Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptomonero CPU miner infection, Claymore Cryptonote v3.4 Beta


  • This topic is locked This topic is locked
7 replies to this topic

#1 BrandonR.

BrandonR.

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 28 January 2015 - 05:45 PM

   Hello and thank you for taking your time to help me. I recently installed a program and immediately after running that program noticed my CPU usage was 99%. I found an SVChost.exe file that was utilizing both cores to 99%. The file is in C:\Windows\temp. I can end the process and delete the file, but it keeps reappearing after rebooting. A log file also appears in the temp folder as well. 

 

This is the log contents

 

17:15:39:000 af4
17:15:39:000 af4 ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
17:15:39:000 af4 º            Claymore CryptoNote CPU Miner  v3.4 Beta            º
17:15:39:000 af4 ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
17:15:39:200 af4 64-bit version
17:15:39:200 af4 CPU does not support AES-NI - slower mining!
17:15:39:200 af4 Logical CPU cores: 2
17:15:39:200 af4 Number of threads: Autoselection...
17:15:39:200 af4 Using 2 threads
17:15:39:200 af4 scfg: 1
17:15:39:200 af4 1 pool specified.
17:15:39:200 af4 Press "m" key for tune mode.
17:15:39:220 8a0 Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
17:15:39:250 a18 Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
17:15:39:370 8a0 Stratum - Connected
17:15:39:390 a18 Stratum - Connected
17:15:39:530 8a0 got 303 bytes
17:15:39:530 8a0 buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"326377336122095","job":{"blob":"0100f1bda5a605e515962e3cde2712e940500060c57b37209a3abaaeae8be583f236c64ad39d52000000004df26dbf5b0aa9100704e1e007cbf0d03b2d0e2db4188fa3d3d0305d9799573b06","job_id":"774887002725154","target":"cfb02b00"},"status":"OK"}}
 
17:15:39:530 8a0 parse packet: 303
17:15:39:530 8a0 new buf size: 0
17:15:39:530 8a0 DevFee: Pool Diff 1500
17:15:39:640 a18 got 303 bytes
17:15:39:640 a18 buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"888077434967272","job":{"blob":"0100f2bda5a605e515962e3cde2712e940500060c57b37209a3abaaeae8be583f236c64ad39d5200000000e926553ca75bcf5f8c5870bc5b954c783ca2135937aba95a68cce598c425124d06","job_id":"389615178969688","target":"cfb02b00"},"status":"OK"}}
 
17:15:39:640 a18 parse packet: 303
17:15:39:640 a18 new buf size: 0
17:15:39:640 a18 Pool Diff 1500
17:15:39:640 a18 df has same pool, skip
17:15:41:310 43c round found 1 shares
17:15:41:320 a18 01/28/15-17:15:41 - SHARE FOUND (target 1500) - (THR 0 of 2)
17:15:41:580 a18 got 63 bytes
17:15:41:580 a18 buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}
 
17:15:41:580 a18 parse packet: 63
17:15:41:580 a18 Share accepted
17:15:41:580 a18 new buf size: 0
 
 
 
 
 I've tried several removal programs with no luck, before hand though I deleted the suspected program. 
 
This is the FRST log, the SVChost process was ended before scanning.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Brandon (administrator) on BRANDON-PC on 28-01-2015 17:26:08
Running from C:\Users\Brandon\Downloads
Loaded Profiles: Brandon (Available profiles: Brandon)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
() C:\Program Files\Prio\prio_svc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKU\S-1-5-21-227952554-3997655643-3925852553-1000\...\Policies\Explorer: [NoInstrumentation] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-227952554-3997655643-3925852553-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-21]
CHR Extension: (Google Docs) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-21]
CHR Extension: (Google Drive) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-21]
CHR Extension: (YouTube) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-21]
CHR Extension: (Adblock Plus) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-21]
CHR Extension: (Google Search) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-21]
CHR Extension: (Google Sheets) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-21]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2015-01-21]
CHR Extension: (Pixlr Touch Up) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-01-21]
CHR Extension: (Google Wallet) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-21]
CHR Extension: (Gmail) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
R2 prio_svc; C:\Program Files\Prio\prio_svc.exe [12656 2012-11-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-28] (Disc Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2015-01-21] (Duplex Secure Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 MFE_RR; \??\C:\Users\Brandon\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 17:26 - 2015-01-28 17:26 - 00007099 _____ () C:\Users\Brandon\Downloads\FRST.txt
2015-01-28 17:26 - 2015-01-28 17:26 - 00000000 ____D () C:\FRST
2015-01-28 17:24 - 2015-01-28 17:24 - 02130432 _____ (Farbar) C:\Users\Brandon\Downloads\FRST64.exe
2015-01-28 17:05 - 2015-01-28 17:05 - 00050477 _____ () C:\Users\Brandon\Downloads\Defogger.exe
2015-01-28 17:05 - 2015-01-28 17:05 - 00000586 _____ () C:\Users\Brandon\Downloads\defogger_disable.log
2015-01-28 17:05 - 2015-01-28 17:05 - 00000020 _____ () C:\Users\Brandon\defogger_reenable
2015-01-28 16:50 - 2015-01-28 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-28 16:50 - 2015-01-28 17:14 - 00000000 ____D () C:\Users\Brandon\Desktop\mbar
2015-01-28 16:50 - 2015-01-28 17:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 16:50 - 2015-01-28 17:10 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 16:50 - 2015-01-28 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-28 16:49 - 2015-01-28 16:49 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Brandon\Downloads\mbar-1.08.3.1004.exe
2015-01-28 16:46 - 2015-01-28 16:47 - 00000000 ____D () C:\AdwCleaner
2015-01-28 16:43 - 2015-01-28 16:43 - 02194432 _____ () C:\Users\Brandon\Downloads\AdwCleaner.exe
2015-01-28 16:43 - 2015-01-28 16:43 - 01707939 _____ (Thisisu) C:\Users\Brandon\Downloads\JRT.exe
2015-01-28 16:43 - 2015-01-28 16:43 - 00000000 ____D () C:\Windows\ERUNT
2015-01-28 16:41 - 2015-01-28 16:41 - 00783120 _____ (McAfee, Inc.) C:\Users\Brandon\Downloads\rootkitremover (1).exe
2015-01-28 16:41 - 2015-01-28 16:41 - 00000310 _____ () C:\Users\Brandon\Downloads\RootkitRemover_20150128_164151.log
2015-01-28 16:40 - 2015-01-28 16:40 - 00783120 _____ (McAfee, Inc.) C:\Users\Brandon\Downloads\rootkitremover.exe
2015-01-28 16:40 - 2015-01-28 16:40 - 00000310 _____ () C:\Users\Brandon\Downloads\RootkitRemover_20150128_164048.log
2015-01-28 16:09 - 2015-01-28 16:09 - 00003128 _____ () C:\Windows\System32\Tasks\Origin
2015-01-28 16:09 - 2015-01-28 16:09 - 00000000 ___HD () C:\Users\Brandon\AppData\Roaming\Origin
2015-01-28 15:54 - 2015-01-28 15:54 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-01-28 12:56 - 2015-01-28 12:56 - 00025741 _____ () C:\Users\Brandon\Downloads\[kickass.so]borderlands.the.pre.sequel.v1.0.4.5.dlcs.rus.eng.multi7.repack.by.rg.mechanics.torrent
2015-01-28 00:10 - 2015-01-28 00:10 - 00031735 _____ () C:\Users\Brandon\Downloads\[kickass.so]dead.rising.3.apocalypse.edition.2014.multi2.xaka.torrent
2015-01-28 00:05 - 2015-01-28 00:05 - 00020126 _____ () C:\Users\Brandon\Downloads\[kickass.so]dead.island.game.of.the.year.edition.pc.dlcs.nosteam.torrent
2015-01-27 23:52 - 2015-01-27 23:52 - 02372400 _____ (Torch Media, Inc) C:\Users\Brandon\Downloads\TorchSetup-r25-n-bc.exe
2015-01-27 22:50 - 2015-01-27 22:50 - 00060263 _____ () C:\Users\Brandon\Downloads\[kickass.so]dying.light.reloaded.torrent
2015-01-24 22:45 - 2015-01-24 22:45 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Nero
2015-01-22 22:52 - 2015-01-22 22:52 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Steam
2015-01-21 19:00 - 2015-01-26 21:36 - 00000436 _____ () C:\Windows\SysWOW64\AppLog.log
2015-01-21 16:27 - 2015-01-28 16:19 - 00000267 _____ () C:\Users\Brandon\d3d_antilag.log
2015-01-21 16:24 - 2015-01-21 16:24 - 00008921 _____ () C:\Users\Brandon\Downloads\Skyrim Stutter Fix-2581-0-1.zip
2015-01-21 16:04 - 2015-01-21 16:04 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Skyrim
2015-01-21 15:27 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-21 15:27 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-21 15:27 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-21 15:27 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-21 15:27 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-21 15:27 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-21 15:26 - 2015-01-28 16:09 - 00000000 ____D () C:\Users\Brandon\Documents\My Games
2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 ____D () C:\Users\Brandon\AppData\Local\SetupSkin
2015-01-21 15:26 - 2015-01-21 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim
2015-01-21 15:20 - 2015-01-21 15:20 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-21 15:11 - 2015-01-28 15:54 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-21 15:11 - 2015-01-21 15:25 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\DAEMON Tools Lite
2015-01-21 15:11 - 2015-01-21 15:11 - 00386680 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2015-01-21 15:11 - 2015-01-21 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-21 15:10 - 2015-01-21 15:19 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2015-01-21 15:10 - 2015-01-21 15:10 - 13429504 _____ (Disc Soft Ltd) C:\Users\Brandon\Downloads\DTLite4491-0356.exe
2015-01-21 14:43 - 2015-01-28 17:17 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-21 14:43 - 2015-01-21 14:43 - 02174848 _____ () C:\Users\Brandon\Downloads\instsf450.exe
2015-01-21 14:43 - 2015-01-21 14:43 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-01-21 14:43 - 2015-01-21 14:43 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-21 14:43 - 2015-01-21 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-01-21 14:35 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-21 14:35 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-21 14:35 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-21 14:35 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-21 14:35 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-21 14:35 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-21 14:35 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-21 14:35 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-21 14:35 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-21 14:35 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-21 14:30 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-21 14:30 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-21 14:30 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-21 14:30 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-21 14:30 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-21 14:30 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-21 14:30 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-21 14:30 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-21 14:30 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-21 14:30 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-21 14:30 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-21 14:30 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-21 14:30 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-21 14:30 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-21 14:30 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-21 14:30 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-21 14:30 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-21 14:30 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-21 14:30 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-21 14:30 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-21 14:30 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-21 14:30 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-21 14:30 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-21 14:30 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-21 14:30 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-21 14:30 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-21 14:30 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-21 14:30 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-21 14:30 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-21 14:30 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-21 14:30 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-21 14:30 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-21 14:30 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-21 14:30 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-21 14:23 - 2015-01-21 14:23 - 00000000 ____D () C:\Windows\System32\Tasks\Nero
2015-01-21 14:22 - 2015-01-21 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-01-21 14:22 - 2015-01-21 14:23 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-01-21 14:21 - 2015-01-21 14:23 - 00000000 ____D () C:\ProgramData\Nero
2015-01-21 14:17 - 2015-01-21 14:17 - 00763088 _____ (O&K Software) C:\Users\Brandon\Downloads\prio_x64_200_2960.exe
2015-01-21 14:17 - 2015-01-21 14:17 - 00000026 _____ () C:\Users\Brandon\AppData\Roaming\prio.ini
2015-01-21 14:17 - 2015-01-21 14:17 - 00000000 ____D () C:\Program Files\Prio
2015-01-21 14:10 - 2015-01-21 14:10 - 00419840 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-01-21 14:10 - 2015-01-21 14:10 - 00413696 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-01-21 14:10 - 2015-01-21 14:10 - 00133632 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-01-21 14:10 - 2015-01-21 14:10 - 00110592 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-01-21 14:10 - 2015-01-21 14:10 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-21 14:10 - 2008-09-17 15:11 - 01828352 ____N (Creative) C:\Windows\system32\adi_oal.dll
2015-01-21 14:10 - 2008-09-17 15:07 - 01503232 ____N (Creative) C:\Windows\SysWOW64\adi_oal.dll
2015-01-21 14:09 - 2015-01-21 14:10 - 00008035 _____ () C:\Windows\SMinstall.log
2015-01-21 14:09 - 2015-01-21 14:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-21 14:09 - 2015-01-21 14:09 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-01-21 14:09 - 2015-01-21 14:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundMAX
2015-01-21 14:09 - 2015-01-21 14:09 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\InstallShield
2015-01-21 14:09 - 2015-01-21 14:09 - 00000000 ____D () C:\ProgramData\SonicFocus
2015-01-21 14:09 - 2015-01-21 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alien Isolation Digital Deluxe Edition
2015-01-21 14:09 - 2015-01-21 14:09 - 00000000 ____D () C:\Program Files (x86)\Analog Devices
2015-01-21 14:09 - 2009-04-22 09:53 - 00062464 _____ (Sonic Focus, Inc.) C:\Windows\SysWOW64\SFFXComm.dll
2015-01-21 14:07 - 2015-01-21 14:07 - 12810710 _____ (Igor Pavlov) C:\Users\Brandon\Downloads\Analog_Device_SoundMAX_6.10.02.6585.exe
2015-01-21 14:07 - 2009-11-05 07:17 - 00000000 ____D () C:\Users\Brandon\Downloads\Analog_Device_SoundMAX_6.10.02.6585
2015-01-21 14:07 - 2009-06-05 07:42 - 00475136 _____ (Analog Devices, Inc.) C:\Windows\system32\Drivers\ADIHdAud.sys
2015-01-21 14:07 - 2009-06-05 07:42 - 00428544 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIExt.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00174592 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00163840 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFCTPL64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00161280 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPO.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00122880 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFFXCPStr.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00111616 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
2015-01-21 14:07 - 2009-06-05 07:42 - 00078848 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00078336 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00078336 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00069120 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00059392 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFMAPO64.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00056320 _____ (Andrea Electronics Corporation) C:\Windows\system32\AEADIAPR.dll
2015-01-21 14:07 - 2009-06-05 07:42 - 00041472 _____ (Analog Devices, Inc.) C:\Windows\system32\SmaxCo.dll
2015-01-21 13:54 - 2015-01-21 13:54 - 00000000 ____D () C:\Program Files (x86)\R.G. Freedom
2015-01-21 13:52 - 2015-01-28 17:14 - 00003030 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-01-21 13:51 - 2015-01-21 15:27 - 00027674 _____ () C:\Windows\DirectX.log
2015-01-21 13:51 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-21 13:51 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-21 13:51 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-21 13:51 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-21 13:51 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-21 13:51 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-21 13:51 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-21 13:51 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-21 13:51 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-21 13:51 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-21 13:51 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-21 13:51 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-21 13:51 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-21 13:51 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-21 13:51 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-21 13:51 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-21 13:51 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-21 13:51 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-21 13:51 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-21 13:51 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-21 13:51 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-21 13:51 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-21 13:51 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-21 13:51 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-21 13:51 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-21 13:51 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-21 13:51 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-21 13:51 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-21 13:51 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-21 13:51 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-21 13:51 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-21 13:51 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-21 13:51 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-21 13:51 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-21 13:51 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-21 13:51 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-21 13:51 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-21 13:51 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-21 13:51 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-21 13:51 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-21 13:51 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-21 13:51 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-21 13:51 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-21 13:51 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-21 13:51 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-21 13:51 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-21 13:51 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-21 13:51 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-21 13:51 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-21 13:51 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-21 13:51 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-21 13:51 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-21 13:51 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-21 13:51 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-21 13:51 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-21 13:51 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-21 13:51 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-21 13:51 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-21 13:51 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-21 13:51 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-21 13:51 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-21 13:51 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-21 13:51 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-21 13:51 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-21 13:51 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-21 13:51 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-21 13:51 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-21 13:51 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-21 13:51 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-21 13:51 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-21 13:51 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-21 13:51 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-21 13:51 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-21 13:51 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-21 13:51 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-21 13:51 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-21 13:51 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-21 13:51 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-21 13:51 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-21 13:51 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-21 13:51 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-21 13:51 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-21 13:51 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-21 13:51 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-21 13:51 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-21 13:51 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-21 13:51 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-21 13:51 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-21 13:51 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-21 13:51 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-21 13:51 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-21 13:51 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-21 13:51 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-21 13:51 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-21 13:51 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-21 13:51 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-21 13:51 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-21 13:51 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-21 13:51 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-21 13:51 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-21 13:51 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-21 13:51 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-21 13:51 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-21 13:51 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-21 13:51 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-21 13:51 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-21 13:51 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-21 13:51 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-21 13:51 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-21 13:51 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-21 13:51 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-21 13:51 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-21 13:51 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-21 13:51 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-21 13:48 - 2015-01-21 13:51 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-21 13:47 - 2015-01-27 22:37 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-01-21 13:47 - 2015-01-21 13:47 - 36210245 _____ () C:\Users\Brandon\Downloads\MSIAfterburnerSetup410.zip
2015-01-21 13:47 - 2015-01-21 13:47 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-01-21 13:47 - 2015-01-21 13:47 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-01-21 13:47 - 2015-01-21 13:47 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-21 13:45 - 2015-01-28 17:15 - 00000306 _____ () C:\Windows\Tasks\RMAutoUpdate.job
2015-01-21 13:45 - 2015-01-26 21:36 - 00000308 _____ () C:\Windows\Tasks\RMSchedule.job
2015-01-21 13:45 - 2015-01-21 13:46 - 00002888 _____ () C:\Windows\System32\Tasks\RMSchedule
2015-01-21 13:45 - 2015-01-21 13:45 - 00002542 _____ () C:\Windows\System32\Tasks\RMAutoUpdate
2015-01-21 13:44 - 2015-01-21 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
2015-01-21 13:44 - 2015-01-21 13:44 - 00000000 ____D () C:\Program Files (x86)\PC Tools
2015-01-21 13:44 - 2012-08-21 14:44 - 00513696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml.dll
2015-01-21 13:44 - 2012-08-21 14:44 - 00041632 _____ () C:\Windows\system32\CleanMFT64.exe
2015-01-21 13:44 - 2008-09-17 21:17 - 00658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2015-01-21 13:44 - 2008-04-02 15:54 - 01101824 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox210.ocx
2015-01-21 13:44 - 2008-04-02 15:53 - 00880640 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBox10.ocx
2015-01-21 13:44 - 2008-04-02 15:53 - 00212992 _____ (Woodbury Associates Limited) C:\Windows\SysWOW64\UniBoxVB12.ocx
2015-01-21 13:44 - 2004-03-09 00:00 - 01081616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2015-01-21 13:43 - 2015-01-28 17:15 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-21 13:43 - 2015-01-21 13:43 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Product_RM
2015-01-21 13:43 - 2015-01-21 13:43 - 00000000 ____D () C:\ProgramData\PC Tools
2015-01-21 13:41 - 2015-01-28 15:54 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\uTorrent
2015-01-21 13:41 - 2015-01-21 13:41 - 00000798 _____ () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-21 13:40 - 2015-01-21 13:40 - 01678928 _____ (BitTorrent Inc.) C:\Users\Brandon\Downloads\uTorrent.exe
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\ATI
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 ____D () C:\Users\Brandon\AppData\Local\ATI
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 ____D () C:\ProgramData\ATI
2015-01-21 13:25 - 2015-01-21 13:25 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-21 13:24 - 2015-01-21 13:24 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201501211324148712.log
2015-01-21 13:24 - 2015-01-21 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-21 13:24 - 2015-01-21 13:24 - 00000000 ____D () C:\ProgramData\AMD
2015-01-21 13:24 - 2015-01-21 13:24 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-01-21 13:24 - 2015-01-21 13:24 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-21 13:23 - 2015-01-21 13:23 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-21 13:22 - 2015-01-21 14:39 - 00773568 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-21 13:22 - 2015-01-21 14:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-21 13:21 - 2015-01-21 13:23 - 00000000 ____D () C:\Program Files\AMD
2015-01-21 13:20 - 2015-01-21 13:20 - 00000000 ____D () C:\AMD
2015-01-21 13:19 - 2015-01-21 13:20 - 302470552 _____ (AMD Inc.) C:\Users\Brandon\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-01-21 13:15 - 2015-01-28 17:20 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 13:15 - 2015-01-28 17:18 - 00729504 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 13:15 - 2015-01-28 17:15 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-21 13:15 - 2015-01-21 13:15 - 00058016 _____ () C:\Users\Brandon\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 13:15 - 2015-01-21 13:15 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-21 13:15 - 2015-01-21 13:15 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-21 13:15 - 2015-01-21 13:15 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Google
2015-01-21 13:15 - 2015-01-21 13:15 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Deployment
2015-01-21 13:15 - 2015-01-21 13:15 - 00000000 ____D () C:\Users\Brandon\AppData\Local\Apps\2.0
2015-01-21 13:15 - 2015-01-21 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-21 13:15 - 2015-01-21 13:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-21 13:14 - 2015-01-21 13:14 - 00000000 __SHD () C:\Users\Brandon\AppData\Local\EmieUserList
2015-01-21 13:14 - 2015-01-21 13:14 - 00000000 __SHD () C:\Users\Brandon\AppData\Local\EmieSiteList
2015-01-21 13:14 - 2015-01-21 13:14 - 00000000 __SHD () C:\Users\Brandon\AppData\Local\EmieBrowserModeList
2015-01-21 13:13 - 2015-01-21 13:13 - 00000000 ____D () C:\Users\Brandon\AppData\Roaming\Adobe
2015-01-21 13:12 - 2015-01-28 17:05 - 00000000 ____D () C:\Users\Brandon
2015-01-21 13:12 - 2015-01-21 13:12 - 00443772 __RSH () C:\DJAUC
2015-01-21 13:12 - 2015-01-21 13:12 - 00000020 ___SH () C:\Users\Brandon\ntuser.ini
2015-01-21 13:12 - 2015-01-21 13:12 - 00000000 __SHD () C:\Recovery
2015-01-21 13:12 - 2015-01-21 13:12 - 00000000 ____D () C:\Users\Brandon\AppData\Local\VirtualStore
2015-01-21 13:12 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-21 13:12 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-21 13:08 - 2015-01-21 13:08 - 00000000 ____D () C:\Windows\CSC
2015-01-21 13:07 - 2015-01-21 13:07 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-21 13:07 - 2010-11-20 19:23 - 00383786 __RSH () C:\bootmgr
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 17:22 - 2009-07-13 20:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 17:22 - 2009-07-13 20:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 17:19 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 17:15 - 2010-11-20 19:47 - 00007226 _____ () C:\Windows\PFRO.log
2015-01-28 17:15 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 17:15 - 2009-07-13 20:51 - 00031207 _____ () C:\Windows\setupact.log
2015-01-28 17:14 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2015-01-28 16:23 - 2011-04-12 00:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-21 16:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-21 14:32 - 2014-11-14 16:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-21 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-21 13:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-21 13:32 - 2014-09-29 19:17 - 00000000 ____D () C:\EVEREST Ultimate Edition
2015-01-21 13:21 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-21 13:12 - 2014-11-15 03:01 - 00000000 ____D () C:\Windows\Panther
2015-01-21 13:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-21 13:10 - 2014-11-15 03:05 - 00003652 _____ () C:\Windows\TSSysprep.log
2015-01-21 13:10 - 2009-07-13 20:46 - 00003806 _____ () C:\Windows\DtcInstall.log
2015-01-21 13:07 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-21 13:07 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-08 09:55 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 13:12 - 2014-11-14 16:33 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-01-21 14:17 - 2015-01-21 14:17 - 0000026 _____ () C:\Users\Brandon\AppData\Roaming\prio.ini
 
Files to move or delete:
====================
C:\Users\Brandon\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\Brandon\AppData\Local\Temp\bitool.dll
C:\Users\Brandon\AppData\Local\Temp\Quarantine.exe
C:\Users\Brandon\AppData\Local\Temp\res.dll
C:\Users\Brandon\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Brandon\AppData\Local\Temp\sfareca00001.dll
C:\Users\Brandon\AppData\Local\Temp\sfextra.dll
C:\Users\Brandon\AppData\Local\Temp\sqlite3.dll
C:\Users\Brandon\AppData\Local\Temp\startpoint_1.exe
C:\Users\Brandon\AppData\Local\Temp\update.exe
C:\Users\Brandon\AppData\Local\Temp\utt5B8E.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-25 01:48
 
==================== End Of Log ============================
 
 
Thank you for your time. 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 29 January 2015 - 08:56 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Full System Scan with Malwarebytes Antimalware



  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 BrandonR.

BrandonR.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 29 January 2015 - 03:52 PM

 Thank you Marius for helping me. I followed all of your instructions exactly. After using the fixlist.txt file in FRST, it seemed to fix the problem, but I continued with your instructions.

 

Here is the FRST fixlog.txt contents.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Brandon at 2015-01-29 13:51:52 Run:1
Running from C:\FRST
Loaded Profiles: Brandon (Available profiles: Brandon)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {6F945A42-69A3-4197-A67A-86C60220BE29} - System32\Tasks\Origin => C:\Users\Brandon\AppData\Roaming\Origin\update.vbe [2015-01-28] () <==== ATTENTION

C:\Users\Brandon\AppData\Roaming\Origin
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

EmptyTemp:


*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F945A42-69A3-4197-A67A-86C60220BE29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F945A42-69A3-4197-A67A-86C60220BE29}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\Users\Brandon\AppData\Roaming\Origin => Moved successfully.
C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:51:55 ====

Here is the MBAM scanlog contents.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/29/2015
Scan Time: 2:02:07 PM
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.29.08
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Brandon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316368
Time Elapsed: 3 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.OpenCandy, C:\Users\Brandon\Downloads\DTLite4491-0356.exe, Quarantined, [75b7fa038affc37306a0745c7d88b14f], 
PUP.Optional.TorchMedia, C:\Users\Brandon\Downloads\TorchSetup-r25-n-bc.exe, Quarantined, [220a7984cfbad95d9258ca19847d9a66], 

Physical Sectors: 0
(No malicious items detected)


(end)

I'm still waiting on the ESET scan to finish. It is taking a long time to finish so i'll post the the current scan results now. As soon as ESET finishes I will post those results too.



#4 BrandonR.

BrandonR.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 29 January 2015 - 04:17 PM

 The ESET online scanner stopped responding at 51% completion. Here are the results ESET found before it stopped.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f3de40ec5b5c35469dd2dc1df5917e26
# engine=22212
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-30 12:05:17
# local_time=2015-01-29 04:05:17 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 610088 174119767 0 0
# scanned=158216
# found=12
# cleaned=0
# scan_time=6509
sh=816B1CB7B56935D8544FCEFB5AD6A5CBE5C8BBC1 ft=1 fh=a1dc8b62925612cd vn="a variant of Win32/BrowseFox.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Brandon\AppData\Local\Temp\SourceApp\SourceApp.mg.exe.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=37846E9152890EF2FE6EF58526ED67F5E9810B61 ft=1 fh=a83743a2b95ee3bc vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="C:\Program Files (x86)\R.G. Mechanics\Borderlands - The Pre-Sequel\Binaries\Win32\steam_api.dll"
sh=49C8D9741E9F12C1285F37EFCC1E0215527954FC ft=1 fh=11769a64dde31812 vn="a variant of Win32/InstallCore.TS potentially unwanted application" ac=I fn="C:\Users\Brandon\Downloads\winzip19.exe"
sh=536331C2DE82823911D66173072F8C42D329B7B8 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\1317134.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-227952554-3997655643-3925852553-1000\$RZHH2MI.Sequel-RELOADED\rld-bothpr.iso"
sh=ADCECC3D4C5435C9EB0004BCA85ED14D3BDDE3EE ft=1 fh=3e69c08b095cb53b vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-227952554-3997655643-3925852553-1000\$RZHH2MI.Sequel-RELOADED\Borderlands The Pre Sequel Update v1.0.2 Incl DLC-RELOADED\Crack\Binaries\Win32\steam_api.dll"
 


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 30 January 2015 - 04:05 AM

Stop using illegal software - it is the main source of infections! :rolleyes:

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!





Are any problems left or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 BrandonR.

BrandonR.
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 30 January 2015 - 11:05 AM

 Lol. I knew you were going to tell me that. I know the risks of illegal software, and this is the first problem i've had in years resulting from that.

# AdwCleaner v4.109 - Report created 30/01/2015 at 10:51:50
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Brandon - BRANDON-PC
# Running from : C:\Users\Brandon\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [1663 octets] - [28/01/2015 16:46:09]
AdwCleaner[R1].txt - [866 octets] - [30/01/2015 10:50:45]
AdwCleaner[S0].txt - [1566 octets] - [28/01/2015 16:47:21]
AdwCleaner[S1].txt - [788 octets] - [30/01/2015 10:51:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [847 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Brandon on Fri 01/30/2015 at 10:54:41.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/30/2015 at 10:56:00.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 

 

 

Thank you again for taking your time with this matter.

 

At this time there are no problems left. You may post the final reply and close this thread. 



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 02 February 2015 - 05:00 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 PM

Posted 03 July 2015 - 02:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users