27 08:49 - 00000000 ____D () C:\Users\Patton\Downloads\Fred Frith
2015-01-11 15:12 - 2012-02-23 17:21 - 00000000 ____D () C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]
2015-01-11 15:12 - 2012-01-23 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Wilco_The Whole Love
2015-01-11 15:11 - 2014-11-15 01:02 - 00000000 ____D () C:\Users\Patton\Downloads\Willie Nelson - Teatro (1998)
2015-01-11 15:11 - 2014-10-14 13:07 - 00000000 ____D () C:\Users\Patton\Downloads\Hookfoot...Hookfoot(1971) cd(2004)[FLAC]
2015-01-11 15:11 - 2014-02-17 20:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Dead Texan
2015-01-11 15:11 - 2012-05-15 18:35 - 00000000 ____D () C:\Users\Patton\Downloads\Willy DeVille Discography
2015-01-11 15:11 - 2012-02-09 18:26 - 00000000 ____D () C:\Users\Patton\Downloads\Wovenhand-Black Of The Ink-2011
2015-01-11 15:11 - 2012-01-20 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\woven hand - blush music (2003)
2015-01-11 15:10 - 2014-11-26 23:18 - 00000000 ____D () C:\Users\Patton\Downloads\Captain Beefheart - Sun Zoom Spark 1970 - 72 [Box Set] (2014) FLAC Beolab1700
2015-01-11 15:10 - 2014-10-12 16:28 - 00000000 ____D () C:\Users\Patton\Downloads\Jenny Owen Youngs...Transmitter Failure(2009)[FLAC]
2015-01-11 15:10 - 2014-10-04 14:16 - 00000000 ____D () C:\Users\Patton\Downloads\James Yorkston – The Cellardyke Recording and Wassailing Society (2014) ~{Batman}
2015-01-11 15:10 - 2014-10-03 21:45 - 00000000 ____D () C:\Users\Patton\Downloads\Tiny Ruins - Brightly Painted One (2014) [FLAC]
2015-01-11 15:10 - 2014-09-20 01:09 - 00000000 ____D () C:\Users\Patton\Downloads\Turkish Instrumental Music Collection - KONTINYU
2015-01-11 15:10 - 2014-09-19 23:43 - 00000000 ____D () C:\Users\Patton\Downloads\Complete Solo Piano Recordings 1972 - 1996
2015-01-11 15:10 - 2014-06-14 10:08 - 00000000 ____D () C:\Users\Patton\Downloads\Rachael Yamagata...Elephants Teeth Sinking Into Heart(2008)[FLAC]
2015-01-11 15:10 - 2014-05-23 20:00 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Stadium Blitzer
2015-01-11 15:10 - 2014-05-09 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\Elmore James - The Sky is Crying, The History of Elmore James (1993) [FLAC]
2015-01-11 15:10 - 2014-04-26 10:10 - 00000000 ____D () C:\Users\Patton\Downloads\Cockburn 1980-1994
2015-01-11 15:10 - 2014-04-13 08:30 - 00000000 ____D () C:\Users\Patton\Downloads\Woven Hand...The Threshingfloor(2010)[FLAC]
2015-01-11 15:10 - 2014-04-07 23:32 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvain Chauveau
2015-01-11 15:10 - 2013-05-21 06:42 - 00000000 ____D () C:\Users\Patton\Downloads\Marc Ribot
2015-01-11 15:10 - 2013-05-21 06:40 - 00000000 ____D () C:\Users\Patton\Downloads\Danny Schmidt Full Album Discography 1999 - 2011 (FLAC)
2015-01-11 15:10 - 2012-07-04 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\The Walkabouts
2015-01-11 15:10 - 2012-05-16 22:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Wonderful And Fantastical Music Of New-Zea-Land
2015-01-11 15:01 - 2011-09-17 04:51 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 01:16 - 2011-10-28 18:31 - 00118800 _____ () C:\Users\Patton\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 00:40 - 2014-12-10 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-08 00:10 - 2014-10-25 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-07 23:55 - 2014-04-07 22:52 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - A Bad Wind Blows In My Heart [mp3-vbr-2013]
2015-01-07 23:51 - 2014-02-23 21:07 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)
2015-01-07 23:50 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Apocalypse [mp3-320-2011]
2015-01-07 23:50 - 2014-02-05 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Big Head Todd and The Monsters - Black Beehive [2014] [Mp3-320]-V3nom [GLT]
2015-01-07 23:50 - 2012-08-31 16:32 - 00000000 ____D () C:\Users\Patton\Downloads\Benoit Pioulard - Lasted (2010)
2015-01-07 23:49 - 2014-10-12 21:04 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Francis Leftwich...Last Smoke Before the Snowstorm(2011)[FLAC]
2015-01-07 23:49 - 2014-09-03 22:42 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Booker - Benjamin Booker (2014) MP3@320kbps Beolab1700
2015-01-07 23:49 - 2014-06-21 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Ben Nichols - Last Pale Light
2015-01-07 23:45 - 2014-10-10 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Beaubrummels - Bradley's Barn (1968) [FLAC]
2015-01-07 23:45 - 2012-10-03 19:50 - 00000000 ____D () C:\Users\Patton\Downloads\Beachwood Sparks - Tarnished Gold (2012)
2015-01-07 23:44 - 2014-09-12 16:19 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Heart Of My Own (2010)
2015-01-07 23:44 - 2014-09-06 12:06 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Tall Tall Shadow (2013) [FLAC]
2015-01-07 23:44 - 2013-05-06 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Bassekou Kouyate & Ngoni ba - Jama ko (2013)
2015-01-07 23:42 - 2014-10-13 20:33 - 00000000 ____D () C:\Users\Patton\Downloads\Ariana Gillis - Forget Me Not [2011] FLAC
2015-01-07 23:42 - 2014-09-05 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\Arve Henriksen - Strjon (2007) (192 vbr)
2015-01-07 23:42 - 2014-08-09 21:21 - 00000000 ____D () C:\Users\Patton\Downloads\Angus & Julia Stone - Angus & Julia Stone (2014)
2015-01-07 23:42 - 2014-06-12 21:15 - 00000000 ____D () C:\Users\Patton\Downloads\Andrew Bird - Things Are Really Great Here, Sort of... (2014) [FLAC]
2015-01-07 23:42 - 2014-05-20 23:55 - 00000000 ____D () C:\Users\Patton\Downloads\Angel Olsen-Half Way Home (2012) V0
2015-01-07 23:39 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Black Eye Galaxy 2012 Flac
2015-01-07 23:37 - 2014-01-14 07:06 - 00000000 ____D () C:\Users\Patton\Downloads\Agnes Obel - 2013 - Aventine [FLAC]
2015-01-07 23:37 - 2012-12-27 21:09 - 00000000 ____D () C:\Users\Patton\Downloads\Alabama Shakes - Boys & Girls (2012) FLAC Beolab1700
2015-01-07 23:36 - 2014-10-08 21:00 - 00000000 ____D () C:\Users\Patton\Downloads\A Winged Victory for the Sullen - A Winged Victory for the Sullen ERATP032CD 2011 flac
2015-01-07 23:36 - 2012-05-07 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\A.A. Bondy - Believers(2011)MP3 Nlt-release
2015-01-07 23:31 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\1992 - Peter Gabriel - US (2002, 24-96)
2015-01-07 23:31 - 2013-07-14 21:27 - 00000000 ____D () C:\Users\Patton\Downloads\1977 - Pete Townshend & Ronnie Lane - Rough Mix (24-96)
2015-01-07 23:30 - 2012-01-20 19:19 - 00000000 ____D () C:\Users\Patton\Downloads\16 horsepower - low estate (1998)
2015-01-07 23:28 - 2014-09-06 00:36 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) T-Model Ford - The Ladies Man (2010)
2015-01-07 23:27 - 2014-05-18 10:16 - 00000000 ____D () C:\Users\Patton\Downloads\(2003) Songs Ohia - Magnolia Electric Co. [Reissue 2013] [FLAC]
2015-01-07 23:27 - 2014-04-12 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\(1994) Metatron [256]
2015-01-07 23:27 - 2012-03-09 00:14 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) CeDell Davis & Herman Alexander - Highway 61
2015-01-07 23:26 - 2010-06-01 16:44 - 00061472 _____ () C:\Users\Patton\Downloads\WestBromCelePA_468x404.JPG.bsnhdzf
2015-01-07 23:26 - 2010-06-01 16:44 - 00014688 _____ () C:\Users\Patton\Downloads\new resume.DOCX.bsnhdzf
2015-01-07 23:26 - 2009-03-10 11:28 - 117393232 _____ () C:\Users\Patton\Downloads\Lloyd Banks - V6  The Gift - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2010-06-01 16:44 - 00032544 ___SH () C:\Users\Patton\Downloads\Folder.JPG.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 95069568 _____ () C:\Users\Patton\Downloads\Lloyd Banks - Cold Corner 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 94647232 _____ () C:\Users\Patton\Downloads\King Los - Zero Gravity II - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 141742320 _____ () C:\Users\Patton\Downloads\Joey Bada$$ - Summer Knights  - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 132888240 _____ () C:\Users\Patton\Downloads\Lil Durk - Signed To The Streets 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 128775504 _____ () C:\Users\Patton\Downloads\ChapterOne.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 104454928 _____ () C:\Users\Patton\Downloads\Juicy J - Rubba Band Business (Hosted By Trap-A-Holics) Feat. Lex Luger - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:24 - 2012-08-17 22:11 - 00021504 ___SH () C:\Users\Patton\Documents\Thumbs.db
2015-01-07 23:24 - 2010-06-01 16:44 - 00020608 _____ () C:\Users\Patton\Documents\hannah housing mru_2014.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00017680 _____ () C:\Users\Patton\Documents\under the influence- hannah.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00016528 _____ () C:\Users\Patton\Documents\17.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00015056 _____ () C:\Users\Patton\Documents\Dear noah patton.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00013088 _____ () C:\Users\Patton\Documents\soccer reality.DOCX.bsnhdzf
2015-01-07 23:20 - 2012-01-21 12:07 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Winamp
2015-01-07 23:11 - 2011-12-16 14:45 - 00000000 ____D () C:\Users\Patton\AppData\Local\Windows Live
2015-01-07 23:08 - 2012-02-21 22:21 - 00000000 ____D () C:\Users\Patton\AppData\Local\Microsoft Help
2015-01-07 22:41 - 2014-05-15 17:38 - 00000000 ____D () C:\temp
2015-01-07 22:41 - 2011-09-17 04:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-03 23:10 - 2013-11-01 18:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-03 23:10 - 2011-12-25 17:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 23:07 - 2011-12-25 17:50 - 00000000 ____D () C:\ProgramData\Apple
2015-01-03 11:05 - 2013-03-29 10:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-02 16:34 - 2014-10-11 08:55 - 00000000 ____D () C:\Users\Patton\Downloads\Dinosaur Feathers...Whistle Tips(2012)[FLAC]
2015-01-02 14:35 - 2014-11-27 21:23 - 00000000 ____D () C:\Users\Patton\Downloads\Elliott Brood - Work And Love [Deluxe Edition] (2014)
2015-01-01 00:03 - 2014-10-31 22:47 - 00000000 ____D () C:\Users\Patton\Downloads\Grouper - The Man Who Died in His Boa (2013) [FLAC]
2014-12-31 23:45 - 2014-10-30 20:42 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Gunn - Way Out Weather   2014
2014-12-31 19:59 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Patton\Downloads\Harold Budd
2014-12-31 19:50 - 2014-11-27 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\The Budos Band – Burnt Offering [2014] 320
2014-12-31 18:33 - 2014-11-15 02:14 - 00000000 ____D () C:\Users\Patton\Downloads\The Ventures-14 albums
2014-12-31 08:16 - 2009-07-13 23:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-28 09:39 - 2014-02-14 00:33 - 00000000 ____D () C:\Users\Patton\Downloads\Stars Of The Lid
2014-12-23 23:27 - 2014-09-19 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\bcer

Some content of TEMP:
====================
C:\Users\Patton\AppData\Local\Temp\OLMAPI32.DLL
C:\Users\Patton\AppData\Local\Temp\Quarantine.exe
C:\Users\Patton\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 10:36

==================== End Of Log ============================

Attached Files



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 16 January 2015 - 12:05 PM

Please post all logs into the thread. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 January 2015 - 12:08 PM

Please post all logs into the thread.

I thought I did...?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 16 January 2015 - 12:37 PM

Sorry, my mistake. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [arnmklo] => rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo <===== ATTENTION
    HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [notepad.exe] => C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    C:\Users\Patton\AppData\Local\arnmklo.dll
    C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
  • Click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
  • Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
    Step 2: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
    Step 3: ESET

    Please run a free online scan with the ESET Online Scanner:

    IMPORTANT: You MUST use Internet Explorer for this step!
    • Visit the ESET Online Scanner Web Page
    • Select the blue Run ESET Online Scanner button:
      ESET1_zps23a5e840.png
    • Tick the box next to YES, I accept the Terms of Use and click Start
      ESET_EULA2_zps9451f1c3.png
    • When asked, allow the ActiveX control to install.
    • Select Enable detection of potentially unwanted applications and select Advanced Settings:
      ESET2_zpsc701c045.png
    • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
      ESET4_zps0afafd0d.png
    • Click Start. (This scan can take several hours, so please be patient):
      ESET3_zpsccd1657d.png
    • Once the scan is completed, select List of found threats:
      ESET5_zpsd27be299.png
    • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
      ESET6_zpsc17d154e.png
    • Click the Back button.
    • Click the Finish button:
      ESET9_zps51587217.png
    • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
    • Copy and paste that log as a reply to this topic.
    Step 4: Question

    How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 16 January 2015 - 04:33 PM

Eset scan still running. at 99% atm. here's the other 2 logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Patton at 2015-01-16 11:46:06 Run:1
Running from C:\Users\Patton\Desktop
Loaded Profiles: Patton (Available profiles: Patton)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [arnmklo] => rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo <===== ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [notepad.exe] => C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Patton\AppData\Local\arnmklo.dll
C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
EmptyTemp:
*****************

HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Windows\CurrentVersion\Run\\arnmklo => value deleted successfully.
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Windows\CurrentVersion\Run\\notepad.exe => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"C:\Users\Patton\AppData\Local\arnmklo.dll" => File/Directory not found.
C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EmptyTemp: => Removed 7.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:47:15 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Patton (administrator) on PATTON-PC on 16-01-2015 11:56:03
Running from C:\Users\Patton\Desktop
Loaded Profiles: Patton (Available profiles: Patton)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Windows\System32\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [arnmklo] => rundll32 "C:\Users\Patton\AppData\Local\arnmklo.dll",arnmklo <===== ATTENTION
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\...\Run: [notepad.exe] => C:\Users\Patton\AppData\Roaming\OSK-DUPKSPPO\notepad.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKU\S-1-5-21-1944314226-4241285889-3694376531-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSCA
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-1944314226-4241285889-3694376531-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 142.13.17.66 142.13.17.43
Tcpip\..\Interfaces\{61725C33-3209-4A8F-BDBF-45F60F54F276}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{83C63E0A-484F-481C-A0AE-423D81D37C4F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Profiles\r7eg38ae.default-1421028351650
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @talk.google.com/O1DPlugin -> C:\Users\Patton\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1944314226-4241285889-3694376531-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Patton\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Patton\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-10]

Chrome:
=======
CHR Profile: C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Property Helper Object) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-01-07]
CHR Extension: (Google Docs) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-26]
CHR Extension: (Google Drive) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-26]
CHR Extension: (YouTube) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-26]
CHR Extension: (Google Search) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-26]
CHR Extension: (Skype Click to Call) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-22]
CHR Extension: (Google Wallet) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Gmail) - C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-01-14] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:48 - 2015-01-16 11:48 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-16 10:47 - 2015-01-16 10:47 - 00000626 _____ () C:\Users\Patton\Desktop\JRT.txt
2015-01-16 10:44 - 2015-01-16 10:44 - 01707939 _____ (Thisisu) C:\Users\Patton\Downloads\JRT(1).exe
2015-01-16 10:43 - 2015-01-16 10:43 - 00001055 _____ () C:\Users\Patton\Desktop\mbam.txt
2015-01-16 09:52 - 2015-01-16 09:52 - 00000991 _____ () C:\Users\Patton\Desktop\AdwCleaner[S1].txt
2015-01-16 09:41 - 2015-01-16 09:42 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patton\Downloads\mbam-setup-2.0.4.1028(1).exe
2015-01-16 09:36 - 2015-01-16 09:36 - 02191360 _____ () C:\Users\Patton\Downloads\AdwCleaner(1).exe
2015-01-16 08:47 - 2015-01-16 08:48 - 00028677 _____ () C:\Users\Patton\Desktop\Addition.txt
2015-01-16 08:46 - 2015-01-16 11:56 - 00018878 _____ () C:\Users\Patton\Desktop\FRST.txt
2015-01-16 08:46 - 2015-01-16 11:56 - 00000000 ____D () C:\FRST
2015-01-16 08:45 - 2015-01-16 08:45 - 02125312 _____ (Farbar) C:\Users\Patton\Desktop\FRST64.exe
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\Desktop\ShadowExplorerPortable-0.9
2015-01-15 15:25 - 2015-01-15 15:25 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\www.shadowexplorer.com
2015-01-15 15:20 - 2015-01-15 15:20 - 00021495 _____ () C:\Users\Patton\Desktop\dds.txt
2015-01-15 15:20 - 2015-01-15 15:20 - 00010649 _____ () C:\Users\Patton\Desktop\attach.txt
2015-01-15 15:16 - 2015-01-15 15:16 - 00688992 ____R (Swearware) C:\Users\Patton\Desktop\dds.com
2015-01-15 10:00 - 2015-01-15 10:00 - 03973120 _____ (iText Group NV) C:\Users\Patton\Desktop\itextsharp.dll
2015-01-14 15:25 - 2015-01-14 15:25 - 00001908 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-01-14 15:25 - 2015-01-14 15:25 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-14 15:23 - 2015-01-14 16:36 - 00000228 _____ () C:\windows\system32\.crusader
2015-01-14 13:59 - 2015-01-15 10:04 - 00000000 ____D () C:\Users\Patton\Desktop\New folder
2015-01-14 13:57 - 2015-01-14 13:57 - 00462336 _____ (Dino Chiesa) C:\Users\Patton\Downloads\Ionic.Zip.dll
2015-01-14 13:55 - 2015-01-14 15:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-14 13:55 - 2015-01-14 13:58 - 11225840 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro_x64.exe
2015-01-14 13:25 - 2015-01-14 13:25 - 10868379 _____ () C:\Users\Patton\Downloads\Anti-CryptorBitV2.zip
2015-01-14 13:22 - 2015-01-14 13:22 - 09096848 _____ (SurfRight B.V.) C:\Users\Patton\Downloads\HitmanPro.exe
2015-01-14 13:22 - 2015-01-14 13:22 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-16 11:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-14 13:21 - 2015-01-14 13:21 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-14 13:21 - 2015-01-14 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-14 13:20 - 2015-01-14 13:21 - 21001040 _____ (SUPERAntiSpyware) C:\Users\Patton\Downloads\SUPERAntiSpyware.exe
2015-01-14 11:48 - 2015-01-14 11:48 - 00023373 _____ () C:\ComboFix.txt
2015-01-14 11:34 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2015-01-14 11:34 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2015-01-14 11:34 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2015-01-14 11:34 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2015-01-14 11:33 - 2015-01-14 11:48 - 00000000 ____D () C:\Qoobox
2015-01-14 11:33 - 2015-01-14 11:47 - 00000000 ____D () C:\windows\erdnt
2015-01-14 11:32 - 2015-01-14 11:32 - 00001447 _____ () C:\Users\Patton\Desktop\ComboFix - Shortcut.lnk
2015-01-14 11:30 - 2015-01-14 11:30 - 00000000 ____D () C:\windows\ERUNT
2015-01-14 11:27 - 2015-01-14 11:27 - 05609736 ____R (Swearware) C:\Users\Patton\Downloads\ComboFix.exe
2015-01-14 11:26 - 2015-01-16 09:38 - 00000000 ____D () C:\AdwCleaner
2015-01-14 11:26 - 2015-01-14 11:27 - 01707939 _____ (Thisisu) C:\Users\Patton\Downloads\JRT.exe
2015-01-14 11:26 - 2015-01-14 11:26 - 02191360 _____ () C:\Users\Patton\Downloads\AdwCleaner.exe
2015-01-11 23:06 - 2015-01-11 23:46 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Usuhez
2015-01-11 23:01 - 2015-01-11 23:01 - 00000000 ____D () C:\Users\Patton\AppData\Local\Amazon
2015-01-11 22:47 - 2015-01-14 11:23 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Qyuhre
2015-01-11 22:47 - 2015-01-11 22:47 - 00003816 _____ () C:\windows\System32\Tasks\Security Center Update - 1985879332
2015-01-11 17:52 - 2015-01-11 17:52 - 04320054 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.bmp
2015-01-11 17:52 - 2015-01-11 17:52 - 00001240 _____ () C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.txt
2015-01-11 15:30 - 2015-01-07 23:24 - 02689152 _____ () C:\Users\Patton\Documents\IMG_0395.JPG.bsnhdzf
2015-01-11 15:30 - 2015-01-07 23:24 - 00326464 _____ () C:\Users\Patton\Documents\Assiniboine Community College.DOCX.bsnhdzf
2015-01-11 15:11 - 2015-01-11 17:52 - 01494871 _____ () C:\ProgramData\omqyzvc.html
2015-01-11 14:59 - 2015-01-11 14:59 - 00003020 _____ () C:\windows\System32\Tasks\cfhzhyd
2015-01-11 13:44 - 2015-01-16 09:52 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-11 13:44 - 2015-01-16 09:44 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-11 13:44 - 2015-01-16 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2015-01-16 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-11 13:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-11 13:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-11 13:34 - 2015-01-11 13:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patton\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 13:29 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ohonca
2015-01-11 13:08 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ukcegea
2015-01-10 00:48 - 2015-01-10 00:53 - 00017920 ___SH () C:\Users\Patton\Thumbs.db
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-09 23:24 - 2015-01-10 00:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-09 23:04 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Upweec
2015-01-09 22:42 - 2015-01-11 15:26 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uktaozri
2015-01-09 22:35 - 2015-01-11 15:29 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Imibsu
2015-01-08 22:51 - 2015-01-11 20:05 - 00000000 ____D () C:\Users\Patton\Desktop\Old Firefox Data
2015-01-08 22:29 - 2015-01-08 22:29 - 00000042 _____ () C:\windows\SysWOW64\AK083E209605E394C.lie
2015-01-08 22:28 - 2015-01-08 22:28 - 01264554 _____ (My Company, Inc. ) C:\Users\Patton\Downloads\HelpUninstaller_setup.exe
2015-01-08 00:10 - 2015-01-08 00:10 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-08 00:10 - 2015-01-08 00:10 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-07 23:26 - 2015-01-07 23:26 - 00004651 _____ () C:\Users\Patton\Downloads\how_decrypt.html
2015-01-07 23:24 - 2015-01-07 23:24 - 00004651 _____ () C:\Users\Patton\Documents\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\how_decrypt.html
2015-01-07 22:41 - 2015-01-07 22:41 - 00004651 _____ () C:\Users\Patton\AppData\Local\how_decrypt.html
2015-01-07 22:39 - 2015-01-08 00:38 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Ivhipa
2015-01-07 22:38 - 2015-01-07 22:44 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Local Store
2015-01-07 22:34 - 2015-01-07 23:56 - 00000000 ____D () C:\ProgramData\pei
2015-01-07 22:34 - 2015-01-07 22:41 - 00000000 ____D () C:\ProgramData\KifsEtabb
2015-01-07 22:29 - 2015-01-08 00:40 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Uvdyxo
2015-01-07 18:39 - 2015-01-14 11:31 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2015-01-07 18:24 - 2015-01-14 16:37 - 00000000 ____D () C:\Users\Patton\AppData\Local\Uqdcmedia
2015-01-07 18:24 - 2015-01-14 15:23 - 00000000 ____D () C:\Users\Patton\AppData\Local\Ecgtion
2015-01-07 17:57 - 2015-01-07 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Wild 2014
2015-01-04 16:07 - 2015-01-04 16:09 - 00000000 ____D () C:\Users\Patton\Downloads\Out Of The Cradle
2015-01-03 23:11 - 2015-01-14 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-03 23:11 - 2015-01-03 23:11 - 00001754 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files\iTunes
2015-01-03 23:10 - 2015-01-03 23:11 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-03 23:10 - 2015-01-03 23:10 - 00000000 ____D () C:\Program Files\iPod
2015-01-02 16:28 - 2015-01-11 15:10 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Self Titled (2008) & Constant Companion (2010)(Indie Folk Alt-Country)(MP3@320)
2015-01-02 14:59 - 2015-01-02 15:11 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley...Constant Companion(2010)[FLAC]
2015-01-01 00:01 - 2015-01-11 15:24 - 00000000 ____D () C:\Users\Patton\Downloads\Strand Of Oaks - Heal (2014) [mp3@320]
2014-12-31 23:01 - 2014-12-31 23:25 - 00000000 ____D () C:\Users\Patton\Downloads\Thin Lizzy [Discography]
2014-12-31 21:18 - 2015-01-11 17:16 - 00000000 ____D () C:\Users\Patton\Downloads\Ex_Hex-Rips-CD-FLAC-2014-PERFECT
2014-12-31 21:13 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\The Big Picture
2014-12-31 21:10 - 2015-01-11 17:24 - 00000000 ____D () C:\Users\Patton\Downloads\Rodney Crowell - Tarpaper Sky (2014) FLAC16
2014-12-31 21:06 - 2014-12-31 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\XTC-Skylarking (remastered)(Darkside_RG)
2014-12-28 15:28 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Shakey Graves - And the War Came [2014] 320
2014-12-28 15:18 - 2015-01-11 15:23 - 00000000 ____D () C:\Users\Patton\Downloads\Janiva Magness - Original (2014) [FLAC]
2014-12-24 15:36 - 2014-12-24 15:36 - 00000000 ____D () C:\Users\Patton\Downloads\Solid Colors
2014-12-24 09:03 - 2014-12-24 09:05 - 00000000 ____D () C:\Users\Patton\Downloads\Escape of the Circus Ponies
2014-12-23 23:53 - 2015-01-02 17:15 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian & Holger Czukay - Flux + Mutability (1989)
2014-12-23 23:52 - 2015-01-02 17:25 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvian, David - Czukay, Holger - Plight & Premonition
2014-12-19 12:34 - 2015-01-11 17:17 - 00000000 ____D () C:\Users\Patton\Downloads\The Nels Cline Singers - Macroscope (2014) [FLAC]
2014-12-18 23:02 - 2014-12-18 23:02 - 00000000 ____D () C:\Users\Patton\Downloads\Frontier Ruckus  Sitcom Afterlife(320)(Indie){F2D}
2014-12-18 22:54 - 2014-12-18 22:54 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil
2014-12-18 22:22 - 2014-12-22 21:28 - 00000000 ____D () C:\Users\Patton\Downloads\Lynyrd Skynyrd - Original Discography LAME 3.99.5 - 320Kbps
2014-12-18 22:18 - 2014-12-18 22:29 - 00000000 ____D () C:\Users\Patton\Downloads\JJ Cale - Discography (1972-2009) [FLAC][WwW.LoKoTorrents.CoM]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:55 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 11:55 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 11:54 - 2009-07-13 23:13 - 00006266 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-16 11:48 - 2011-10-29 10:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 11:48 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 11:48 - 2009-07-13 22:51 - 00271014 _____ () C:\windows\setupact.log
2015-01-16 11:47 - 2011-09-17 04:08 - 01651921 _____ () C:\windows\WindowsUpdate.log
2015-01-16 11:46 - 2009-07-13 21:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-01-16 11:31 - 2011-10-29 10:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 11:21 - 2013-03-28 23:11 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 09:38 - 2010-11-20 21:47 - 00896948 _____ () C:\windows\PFRO.log
2015-01-16 08:46 - 2013-12-14 03:07 - 05098727 _____ () C:\windows\IE11_main.log
2015-01-15 15:22 - 2013-08-14 01:22 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 15:14 - 2013-03-28 23:11 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 15:14 - 2013-03-28 23:11 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 15:14 - 2011-10-30 14:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 10:04 - 2012-03-11 08:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 13:57 - 2014-03-13 21:03 - 11216896 _____ (Microsoft) C:\Users\Patton\Desktop\Anti-CryptorBitV2.exe
2015-01-14 11:48 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 11:46 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2015-01-14 11:25 - 2014-12-03 15:21 - 00000000 ____D () C:\Users\Patton\Documents\noahs work
2015-01-14 11:24 - 2011-10-28 18:31 - 00000000 ____D () C:\Users\Patton
2015-01-14 11:23 - 2014-09-13 08:00 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\uTorrent
2015-01-14 11:23 - 2012-06-29 11:39 - 00000000 ____D () C:\ProgramData\NexonUS
2015-01-14 11:23 - 2012-02-17 07:43 - 00000000 ____D () C:\windows\system32\Macromed
2015-01-14 11:23 - 2011-11-11 08:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-14 11:23 - 2011-09-17 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-14 11:23 - 2011-09-17 04:36 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2015-01-14 11:23 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2015-01-14 11:22 - 2013-03-29 10:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-14 11:22 - 2011-09-17 04:50 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-14 11:22 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\registration
2015-01-14 11:21 - 2011-02-18 02:27 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-14 11:17 - 2011-11-12 20:42 - 00000000 ____D () C:\Users\Patton\AppData\Local\CrashDumps
2015-01-12 00:03 - 2014-09-05 21:13 - 00000000 ____D () C:\Users\Patton\AppData\Local\Adobe
2015-01-11 23:49 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SchCache
2015-01-11 18:52 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\L2Schemas
2015-01-11 17:32 - 2014-10-31 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Matthew Cooper - 2011 - Some Days Are Better Than Others [FLAC] {TRR 191}
2015-01-11 17:22 - 2014-10-30 20:29 - 00000000 ____D () C:\Users\Patton\Downloads\Mark Lanegan Band - Phantom Radio (2014) FLAC Beolab1700
2015-01-11 17:19 - 2014-04-18 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-With_Light_And_With_Love-2014-pLAN9
2015-01-11 17:18 - 2014-10-10 21:44 - 00000000 ____D () C:\Users\Patton\Downloads\Wild Child - Pillow Talk
2015-01-11 17:17 - 2014-12-12 21:46 - 00000000 ____D () C:\Users\Patton\Downloads\Railroad Earth - The Last of the Outlaws (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-12 20:50 - 00000000 ____D () C:\Users\Patton\Downloads\Ry Cooder - Soundtracks [Box Set] (2014) FLAC Beolab1700
2015-01-11 17:17 - 2014-12-09 23:17 - 00000000 ____D () C:\Users\Patton\Downloads\Philip Glass - Music From The Thin Blue Line
2015-01-11 17:17 - 2014-10-17 21:49 - 00000000 ____D () C:\Users\Patton\Downloads\Thurston Moore - The Best Day (2014)
2015-01-11 17:17 - 2014-10-10 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Stinnett - A Fire Somewhere (2012 Reissue) [FLAC]
2015-01-11 17:17 - 2014-10-03 21:16 - 00000000 ____D () C:\Users\Patton\Downloads\Shinyribs - 2013 - Gulf Coast Museum
2015-01-11 17:17 - 2014-04-26 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Mumford And Sons (2008-2012)
2015-01-11 17:17 - 2014-04-19 23:04 - 00000000 ____D () C:\Users\Patton\Downloads\The White Buffalo - Shadows, Greys and Evil Ways (2013) MP3@320kbps Beolab1700
2015-01-11 17:17 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Gabriel - Up (2010) (flac)
2015-01-11 17:17 - 2014-02-27 18:17 - 00000000 ____D () C:\Users\Patton\Downloads\Jim White
2015-01-11 17:17 - 2012-12-28 10:27 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Departure Songs (2012)
2015-01-11 17:16 - 2014-12-12 21:43 - 00000000 ____D () C:\Users\Patton\Downloads\First Aid Kit - Stay Gold (2014) FLAC Beolab1700
2015-01-11 17:16 - 2013-02-26 21:47 - 00000000 ____D () C:\Users\Patton\Downloads\Explosions In The Sky
2015-01-11 15:35 - 2013-07-02 18:52 - 00000000 ____D () C:\Users\Patton\Desktop\1 FAT16
2015-01-11 15:35 - 2012-09-03 13:52 - 00000000 ____D () C:\Users\Patton\Documents\house_vegreville
2015-01-11 15:26 - 2014-12-12 21:55 - 00000000 ____D () C:\Users\Patton\Downloads\Devon Allman - Ragged & Dirty (2014) MP3VBR Beolab1700
2015-01-11 15:26 - 2014-11-29 00:29 - 00000000 ____D () C:\Users\Patton\Downloads\T Rex - The Albums Collection (2014) 10CD Box Set MP3@320kbps Beolab1700
2015-01-11 15:25 - 2014-10-20 18:57 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Burr - 2010 - O Ye Devastator (FLAC)
2015-01-11 15:25 - 2014-10-19 19:16 - 00000000 ____D () C:\Users\Patton\Downloads\Sallie Ford & The Sound Outside - Untamed Beast
2015-01-11 15:25 - 2014-05-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\shooter jennings - family man (2012) usa, country
2015-01-11 15:25 - 2014-02-23 08:37 - 00000000 ____D () C:\Users\Patton\Downloads\Terje Rypdal
2015-01-11 15:24 - 2014-08-16 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Robin Trower - Original Album Series 5CD (2014) MP3@320kbps Beolab1700
2015-01-11 15:23 - 2014-11-27 21:38 - 00000000 ____D () C:\Users\Patton\Downloads\The Coral - The Curse Of Love   2014
2015-01-11 15:23 - 2014-10-24 23:19 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of Desert Blues (2010) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-24 22:37 - 00000000 ____D () C:\Users\Patton\Downloads\The Strumbellas - We Still Move On Dance Floors (2013) [mp3@320]
2015-01-11 15:23 - 2014-10-24 22:28 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To The Music Of The Sahara (2005) [EAC-FLAC]
2015-01-11 15:23 - 2014-10-10 22:03 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - 2011 - Gold in the Shadow
2015-01-11 15:23 - 2014-10-03 21:18 - 00000000 ____D () C:\Users\Patton\Downloads\Sandy Bull - Fantasias For Guitar and Banjo (1963) [VINYL] {16 44.1}
2015-01-11 15:23 - 2014-09-05 22:33 - 00000000 ____D () C:\Users\Patton\Downloads\Jack Bruce - Silver Rails 2014 320kbps CBR MP3 [VX]
2015-01-11 15:23 - 2014-06-14 08:22 - 00000000 ____D () C:\Users\Patton\Downloads\Chatham County Line - Tightrope (2014) [FLAC]
2015-01-11 15:23 - 2014-05-18 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Post  Rock  -  Tortoise  Discography
2015-01-11 15:23 - 2014-05-12 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Fennesz - Bécs (2014) 320
2015-01-11 15:23 - 2014-03-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Hammill & Gary Lucas - Other World (2014) NLToppers
2015-01-11 15:23 - 2014-03-26 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\BEN HARPER Discography 320kps
2015-01-11 15:23 - 2014-02-09 20:20 - 00000000 ____D () C:\Users\Patton\Downloads\Tinariwen - Emmaar [2014] 320
2015-01-11 15:23 - 2013-11-11 13:24 - 00000000 ____D () C:\Users\Patton\Downloads\Bob Dylan
2015-01-11 15:22 - 2014-10-24 23:36 - 00000000 ____D () C:\Users\Patton\Downloads\VA - The Rough Guide To African Guitar Legends (2011) [EAC-FLAC]
2015-01-11 15:22 - 2014-04-07 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - If [mp3-320-2011]
2015-01-11 15:22 - 2012-04-24 19:43 - 00000000 ____D () C:\Users\Patton\Downloads\PETER GABRIEL - Passion - Music For The Last Temptation Of Christ 1989
2015-01-11 15:22 - 2012-01-26 22:31 - 00000000 ____D () C:\Users\Patton\Downloads\Phil Manzanera-Diamond Head-Vinylrip-Abrasax
2015-01-11 15:21 - 2014-11-27 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\French For Rabbits - Spirits    2014
2015-01-11 15:21 - 2014-10-10 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\William Fitzsimmons - Until When We Are Ghosts(2005)
2015-01-11 15:21 - 2014-09-29 20:38 - 00000000 ____D () C:\Users\Patton\Downloads\Sam Amidon - Lily-O (2014)
2015-01-11 15:21 - 2014-09-03 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Pere Ubu - Carnival of Souls [2014] 256
2015-01-11 15:21 - 2014-09-02 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\Peter Rowan - Dharma Blues   2014
2015-01-11 15:21 - 2014-08-09 21:41 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Oblivion Hymns 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:21 - 2014-06-14 08:57 - 00000000 ____D () C:\Users\Patton\Downloads\Glenn Jones...The Wanting(2011)[FLAC]
2015-01-11 15:21 - 2014-06-07 22:34 - 00000000 ____D () C:\Users\Patton\Downloads\[Folk Rock] Wovenhand - Refractory Obdurate 2014 @320 (By Jamal The Moroccan)
2015-01-11 15:21 - 2014-05-18 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Bump (2000) [EAC-FLAC]
2015-01-11 15:21 - 2014-05-17 23:05 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Isbell And The 400 Unit - Here We Rest (2011) mp3 320 vtwin88cube
2015-01-11 15:21 - 2013-01-30 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\Anywhere
2015-01-11 15:21 - 2012-10-27 08:32 - 00000000 ____D () C:\Users\Patton\Downloads\Kenny Brown Meet Ya In The Bottom
2015-01-11 15:21 - 2012-03-31 23:31 - 00000000 ____D () C:\Users\Patton\Downloads\Otis Taylor - Recapturing the Banjo
2015-01-11 15:20 - 2014-10-12 21:57 - 00000000 ____D () C:\Users\Patton\Downloads\Susan Christie...Paint A Lady(1969)(cd 2006)[FLAC]
2015-01-11 15:20 - 2013-08-11 08:05 - 00000000 ____D () C:\Users\Patton\Downloads\Moreland & Arbuckle - 7 Cities
2015-01-11 15:19 - 2014-10-24 18:10 - 00000000 ____D () C:\Users\Patton\Downloads\Prayer for the Forest
2015-01-11 15:19 - 2014-10-18 00:41 - 00000000 ____D () C:\Users\Patton\Downloads\Reverend Moon - Coyote Gospels (2014)
2015-01-11 15:19 - 2014-10-12 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Julia Stone...The Memory Machine(2011)[FLAC]
2015-01-11 15:19 - 2014-10-10 20:49 - 00000000 ____D () C:\Users\Patton\Downloads\Adam Green & Binki Shapiro [2013]
2015-01-11 15:19 - 2014-09-06 00:16 - 00000000 ____D () C:\Users\Patton\Downloads\(Desert Blues) Boubacar Traoré - Mali Denhou
2015-01-11 15:19 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Dream River 2013 Indie 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:19 - 2013-12-27 18:14 - 00000000 ____D () C:\Users\Patton\Downloads\Iron And Wine - Ghost On Ghost 2013
2015-01-11 15:19 - 2013-06-26 20:41 - 00000000 ____D () C:\Users\Patton\Downloads\Heartless Bastards-The Mountain-2009
2015-01-11 15:19 - 2012-05-07 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\Left Lane Cruiser - Junkyard Speed Ball
2015-01-11 15:19 - 2012-04-14 08:16 - 00000000 ____D () C:\Users\Patton\Downloads\Great Lake Swimmers - New Wild Everywhere (2012) [MP3 320]
2015-01-11 15:18 - 2014-09-05 22:57 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Peace 2013 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:18 - 2014-09-05 22:02 - 00000000 ____D () C:\Users\Patton\Downloads\[Alt. Rock] Steve Wynn - Sketches In Spain 2014 (Jamal the Moroccan)
2015-01-11 15:18 - 2014-03-09 00:27 - 00000000 ____D () C:\Users\Patton\Downloads\Golden Earring - Moontan (1973) [2001 Reissue] [mp3@320]
2015-01-11 15:18 - 2013-07-05 21:14 - 00000000 ____D () C:\Users\Patton\Downloads\John Scofield - Uberjam Deux 2013 Jazz 320kbps CBR MP3 [VX]
2015-01-11 15:18 - 2013-07-03 15:59 - 00000000 ____D () C:\Users\Patton\Downloads\Alex Chilton-Like Flies On Sherbert [1979
2015-01-11 15:18 - 2012-11-05 14:10 - 00000000 ____D () C:\Users\Patton\Downloads\Woods-Bend.Beyond.2012.VBR-FNT
2015-01-11 15:18 - 2012-01-22 22:24 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Bonneville - Bad Man’s Blood 2011
2015-01-11 15:17 - 2014-12-09 23:33 - 00000000 ____D () C:\Users\Patton\Downloads\Alice Gerrard - Follow The Music   2014
2015-01-11 15:17 - 2014-10-17 22:01 - 00000000 ____D () C:\Users\Patton\Downloads\The Barr Brothers - Sleeping Operator   2014
2015-01-11 15:17 - 2014-09-12 17:03 - 00000000 ____D () C:\Users\Patton\Downloads\Hiss Golden Messenger - Lateness Of Dancers   2014
2015-01-11 15:17 - 2014-09-03 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\Robert Plant - Lullaby... and the Ceaseless Roar   2014
2015-01-11 15:17 - 2012-05-14 21:11 - 00000000 ____D () C:\Users\Patton\Downloads\Julian Lynch - Mare (Olde English Spelling Bee 2010)
2015-01-11 15:16 - 2014-12-07 18:06 - 00000000 ____D () C:\Users\Patton\Downloads\David Sylvian - Weatherbox
2015-01-11 15:16 - 2014-10-17 21:08 - 00000000 ____D () C:\Users\Patton\Downloads\Pieta Brown - Paradise Outlaw   2014
2015-01-11 15:16 - 2014-10-04 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Richard Buckner - 1998 - Since [FLAC]
2015-01-11 15:16 - 2014-09-29 20:53 - 00000000 ____D () C:\Users\Patton\Downloads\Bonnie 'Prince' Billy - Singers Grave A Sea Of Tongues (2014)
2015-01-11 15:16 - 2014-04-30 22:10 - 00000000 ____D () C:\Users\Patton\Downloads\Ray LaMontagne - Supernova (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-04-19 23:51 - 00000000 ____D () C:\Users\Patton\Downloads\The Secret Sisters - Put Your Needle Down (2014) MP3@320kbps Beolab1700
2015-01-11 15:16 - 2014-03-28 19:27 - 00000000 ____D () C:\Users\Patton\Downloads\Roy Harper  Man & Myth 2013
2015-01-11 15:16 - 2013-10-13 19:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Blood of the Ram (2004)
2015-01-11 15:16 - 2013-08-10 20:31 - 00000000 ____D () C:\Users\Patton\Downloads\Daughn Gibson - Me Moan 2013 Alternative 320kbps CBR MP3 [VX] [P2PDL]
2015-01-11 15:16 - 2012-05-22 22:30 - 00000000 ____D () C:\Users\Patton\Downloads\James McMurtry - Childish Things (2005)
2015-01-11 15:16 - 2012-04-30 17:52 - 00000000 ____D () C:\Users\Patton\Downloads\Widowspeak - Widowspeak
2015-01-11 15:15 - 2014-10-31 22:53 - 00000000 ____D () C:\Users\Patton\Downloads\Jim James-2012-Regions Of Light And Sound Of God
2015-01-11 15:15 - 2014-10-17 20:51 - 00000000 ____D () C:\Users\Patton\Downloads\Maggie Björklund - Shaken (2014)
2015-01-11 15:15 - 2014-08-16 21:31 - 00000000 ____D () C:\Users\Patton\Downloads\Passenger - Whispers (Deluxe Edition) 2014 320kbps CBR MP3 [VX]
2015-01-11 15:15 - 2014-03-17 21:54 - 00000000 ____D () C:\Users\Patton\Downloads\Doug Paisley - Strong Feelings (2014) 320K
2015-01-11 15:15 - 2014-02-23 20:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hungry Ghosts - 2000 - Alone, Alone
2015-01-11 15:15 - 2012-11-15 23:20 - 00000000 ____D () C:\Users\Patton\Downloads\Today's Active Lifestyles
2015-01-11 15:15 - 2012-07-16 07:38 - 00000000 ____D () C:\Users\Patton\Downloads\Jason Webley - Only Just Beginning
2015-01-11 15:15 - 2012-05-15 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Raising Your Voice... Trying to Stop an Echo
2015-01-11 15:15 - 2012-02-29 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Jerry Douglas - Lookout for Hope (2002)
2015-01-11 15:14 - 2014-10-31 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\All Hell
2015-01-11 15:13 - 2014-07-26 14:38 - 00000000 ____D () C:\Users\Patton\Downloads\[Neo Soul] Cold Specks - Neuroplasticity 2014 (Jamal The Moroccan)
2015-01-11 15:13 - 2014-05-17 22:04 - 00000000 ____D () C:\Users\Patton\Downloads\Tedeschi Trucks Band - 2013 Made Up Mind
2015-01-11 15:13 - 2014-05-09 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\John Martyn
2015-01-11 15:13 - 2013-12-28 18:54 - 00000000 ____D () C:\Users\Patton\Downloads\The Civil Wars
2015-01-11 15:13 - 2013-01-30 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Forbert - Over with You (2012)
2015-01-11 15:13 - 2012-06-13 22:55 - 00000000 ____D () C:\Users\Patton\Downloads\Mount Eerie - Clear Moon (2012)
2015-01-11 15:13 - 2012-05-15 23:14 - 00000000 ____D () C:\Users\Patton\Downloads\Hammock - Kenotic
2015-01-11 15:12 - 2014-10-12 23:12 - 00000000 ____D () C:\Users\Patton\Downloads\Corinne West & Kelly Joe Phelps ...Magnetic Skyline(2010)[FLAC]
2015-01-11 15:12 - 2014-10-12 20:47 - 00000000 ____D () C:\Users\Patton\Downloads\Shearwater...Rook(2008)[FLAC]
2015-01-11 15:12 - 2014-09-12 16:23 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat...Oh, My Darling(2007)[FLAC]
2015-01-11 15:12 - 2014-09-05 23:57 - 00000000 ____D () C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down
2015-01-11 15:12 - 2014-05-17 21:58 - 00000000 ____D () C:\Users\Patton\Downloads\Shooter Jennings - Put the O Back in Country (2005)
2015-01-11 15:12 - 2014-04-01 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\Timber Timbre - Hot Dreams (2014) MP3@320kbps Beolab1700
2015-01-11 15:12 - 2014-02-14 00:23 - 00000000 ____D () C:\Users\Patton\Downloads\Eels_Beautiful Freak
2015-01-11 15:12 - 2013-12-28 19:51 - 00000000 ____D () C:\Users\Patton\Downloads\Tony Joe White
2015-01-11 15:12 - 2013-09-30 20:36 - 00000000 ____D () C:\Users\Patton\Downloads\Mazzy Star - Seasons of Your Day (2013) [MP3 320]
2015-01-11 15:12 - 2013-08-05 20:57 - 00000000 ____D () C:\Users\Patton\Downloads\The Wooden Sky...Every Child a Daughter, Every Moon a Sun(2012)[FLAC]
2015-01-11 15:12 - 2013-08-05 19:52 - 00000000 ____D () C:\Users\Patton\Downloads\Empty Glass [Bonus Tracks]
2015-01-11 15:12 - 2013-08-05 19:47 - 00000000 ____D () C:\Users\Patton\Downloads\Over the Rhine_Drunkard's Prayer
2015-01-11 15:12 - 2012-10-27 08:26 - 00000000 ____D () C:\Users\Patton\Downloads\Juke Boy Bonner - Nowhere To Run
2015-01-11 15:12 - 2012-08-18 09:18 - 00000000 ____D () C:\Users\Patton\Downloads\Trampled By Turtles - 2012 - Stars and Satellites
2015-01-11 15:12 - 2012-04-17 17:11 - 00000000 ____D () C:\Users\Patton\Downloads\Ray Wylie Hubbard-9 Discs(MP3@320){19glide58}[H33T]
2015-01-11 15:12 - 2012-03-20 17:27 - 00000000 ____D () C:\Users\Patton\Downloads\Willard Grant Conspiracy - Regard The End
2015-01-11 15:12 - 2012-03-11 22:17 - 00000000 ____D () C:\Users\Patton\Downloads\Fleetwood Mac Discography by Sketch
2015-01-11 15:12 - 2012-03-02 21:42 - 00000000 ____D () C:\Users\Patton\Downloads\Loscil_Endless Falls
2015-01-11 15:12 - 2012-03-02 20:16 - 00000000 ____D () C:\Users\Patton\Downloads\Tab Benoit - Medicine (2011)
2015-01-11 15:12 - 2012-02-27 08:49 - 00000000 ____D () C:\Users\Patton\Downloads\Fred Frith
2015-01-11 15:12 - 2012-02-23 17:21 - 00000000 ____D () C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]
2015-01-11 15:12 - 2012-01-23 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Wilco_The Whole Love
2015-01-11 15:11 - 2014-11-15 01:02 - 00000000 ____D () C:\Users\Patton\Downloads\Willie Nelson - Teatro (1998)
2015-01-11 15:11 - 2014-10-14 13:07 - 00000000 ____D () C:\Users\Patton\Downloads\Hookfoot...Hookfoot(1971) cd(2004)[FLAC]
2015-01-11 15:11 - 2014-02-17 20:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Dead Texan
2015-01-11 15:11 - 2012-05-15 18:35 - 00000000 ____D () C:\Users\Patton\Downloads\Willy DeVille Discography
2015-01-11 15:11 - 2012-02-09 18:26 - 00000000 ____D () C:\Users\Patton\Downloads\Wovenhand-Black Of The Ink-2011
2015-01-11 15:11 - 2012-01-20 22:43 - 00000000 ____D () C:\Users\Patton\Downloads\woven hand - blush music (2003)
2015-01-11 15:10 - 2014-11-26 23:18 - 00000000 ____D () C:\Users\Patton\Downloads\Captain Beefheart - Sun Zoom Spark 1970 - 72 [Box Set] (2014) FLAC Beolab1700
2015-01-11 15:10 - 2014-10-12 16:28 - 00000000 ____D () C:\Users\Patton\Downloads\Jenny Owen Youngs...Transmitter Failure(2009)[FLAC]
2015-01-11 15:10 - 2014-10-04 14:16 - 00000000 ____D () C:\Users\Patton\Downloads\James Yorkston – The Cellardyke Recording and Wassailing Society (2014) ~{Batman}
2015-01-11 15:10 - 2014-10-03 21:45 - 00000000 ____D () C:\Users\Patton\Downloads\Tiny Ruins - Brightly Painted One (2014) [FLAC]
2015-01-11 15:10 - 2014-09-20 01:09 - 00000000 ____D () C:\Users\Patton\Downloads\Turkish Instrumental Music Collection - KONTINYU
2015-01-11 15:10 - 2014-09-19 23:43 - 00000000 ____D () C:\Users\Patton\Downloads\Complete Solo Piano Recordings 1972 - 1996
2015-01-11 15:10 - 2014-06-14 10:08 - 00000000 ____D () C:\Users\Patton\Downloads\Rachael Yamagata...Elephants Teeth Sinking Into Heart(2008)[FLAC]
2015-01-11 15:10 - 2014-05-23 20:00 - 00000000 ____D () C:\Users\Patton\Downloads\The Gourds - Stadium Blitzer
2015-01-11 15:10 - 2014-05-09 23:38 - 00000000 ____D () C:\Users\Patton\Downloads\Elmore James - The Sky is Crying, The History of Elmore James (1993) [FLAC]
2015-01-11 15:10 - 2014-04-26 10:10 - 00000000 ____D () C:\Users\Patton\Downloads\Cockburn 1980-1994
2015-01-11 15:10 - 2014-04-13 08:30 - 00000000 ____D () C:\Users\Patton\Downloads\Woven Hand...The Threshingfloor(2010)[FLAC]
2015-01-11 15:10 - 2014-04-07 23:32 - 00000000 ____D () C:\Users\Patton\Downloads\Sylvain Chauveau
2015-01-11 15:10 - 2013-05-21 06:42 - 00000000 ____D () C:\Users\Patton\Downloads\Marc Ribot
2015-01-11 15:10 - 2013-05-21 06:40 - 00000000 ____D () C:\Users\Patton\Downloads\Danny Schmidt Full Album Discography 1999 - 2011 (FLAC)
2015-01-11 15:10 - 2012-07-04 21:20 - 00000000 ____D () C:\Users\Patton\Downloads\The Walkabouts
2015-01-11 15:10 - 2012-05-16 22:08 - 00000000 ____D () C:\Users\Patton\Downloads\The Wonderful And Fantastical Music Of New-Zea-Land
2015-01-11 15:01 - 2011-09-17 04:51 - 00000000 ____D () C:\ProgramData\Norton
2015-01-08 01:16 - 2011-10-28 18:31 - 00118800 _____ () C:\Users\Patton\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-08 00:40 - 2014-12-10 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-08 00:10 - 2014-10-25 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-07 23:55 - 2014-04-07 22:52 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Ryder-Jones - A Bad Wind Blows In My Heart [mp3-vbr-2013]
2015-01-07 23:51 - 2014-02-23 21:07 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)
2015-01-07 23:50 - 2014-03-17 21:19 - 00000000 ____D () C:\Users\Patton\Downloads\Bill Callahan - Apocalypse [mp3-320-2011]
2015-01-07 23:50 - 2014-02-05 22:45 - 00000000 ____D () C:\Users\Patton\Downloads\Big Head Todd and The Monsters - Black Beehive [2014] [Mp3-320]-V3nom [GLT]
2015-01-07 23:50 - 2012-08-31 16:32 - 00000000 ____D () C:\Users\Patton\Downloads\Benoit Pioulard - Lasted (2010)
2015-01-07 23:49 - 2014-10-12 21:04 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Francis Leftwich...Last Smoke Before the Snowstorm(2011)[FLAC]
2015-01-07 23:49 - 2014-09-03 22:42 - 00000000 ____D () C:\Users\Patton\Downloads\Benjamin Booker - Benjamin Booker (2014) MP3@320kbps Beolab1700
2015-01-07 23:49 - 2014-06-21 22:13 - 00000000 ____D () C:\Users\Patton\Downloads\Ben Nichols - Last Pale Light
2015-01-07 23:45 - 2014-10-10 22:58 - 00000000 ____D () C:\Users\Patton\Downloads\Beaubrummels - Bradley's Barn (1968) [FLAC]
2015-01-07 23:45 - 2012-10-03 19:50 - 00000000 ____D () C:\Users\Patton\Downloads\Beachwood Sparks - Tarnished Gold (2012)
2015-01-07 23:44 - 2014-09-12 16:19 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Heart Of My Own (2010)
2015-01-07 23:44 - 2014-09-06 12:06 - 00000000 ____D () C:\Users\Patton\Downloads\Basia Bulat - Tall Tall Shadow (2013) [FLAC]
2015-01-07 23:44 - 2013-05-06 18:05 - 00000000 ____D () C:\Users\Patton\Downloads\Bassekou Kouyate & Ngoni ba - Jama ko (2013)
2015-01-07 23:42 - 2014-10-13 20:33 - 00000000 ____D () C:\Users\Patton\Downloads\Ariana Gillis - Forget Me Not [2011] FLAC
2015-01-07 23:42 - 2014-09-05 21:26 - 00000000 ____D () C:\Users\Patton\Downloads\Arve Henriksen - Strjon (2007) (192 vbr)
2015-01-07 23:42 - 2014-08-09 21:21 - 00000000 ____D () C:\Users\Patton\Downloads\Angus & Julia Stone - Angus & Julia Stone (2014)
2015-01-07 23:42 - 2014-06-12 21:15 - 00000000 ____D () C:\Users\Patton\Downloads\Andrew Bird - Things Are Really Great Here, Sort of... (2014) [FLAC]
2015-01-07 23:42 - 2014-05-20 23:55 - 00000000 ____D () C:\Users\Patton\Downloads\Angel Olsen-Half Way Home (2012) V0
2015-01-07 23:39 - 2014-02-06 22:09 - 00000000 ____D () C:\Users\Patton\Downloads\Anders Osborne - Black Eye Galaxy 2012 Flac
2015-01-07 23:37 - 2014-01-14 07:06 - 00000000 ____D () C:\Users\Patton\Downloads\Agnes Obel - 2013 - Aventine [FLAC]
2015-01-07 23:37 - 2012-12-27 21:09 - 00000000 ____D () C:\Users\Patton\Downloads\Alabama Shakes - Boys & Girls (2012) FLAC Beolab1700
2015-01-07 23:36 - 2014-10-08 21:00 - 00000000 ____D () C:\Users\Patton\Downloads\A Winged Victory for the Sullen - A Winged Victory for the Sullen ERATP032CD 2011 flac
2015-01-07 23:36 - 2012-05-07 23:06 - 00000000 ____D () C:\Users\Patton\Downloads\A.A. Bondy - Believers(2011)MP3 Nlt-release
2015-01-07 23:31 - 2014-04-18 13:48 - 00000000 ____D () C:\Users\Patton\Downloads\1992 - Peter Gabriel - US (2002, 24-96)
2015-01-07 23:31 - 2013-07-14 21:27 - 00000000 ____D () C:\Users\Patton\Downloads\1977 - Pete Townshend & Ronnie Lane - Rough Mix (24-96)
2015-01-07 23:30 - 2012-01-20 19:19 - 00000000 ____D () C:\Users\Patton\Downloads\16 horsepower - low estate (1998)
2015-01-07 23:28 - 2014-09-06 00:36 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) T-Model Ford - The Ladies Man (2010)
2015-01-07 23:27 - 2014-05-18 10:16 - 00000000 ____D () C:\Users\Patton\Downloads\(2003) Songs Ohia - Magnolia Electric Co. [Reissue 2013] [FLAC]
2015-01-07 23:27 - 2014-04-12 21:32 - 00000000 ____D () C:\Users\Patton\Downloads\(1994) Metatron [256]
2015-01-07 23:27 - 2012-03-09 00:14 - 00000000 ____D () C:\Users\Patton\Downloads\(Blues) CeDell Davis & Herman Alexander - Highway 61
2015-01-07 23:26 - 2010-06-01 16:44 - 00061472 _____ () C:\Users\Patton\Downloads\WestBromCelePA_468x404.JPG.bsnhdzf
2015-01-07 23:26 - 2010-06-01 16:44 - 00014688 _____ () C:\Users\Patton\Downloads\new resume.DOCX.bsnhdzf
2015-01-07 23:26 - 2009-03-10 11:28 - 117393232 _____ () C:\Users\Patton\Downloads\Lloyd Banks - V6  The Gift - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2010-06-01 16:44 - 00032544 ___SH () C:\Users\Patton\Downloads\Folder.JPG.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 95069568 _____ () C:\Users\Patton\Downloads\Lloyd Banks - Cold Corner 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 94647232 _____ () C:\Users\Patton\Downloads\King Los - Zero Gravity II - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 141742320 _____ () C:\Users\Patton\Downloads\Joey Bada$$ - Summer Knights  - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 132888240 _____ () C:\Users\Patton\Downloads\Lil Durk - Signed To The Streets 2 - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 128775504 _____ () C:\Users\Patton\Downloads\ChapterOne.ZIP.bsnhdzf
2015-01-07 23:25 - 2009-03-10 11:28 - 104454928 _____ () C:\Users\Patton\Downloads\Juicy J - Rubba Band Business (Hosted By Trap-A-Holics) Feat. Lex Luger - HotNewHipHop.ZIP.bsnhdzf
2015-01-07 23:24 - 2012-08-17 22:11 - 00021504 ___SH () C:\Users\Patton\Documents\Thumbs.db
2015-01-07 23:24 - 2010-06-01 16:44 - 00020608 _____ () C:\Users\Patton\Documents\hannah housing mru_2014.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00017680 _____ () C:\Users\Patton\Documents\under the influence- hannah.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00016528 _____ () C:\Users\Patton\Documents\17.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00015056 _____ () C:\Users\Patton\Documents\Dear noah patton.DOCX.bsnhdzf
2015-01-07 23:24 - 2010-06-01 16:44 - 00013088 _____ () C:\Users\Patton\Documents\soccer reality.DOCX.bsnhdzf
2015-01-07 23:20 - 2012-01-21 12:07 - 00000000 ____D () C:\Users\Patton\AppData\Roaming\Winamp
2015-01-07 23:11 - 2011-12-16 14:45 - 00000000 ____D () C:\Users\Patton\AppData\Local\Windows Live
2015-01-07 23:08 - 2012-02-21 22:21 - 00000000 ____D () C:\Users\Patton\AppData\Local\Microsoft Help
2015-01-07 22:41 - 2014-05-15 17:38 - 00000000 ____D () C:\temp
2015-01-07 22:41 - 2011-09-17 04:43 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-03 23:10 - 2013-11-01 18:33 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-03 23:10 - 2011-12-25 17:50 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-03 23:07 - 2011-12-25 17:50 - 00000000 ____D () C:\ProgramData\Apple
2015-01-03 11:05 - 2013-03-29 10:42 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-02 16:34 - 2014-10-11 08:55 - 00000000 ____D () C:\Users\Patton\Downloads\Dinosaur Feathers...Whistle Tips(2012)[FLAC]
2015-01-02 14:35 - 2014-11-27 21:23 - 00000000 ____D () C:\Users\Patton\Downloads\Elliott Brood - Work And Love [Deluxe Edition] (2014)
2015-01-01 00:03 - 2014-10-31 22:47 - 00000000 ____D () C:\Users\Patton\Downloads\Grouper - The Man Who Died in His Boa (2013) [FLAC]
2014-12-31 23:45 - 2014-10-30 20:42 - 00000000 ____D () C:\Users\Patton\Downloads\Steve Gunn - Way Out Weather   2014
2014-12-31 19:59 - 2014-03-21 20:26 - 00000000 ____D () C:\Users\Patton\Downloads\Harold Budd
2014-12-31 19:50 - 2014-11-27 21:39 - 00000000 ____D () C:\Users\Patton\Downloads\The Budos Band – Burnt Offering [2014] 320
2014-12-31 18:33 - 2014-11-15 02:14 - 00000000 ____D () C:\Users\Patton\Downloads\The Ventures-14 albums
2014-12-31 08:16 - 2009-07-13 23:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-28 09:39 - 2014-02-14 00:33 - 00000000 ____D () C:\Users\Patton\Downloads\Stars Of The Lid
2014-12-23 23:27 - 2014-09-19 23:49 - 00000000 ____D () C:\Users\Patton\Downloads\bcer

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 10:36

==================== End Of Log ============================



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 16 January 2015 - 04:52 PM

OK I'm waiting for the ESET Log. ;)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 20 January 2015 - 09:50 AM

hey. the scan never finished. i let it run about 15 hours got stuck at 99% on a file "system.workflow.runtime.dll"



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 20 January 2015 - 11:35 AM

Did it find something?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 20 January 2015 - 11:38 AM

yeah, about 509 so far. but if I cancel it, I don't see an option to clean what it has found.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:55 PM

Posted 20 January 2015 - 11:42 AM

Please rerun it one time again. Make sure that other processes are closed, I need to see what ESET found. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 fixem

fixem
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 20 January 2015 - 11:43 AM

Win32/Filecoder.EA.Gen trojan found multiple times

 

here is a copy of the log.

 

C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplate\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplate-2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\PlayReady\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\PlayReady\Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-1944314226-4241285889-3694376531-1000\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\RAC\PublishedData\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_mbam.exe_f395ccb057a9c6339c5127374e352d6576bda1_109426b2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_08839932\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_0b2acbb7\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_16b20020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SmartMusic.exe_4befbf5079d2458a668520546ad1f9a05b8a1de6_1620ca22\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_SmartMusic.exe_bda363934180c97e41d0652e7a935cb8efbda75c_07427020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\pei\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Spybot - Search & Destroy\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Spybot - Search & Destroy\Backups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Spybot - Search & Destroy\Logs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\Spybot - Search & Destroy\Recovery\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\TOSHIBA\SmartFaceV\FaceLib\LIB\Cmsm\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\WildTangent\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\ProgramData\WildTangent\GameData\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caekaajoofggdiaodaelijnikjllpjbb\2.0\cAnDE.js.vir    JS/Kryptik.ATB trojan    
C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caekaajoofggdiaodaelijnikjllpjbb\2.0\cAnDE.js.vir    JS/Kryptik.ATB trojan    
C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caekaajoofggdiaodaelijnikjllpjbb\2.0\cAnDE.js.vir    JS/Kryptik.ATB trojan    
C:\Qoobox\Quarantine\C\Users\Patton\AppData\Roaming\Microsoft\Windows\Recent\how_decrypt.html.vir    Win32/Filecoder.EA.Gen trojan    
C:\temp\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\eHome\Packages\SportsV2\SportsTemplate\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\eHome\Packages\SportsV2\SportsTemplate-2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\PlayReady\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\PlayReady\Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\PlayReady\Cache\S-1-5-21-1944314226-4241285889-3694376531-1000\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\RAC\PublishedData\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_mbam.exe_f395ccb057a9c6339c5127374e352d6576bda1_109426b2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_08839932\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_0b2acbb7\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ProtectedSearch._6faf17716d1ad663d61f3824ffa70722f4594b6_16b20020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_SmartMusic.exe_4befbf5079d2458a668520546ad1f9a05b8a1de6_1620ca22\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_SmartMusic.exe_bda363934180c97e41d0652e7a935cb8efbda75c_07427020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\pei\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Local Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Spybot - Search & Destroy\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Spybot - Search & Destroy\Backups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Spybot - Search & Destroy\Logs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\TOSHIBA\SmartFaceV\FaceLib\LIB\Cmsm\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\WildTangent\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\All Users\WildTangent\GameData\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Adobe\Acrobat\11.0\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Apple Computer\iTunes\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\CrashDumps\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Ecgtion\CNBJOP7u.DLL    a variant of Win32/Boaxxe.CO.gen trojan    
C:\Users\Patton\AppData\Local\Ecgtion\gwrjiwqjnujxt.dll    a variant of Win32/Boaxxe.CO.gen trojan    
C:\Users\Patton\AppData\Local\Ecgtion\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\6.0.3\background.js    Win32/Boaxxe.BU trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Local Storage\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\U993H353\tag.atvnetworks.tv\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Session Storage\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Chrome\User Data\Default\Sync Data\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Google Talk Plugin\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Google Talk Plugin\data\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Toolbar History\thumbnails\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Update \1.3.24.15\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Google\Update \Download\{D0AB2EBC-931B-4013-9FEB-C9C4C2225C8C}\5.4.2.18903\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\MakeMusic\SmartMusic\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\MakeMusic\SmartMusic\Cache\networkCache\http\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\MakeMusic\SmartMusic\Cache\networkCache\https\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Device Metadata\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\eHome\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\eHome\Art Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\FORMS\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Internet Explorer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Media Player\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\Caches\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\Explorer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AppleMobileBacku_d5926c0bceb9c83eb5be3f8f4ce4630928e8219_04a8dbdf\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_AppleMobileBacku_ee5894bad2bbffe23eadbce045fdb9731550b3_1693aad1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_chrome.exe_8c948c5f3649ad75fe25d245174dc74b5dce448a_02422fb7\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ehshell.exe_a926d773ff142b7a8bf6b6f58841ca8d14ebef_01c4e021\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ehshell.exe_a926d773ff142b7a8bf6b6f58841ca8d14ebef_1320867e\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ehshell.exe_a926d773ff142b7a8bf6b6f58841ca8d14ebef_13cfd9ac\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ehshell.exe_a926d773ff142b7a8bf6b6f58841ca8d14ebef_16ab5782\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Explorer.EXE_67cad24b8223c2cf13ef613916f51c231f492_0d58fe0d\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_Explorer.EXE_67cad24b8223c2cf13ef613916f51c231f492_12de1583\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_593f69699abebf565b874d7f94e73cca0477f2c_1ddaef52\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_601a3362c9b686b244a1344a184bb9182735797e_10f50436\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_688179a6e96a52a2cf6f9853629ca67b99978f5_1de7a0e1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_a55b1497f5d434663bf97e4ee6f393312a1fda_06ac8a16\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_a55b1497f5d434663bf97e4ee6f393312a1fda_09e4d61b\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_a55b1497f5d434663bf97e4ee6f393312a1fda_1230711b\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_firefox.exe_c9122312142097537c2199b77dd24d97f3b13fa_19d8df09\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_03f1acf1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_04a259f1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_0833b837\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_0f1425b8\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_104acadc\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_10c11737\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_10d271f4\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_114e1dcc\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_116b780c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_1183e6d5\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_11b15afa\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_11b1a8ad\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_11c5d3e1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_11f622dc\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12046306\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_122b3e47\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_122e052e\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12369185\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_125e6557\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_1261646c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12894a48\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_1291a5cf\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12b98140\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12e4ee06\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_12f20685\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_133cc0f2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_13410730\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_1350cf7e\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_1371695c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_139237e1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_NDSTray.exe_bfa1a0df7720e1c190f0622369a3a75bbe49f2_13af5955\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_plugin-container_1a9751ccedd216851859d502026377cb447b_11bfd1c0\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_plugin-container_3ebae2848dc2032ca7a44286281e5ca6e2f8f30_0ab5d0d5\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_uTorrent.exe_f7ab57ca03c57dee7d394b8e322d7e8572888_10e8d6bf\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_explorer.exe_bd747e594c549804e452d6bb6d51f2ac9448546_07560905\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_firefox.exe_132cb2e8c955c64fb55252bf25981b28d1832058_0dc52de4\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_firefox.exe_6ad0ae66656314a3dcf52f9936ea59c2e184fa_09e82b63\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_firefox.exe_fb18b0f08812f1042c59ab4931411ee5474e30_0740d1bf\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_uTorrent.exe_306291c1a649787322a26693aff6f2b033c6b7_10b3950e\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_uTorrent.exe_38ed1b40a57cc5475c4c67407625cf97b12b2e51_11ba955c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_wmplayer.exe_1f545fffb84e0108caabb21b860a36909a1bd5_1c37fb79\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_wmplayer.exe_8f3a38c02be61ce5a989d5f1586fb122bd2c650_0b2b4172\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_wmplayer.exe_8f3a38c02be61ce5a989d5f1586fb122bd2c650_11768832\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_wmplayer.exe_8f3a38c02be61ce5a989d5f1586fb122bd2c650_1302c216\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_Microsoft Window_bd5996727e9ea1acda90841fa2c99a88df4fb9d6_cab_1363277c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows Live\Installer\Catalog\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows Live Photo Gallery\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows Mail\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows Mail\Backup\new\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\Windows Mail\Stationery\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\WLSetup\CabLogs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft\WLSetup\Logs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft Games\Hearts\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft Games\Mahjong Titans\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft Games\Solitaire\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Microsoft Help\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Skype\Apps\login\css\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Skype\Apps\login\fonts\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Skype\Apps\login\images\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Skype\Apps\login\images\normal\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Skype\Apps\login\images\retina\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\SoftGrid Client\140066.ENU-90140011-66-409\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Uqdcmedia\CNBJOP7F.DLL    a variant of Win32/Boaxxe.CO.gen trojan    
C:\Users\Patton\AppData\Local\Uqdcmedia\gwrjiwqjnujxt.dll    a variant of Win32/Boaxxe.CO.gen trojan    
C:\Users\Patton\AppData\Local\Uqdcmedia\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Local\Windows Live\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Acrobat\9.0\Search\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\AudioMixer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\DirectSound\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\Dynamiks\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FlashAsset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FLVAsset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontAsset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontXtra\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MixServices\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MP4Asset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\PNGImportExport\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\Shockwave3dAsset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundControl\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextAsset\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextXtra\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Google\GoogleEarth\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\Internet Explorer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msads.net^2fads^2f95672\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f114^2f000^2f000^2f000^2f024\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f30^2f000^2f000^2f000^2f019\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f37^2f000^2f000^2f000^2f020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f38^2f000^2f000^2f000^2f017\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f41^2f000^2f000^2f000^2f024\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f42^2f000^2f000^2f000^2f020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f43^2f000^2f000^2f000^2f024\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f44^2f000^2f000^2f000^2f017\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f44^2f000^2f000^2f000^2f020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f46^2f000^2f000^2f000^2f019\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f51^2f000^2f000^2f000^2f016\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f56^2f000^2f000^2f000^2f022\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f58^2f000^2f000^2f000^2f017\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f66^2f000^2f000^2f000^2f022\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f71^2f000^2f000^2f000^2f024\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f79^2f000^2f000^2f000^2f016\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f79^2f000^2f000^2f000^2f020\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f84^2f000^2f000^2f000^2f025\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f8^2f000^2f000^2f000^2f016\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads2.msads.net^2fCIS^2f98^2f000^2f000^2f000^2f016\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\Silverlight\InBrowser\Profiles\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\Silverlight\is\44gxc2ht.00p\jxjxam4r.jmw\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\f\SLPlayer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Microsoft\Silverlight\is\44gxc2ht.00p\jxjxam4r.jmw\1\s\u4nll4hghcen13r3jyqlcw1e0wapukkfqd1nyqcn5uz4dmrluzaaaefa\f\SLPlayer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\PlayReady\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\PlayReady\Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\PlayReady\Cache\S-1-5-21-1944314226-4241285889-3694376531-1000\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\LocalLow\Sun\Java\AU\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Acrobat\11.0\Security\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Acrobat\11.0\Security\CRLCache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Acrobat\9.0\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Flash Player\AssetCache\VWQ78FXM\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Flash Player\NativeCache\095ADC8A83DE62C9E8E49DF7E04A0467\121d9f1f\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Adobe\Flash Player\NativeCache\63241689DE8DD5590FBBFA84AD7D116C\4701b89\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\iTunes\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\iTunes\iPhone Updater Logs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\admins iPhone\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\admins iPhone\DiagnosticLogs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Noah's iPhone\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Noah's iPhone\DiagnosticLogs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Noah's iPhone\DiagnosticLogs\Ubiquity\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Noah's iPod touch\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Pattons iPhone\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Pattons iPhone\DiagnosticLogs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Pattons iPhone\DiagnosticLogs\Ubiquity\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Pattons iPhone\Message\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\CrashReporter\MobileDevice\Pattons iPhone\Retired\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\Logs\DeviceLink\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\MobileSync\Backup\244be30b1fabe5b7ae39441898b95d8110ce0566\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\MobileSync\Backup\2f59c81c10c689d8b130ec0981d6000757ddc06c\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\MobileSync\Backup\7bd9edf80256ded110a7d26f5edadde4b12b49e1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\MobileSync\Backup\7bd9edf80256ded110a7d26f5edadde4b12b49e1-20131102-081545\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\MobileSync\Backup\8474d3a2b31a975bc44236cf5cb7904489a367ad\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\clientdata\352340fc1280163e9adf24c655737a5d9bf4c5ed\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\TFSM\com.apple.Bookmarks\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\TFSM\com.apple.Calendars\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\TFSM\com.apple.Contacts\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\TFSM\com.apple.MailAccounts\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Apple Computer\SyncServices\Local\TFSM\com.apple.Notes\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Clip Organizer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\eHome\mcl_images\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Office\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Templates\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Document Themes\1033\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\SmartArt Graphics\1033\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Word Document Building Blocks\1033\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows\IETldCache\Low\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows\Libraries\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows\PrivacIE\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows\Themes\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Windows Photo Viewer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Microsoft\Word\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Mozilla\Firefox\Profiles\r7eg38ae.default-1421028351650\bookmarkbackups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\annette.patton3\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\annette.patton3\chatsync\bc\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\annette_patton\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\DataRv\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\hannah.patton95\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\hannah.patton95\qikdb\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\Pictures\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\shared_dynco\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Skype\shared_httpfe\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\SoftGrid Client\Icon Cache\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\109ecccd-40af-4ee7-b6e5-8569155e9497\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\26f46300-2963-4b51-8b72-ab5327c868da\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\6707b0cd-082a-4b90-bcf3-1b42b948b9f7\f8891314-3d75-41ad-a271-0e603518934d\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\109ecccd-40af-4ee7-b6e5-8569155e9497\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\2046a6be-1dd1-4c9e-8abf-78a409dcbda1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\26f46300-2963-4b51-8b72-ab5327c868da\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\6a5e2063-8a89-41e7-b7d5-6aae76a3c842\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\ad2e3ad8-3cc5-41f2-9dd1-4836bea528ad\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\bc608d8c-7da1-4b6f-b7d3-8fce18425a17\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\BulletinBoard\Boards\8f210e83-be23-4aa7-9ad2-52cc0525878d\f8891314-3d75-41ad-a271-0e603518934d\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Toshiba\ReelTime\UserData\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\uTorrent\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\uTorrent\apps\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\uTorrent\apps\D944B3378FAB35793B7951FA53E41B2AB9CC462B\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\uTorrent\ie\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Winamp\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Winamp\Plugins\Gracenote\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\AppData\Roaming\Winamp\Plugins\ml\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Contacts\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\1 FAT16\AUTORUN.INF    INF/Autorun worm    
C:\Users\Patton\Desktop\1 FAT16\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\1 FAT16\DCIM\101MSDCF\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\3uyf720i.default-1420779084161\bookmarkbackups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\3uyf720i.default-1420779084161\extensions\{D90EB0D4-980D-5D52-514B-2D7721741B9D}\components\PropertyHelperObject.js    Win32/Boaxxe.BU trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\adblockplus\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\bookmarkbackups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\extensions\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\minidumps\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\sessionstore-backups\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\storage\persistent\http+++www.walmart.ca\idb\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Desktop\Old Firefox Data\6n9tcpdp.default-1410756874802\storage\persistent\moz-safe-about+home\idb\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Documents\Decrypt All Files bsnhdzf.txt    Win32/Filecoder.DA.Gen trojan    
C:\Users\Patton\Documents\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Documents\house_vegreville\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Documents\noahs work\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down\Art\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\((Blues) Joe Callicott - Deal Gone Down\dealgonedownmp3\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\(1994) Metatron [256]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\(2003) Songs Ohia - Magnolia Electric Co. [Reissue 2013] [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\(Blues) CeDell Davis & Herman Alexander - Highway 61\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\(Blues) T-Model Ford - The Ladies Man (2010)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\(Desert Blues) Boubacar Traoré - Mali Denhou\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\jon madof - rashanim [2003 - tzadik]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#7017 1996] wadada leo smith - tao njia\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#7018 1996] guy klucevsek - stolen memories\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#7606 2001] massacre - meltdown\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#7609 2003] anton fier - dreamspeed + blindlight [1992-1994]\disc 1 - dreamspeed\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#7609 2003] anton fier - dreamspeed + blindlight [1992-1994]\disc 2 - blind light\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#8001 2004] david simons - prismatic hearing\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\13 tzadik albums\[#8004 2004] christopher adler - epilogue for a dark day\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\16 Horsepower\Folklore\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\16 Horsepower\Olden\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\16 horsepower - low estate (1998)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\1977 - Pete Townshend & Ronnie Lane - Rough Mix (24-96)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\1992 - Peter Gabriel - US (2002, 24-96)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#5012] 2005-50th birthday celebration vol.12\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7060] wadada leo smith reflectativity\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7070] wadada leo smith - red sulpher sky\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7080] derek bailey- pieces for guitar\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7121] gary lucas - busy being born\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7137] steven bernstein-diaspora soul\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7138] tim sparks - neshamah\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7141] new klezmer trio - short for something\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7143] the cracow klezmer band_de profundis\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7145] gary lucas - street of lost brothers\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7160] tim sparks -  at the rebbe's table\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\46 tzadik albums\[#7165] jenny sheinman - the rabbis lover\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#5011 2005] bar kokhba sextet - 50th birthday celebration volume eleven\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7034 1998] fred frith - pacifica\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7205] derek bailey and the ruins - saisoro (tzadik, 1995)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7509 1998] evan lurie - how i spent my vacation\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7515] doug wieselman - dimly lit collected soundtracks 1996-2002\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7516] marc ribot - filmworks 2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7602] various - hallelujah, anyway - remembering tom cora\disc 1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7602] various - hallelujah, anyway - remembering tom cora\disc 2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7603 2000] derek bailey, jamaaladeen tacuma & calvin weston - mirakle\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7604] wadada leo smith - golden quartet\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7608 2002] cyro baptista - beat the donkey\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7610 2004] wadada leo smith - kabell years 1971-1979\disc 1 - creative music 1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7610 2004] wadada leo smith - kabell years 1971-1979\disc 2 - reflectavity\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7610 2004] wadada leo smith - kabell years 1971-1979\disc 3 - song of humanity\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\49 tzadik label albums\[#7610 2004] wadada leo smith - kabell years 1971-1979\disc 4 - ahkreanvention\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\A Winged Victory for the Sullen - A Winged Victory for the Sullen ERATP032CD 2011 flac\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\A.A. Bondy - Believers(2011)MP3 Nlt-release\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Adam Green & Binki Shapiro [2013]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Agnes Obel - 2013 - Aventine [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Alabama Shakes - Boys & Girls (2012) FLAC Beolab1700\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Alex Chilton-Like Flies On Sherbert [1979\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Alice Gerrard - Follow The Music   2014\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\All Hell\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\All India Radio\ll India Radio - 002\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\All India Radio\ll India Radio - All India Radio\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\All India Radio\ll India Radio - These Winter Dreams\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - A Troubled Resting Place\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Fissures\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Gaudi (1991 New Age)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Rainforest (1989 New Age)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Trances & Drones\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Trances & Drones\cd1 - Trances\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 1\Robert Rich - Trances & Drones\cd2 - Drones\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Robert Rich & Steve Roach - Strata (New Age, 1990)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Steve Roach - Arc Of Passion [2007]  [New Age]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Steve Roach - Artifacts - 256K, Tribal-New Age,1994\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Steve Roach - Core - New Age Music 2001\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Steve Roach - Midnight Moon - New Age Music  2000\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ambient Torrent 2\Steve Roach - Origins - New Age 1993\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Anders Osborne - Black Eye Galaxy 2012 Flac\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Anders Osborne - Peace 2013 320kbps CBR MP3 [VX] [P2PDL]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(1996) Music of Hair\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(1998) Thrills\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(1999) Oh! The Grandeur\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(2001) The Swimming Hour\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(2005) The Mysterious Production of Eggs\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(2006) Fingerlings 3\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\(2007) Armchair Apocrypha\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird - Break It Yourself (2012)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird - Fitz and the Dizzyspells EP (2009) KompletlyWyred DHZ Inc Release\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird - Soldier On EP (2008)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird- Hands of Glory- [2012]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird-Noble Beast-Deluxe Edition-2009-cd 1-2\Andrew Bird-Noble Beast-Deluxe Edition-2009-cd 1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\Andrew Bird-Noble Beast-Deluxe Edition-2009-cd 1-2\Andrew Bird-Noble Beast-Deluxe Edition-2009-cd 2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\ANDREW BIRD - DISCOGRAPHY [CHANNEL NEO]\andrew bird_Weather Systems (2003)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Andrew Bird - Things Are Really Great Here, Sort of... (2014) [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Angel Olsen-Half Way Home (2012) V0\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Angus & Julia Stone - Angus & Julia Stone (2014)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Anywhere\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ariana Gillis - Forget Me Not [2011] FLAC\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Arve Henriksen - Strjon (2007) (192 vbr)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea (2008) - Tour EP\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea (2010) - Candor - Clamor (EP)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea (2010) - Constellations\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea (2011) - Live at Sint-Elisabethkerk\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea (2012) - Stranger\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea - All Is Wild, All Is Silent [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea - Balmorhea (2007) [MP3]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Balmorhea Discography\Balmorhea_(2008) rivers arms\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Barn Owl [Discography 2007-2011]\2007 - Barn Owl\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Barn Owl [Discography 2007-2011]\2009 - From Our Mouths A Perpetual Light\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Barn Owl [Discography 2007-2011]\2009 - The Conjurer\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Barn Owl [Discography 2007-2011]\2010 - Ancestral Star\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Barn Owl [Discography 2007-2011]\2011 - Lost in the Glare\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Basia Bulat - Heart Of My Own (2010)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Basia Bulat - Tall Tall Shadow (2013) [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Basia Bulat...Oh, My Darling(2007)[FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bassekou Kouyate & Ngoni ba - Jama ko (2013)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\bcer\fingerstyle - Ben Chasny (Six Organs ofAdmittance)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\bcer\fingerstyle - Jack Rose\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\bcer\fingerstyle - Jack Rose\jack rose - opium music (eclipse 2003 vinyl rip)\jack rose - opium music (eclipse 2003 vinyl rip)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\bcer\fingerstyle - Steffen Basho-Junghans\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beachwood Sparks - Tarnished Gold (2012)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beaubrummels - Bradley's Barn (1968) [FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart & His magic band - Ice cream for crow\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart & His magic band - Trout mask replica\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - 1967 Safe as Milk\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - 1968 Strictly personal\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - 1970 - Lick My Decals Off Baby [192]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - 1972 - Clear Spot\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - 1980 Doc at the Radar Station\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart - The Spotlight Kid\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain Beefheart and his Magic Band - Shiny Beast\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Beefheart Albums\Captain_Beefheart-Grow_Fins_Rarieties_65-82-5CD-1999-JUST\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\1994 Welcome to the Cruel World\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\1995 Fight for Your Mind\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\1997 The Will To Live\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\1999 Burn To Shine\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2003 Diamonds on the Inside\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2004 There Will Be A Light\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2006 Both Sides of the Gun\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2007 Lifeline\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2009 White Lies for Dark Times\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2011 Give Till It's Gone\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BEN HARPER Discography 320kps\2013 Get Up!\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Ben Nichols - Last Pale Light\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Benjamin Booker - Benjamin Booker (2014) MP3@320kbps Beolab1700\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Benjamin Francis Leftwich...Last Smoke Before the Snowstorm(2011)[FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Benoit Pioulard - Lasted (2010)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Big Head Todd and The Monsters - Black Beehive [2014] [Mp3-320]-V3nom [GLT]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]\big star_1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\big star - 2009 - keep an eye on the sky [box set]\big star_2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Callahan - Apocalypse [mp3-320-2011]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Callahan - Dream River 2013 Indie 320kbps CBR MP3 [VX] [P2PDL]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Floratone (2007) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Floratone II (2012) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Gone, Just Like A Train (1998) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Guitar in the Space Age! - 2014 [MP3 320]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Sign of Life\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Silent Comedy (2013) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - The Intercontinentals (2003) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Unspeakable (2004) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell - Where In The World (1991) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell\Bill Frisell and Vernon Reid - Smash and Scatteration\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Frisell - Big Sur (2013)\Bill Frisell - Is That You (1990) [EAC-FLAC]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Laswell - Oscillations (2-CD)\Bill Laswell - Oscillations Vol.1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Laswell - Oscillations (2-CD)\Bill Laswell - Oscillations Vol.2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Arcana\Arc of the Testimony\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Boniche Dub\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Hoppy Kamiyama-Bill Laswell\A Navel City-No One Is There\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Imaginary Cuba\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Invisible Design\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Painkiller\Execution Ground Disc 1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL LASWELL CD COLLECTION PART 2\Painkiller\Execution Ground Disc 2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL NELSON\1971 - Nothern Dream\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL NELSON\1979 - Bill Nelson's Red Noise - Sound on Sound\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL NELSON\1981 - Das Kabinet\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\BILL NELSON\1982 - La Belle Et La Bete\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Ryder-Jones - A Bad Wind Blows In My Heart [mp3-vbr-2013]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bill Ryder-Jones - If [mp3-320-2011]\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bo Diddley The Chess Box(mp3@320)[rogercc][h33t]\Bo Diddley The Chess Box Disc 1\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
C:\Users\Patton\Downloads\Bo Diddley The Chess Box(mp3@320)[rogercc][h33t]\Bo Diddley The Chess Box Disc2\how_decrypt.html    Win32/Filecoder.EA.Gen trojan    
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users