Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan-dropper.vbs.agent.bp


  • This topic is locked This topic is locked
28 replies to this topic

#1 hubal

hubal

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 29 January 2015 - 09:41 PM

hi 

i am running on windows 8.1, AV is kaspersky 2015 internet security.
after posting my problem on the official support website but getting no real help , i decided to go here, i asked them for a guidance on how to deal with infected external HDD but they gave me an ambiguous advice and now i am screwed.

i have an external 1tb HDD that recently used by a friend on his computer, it gets infected with something called trojan-dropper.vbs.agent.bp by copying his files to the HDD,
how did i knew the name of the virus?! because unfortunately i plugged the external to my brand new laptop and did a scan on it -

Note:the external did instal itself on the laptop due to KAV being disabled - although i did disable the autoplay function ! 

now the scan report of KAV shows around 11000 files infected on the hard disk , none on my computer. but knowing a bit about trojans, by concept its a hidden SOB that can ruin everything without making any noise !

i didn't copy any files from the external to my laptop, however all of my work are there and i am planning to move all of the remaining files to the laptop.
i am on the process of deleting all of the infected files! but is that even enough? formatting my external is something i cant and will not do !

can someone guide me here on how to completely and securely remove trojan-dropper.vbs.agent.bp (KAV name) ?


Edited by hubal, 29 January 2015 - 10:35 PM.


BC AdBot (Login to Remove)

 


#2 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 30 January 2015 - 02:52 PM

is there is something missing that i need to add to get a reply ?

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 02 February 2015 - 04:29 PM

Greetings hubal and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Before we deal with your external drive I want to make sure there are no issues with your laptop. Do not connect the external drive until instructed to do so.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 08:18 PM

test the offiline error preventing my from a reply



#5 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 08:24 PM

hey guys whenever i try to copy , paste and attach what you requested i am getting a website offline message !!


Edited by hubal, 04 February 2015 - 08:25 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 04 February 2015 - 08:27 PM

Greetings,

 

Not sure if that is temporary but try to Attach the reports to your reply.

 

===================================================

How to Attach a File to Your Reply

--------------------
 

  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are ready to post your response hit Reply and the file will be automatically attached to your reply

 

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 08:53 PM

Greetings,

 

Not sure if that is temporary but try to Attach the reports to your reply.

 

===================================================

 

 

 

the error message says " post too long" if i try the quick reply , but if i choose the extended reply just like you said , the website offline message appears after hitting the reply message or post previews


Edited by hubal, 04 February 2015 - 08:55 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 04 February 2015 - 09:09 PM

Please try to upload the files here. I will be automatically notified when they arrive.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 10:05 PM

i did it, i added the log text in the description

FARBAR Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by me (administrator) on AMRA on 05-02-2015 02:23:53
Running from C:\Users\me\Desktop
Loaded Profiles: me (Available profiles: me)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456808 2014-10-15] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-11] (IDT, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-08-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-08-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-08-26] (cyberlink)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3182269937-568623715-2630426270-1002\...\Run: [Google Update] => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2015-01-17] (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3182269937-568623715-2630426270-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3182269937-568623715-2630426270-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3182269937-568623715-2630426270-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKU\S-1-5-21-3182269937-568623715-2630426270-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8CBA4590-26EA-4A97-9BB7-95E19CB7CD9E}: [NameServer] 79.134.128.3,79.134.128.5

FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3182269937-568623715-2630426270-1002: @tools.google.com/Google Update;version=3 -> C:\Users\me\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3182269937-568623715-2630426270-1002: @tools.google.com/Google Update;version=9 -> C:\Users\me\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: HTTPS-Everywhere - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\https-everywhere@eff.org [2015-01-23]
FF Extension: Ghostery - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\firefox@ghostery.com.xpi [2015-01-16]
FF Extension: MEGA - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\firefox@mega.co.nz.xpi [2015-01-17]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-16]
FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-16]
FF Extension: BetterPrivacy - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\jtegpown.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-19]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-08-26] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [125168 2014-10-03] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [338944 2013-08-11] (IDT, Inc.) [File not signed]
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-08-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [225008 2014-10-03] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [74344 2013-07-03] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-12-03] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [799944 2014-12-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [68616 2014-12-03] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [77512 2014-12-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
S3 ute4ntkz; C:\windows\SysWOW64\Drivers\ute4ntkz.sys [7168 2015-02-01] () [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065472 2013-08-30] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 cpuz138; \??\C:\windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\windows\TEMP\GPUZ.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 02:23 - 2015-02-05 02:24 - 00019934 _____ () C:\Users\me\Desktop\FRST.txt
2015-02-05 02:23 - 2015-02-05 02:24 - 00000000 ____D () C:\FRST
2015-02-05 02:22 - 2015-02-05 02:22 - 02131968 _____ (Farbar) C:\Users\me\Desktop\FRST64.exe
2015-02-05 02:21 - 2015-02-05 02:21 - 02131968 _____ (Farbar) C:\Users\me\Downloads\FRST64.exe
2015-02-04 18:30 - 2015-02-04 13:18 - 2894074990 _____ () C:\Users\me\Desktop\Game.of.Thrones.S04.E02.REMUX-BlaZeHD.mkv
2015-02-04 06:07 - 2015-02-04 04:50 - 4034393979 _____ () C:\Users\me\Desktop\Game.of.Thrones.S04.E01.REMUX-BlaZeHD.mkv
2015-02-04 02:44 - 2015-02-04 02:44 - 3437363200 _____ () C:\Users\me\Downloads\Windows.iso
2015-02-04 01:26 - 2015-02-04 01:26 - 00001608 _____ () C:\Users\me\Desktop\Gone Home.lnk
2015-02-04 01:26 - 2015-02-04 01:26 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gone Home 1.0
2015-02-04 01:25 - 2015-02-04 01:25 - 00001539 _____ () C:\Users\me\Desktop\Cat-A-Cat GAMES.lnk
2015-02-04 01:25 - 2015-02-04 01:25 - 00000000 ____D () C:\Games
2015-02-03 20:30 - 2015-02-04 02:56 - 00000000 __RHD () C:\ESD
2015-02-03 20:27 - 2015-02-03 20:27 - 01483336 _____ (Microsoft Corporation) C:\Users\me\Downloads\mediacreationtool.exe
2015-02-03 00:46 - 2015-02-03 00:46 - 00007609 _____ () C:\Users\me\AppData\Local\Resmon.ResmonCfg
2015-02-02 04:14 - 2015-02-02 04:32 - 1143333888 _____ () C:\DriveC.vhd
2015-02-02 00:44 - 2015-02-02 00:44 - 15945984 _____ () C:\Users\me\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.20-96996.vbox-extpack
2015-02-02 00:33 - 2015-02-02 23:01 - 00000000 ____D () C:\Users\me\VirtualBox VMs
2015-02-02 00:30 - 2015-02-03 03:08 - 00000000 ____D () C:\Users\me\.VirtualBox
2015-02-02 00:29 - 2015-02-02 00:29 - 00001103 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-02-02 00:29 - 2015-02-02 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-02-02 00:29 - 2015-02-02 00:29 - 00000000 ____D () C:\Program Files\Oracle
2015-02-02 00:29 - 2014-11-24 12:07 - 00916024 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxDrv.sys
2015-02-02 00:29 - 2014-11-24 12:07 - 00128080 _____ (Oracle Corporation) C:\windows\system32\Drivers\VBoxUSBMon.sys
2015-02-02 00:25 - 2015-02-02 00:27 - 110587080 _____ (Oracle Corporation) C:\Users\me\Downloads\VirtualBox-4.3.20-96997-Win.exe
2015-02-01 02:36 - 2015-02-01 02:37 - 01054760 _____ () C:\Users\me\Downloads\GetSystemInfo5.0.zip
2015-02-01 02:33 - 2015-02-01 14:21 - 00007168 _____ () C:\windows\SysWOW64\Drivers\ute4ntkz.sys
2015-02-01 02:31 - 2015-02-01 02:31 - 00000000 ____D () C:\Users\me\Downloads\avz4
2015-02-01 02:30 - 2015-02-01 02:31 - 09370136 _____ () C:\Users\me\Downloads\avz4.zip
2015-01-31 20:23 - 2015-01-31 20:25 - 21227848 _____ (SUPERAntiSpyware) C:\Users\me\Downloads\SUPERAntiSpyware.exe
2015-01-31 18:11 - 2015-02-02 01:29 - 00000000 ____D () C:\AdwCleaner
2015-01-31 18:09 - 2015-01-31 18:09 - 02194432 _____ () C:\Users\me\Downloads\adwcleaner_4.109.exe
2015-01-31 17:20 - 2015-02-01 22:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 17:20 - 2015-01-31 17:20 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 17:20 - 2015-01-31 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 17:20 - 2015-01-31 17:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-31 17:20 - 2015-01-31 17:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 17:20 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-31 17:20 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-31 17:20 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-30 21:46 - 2015-01-30 21:46 - 683145250 _____ () C:\windows\MEMORY.DMP
2015-01-30 21:46 - 2015-01-30 21:46 - 00330944 _____ () C:\windows\Minidump\013015-21640-01.dmp
2015-01-30 21:46 - 2015-01-30 21:46 - 00000000 ____D () C:\windows\Minidump
2015-01-30 17:49 - 2015-01-30 23:43 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-01-30 15:17 - 2015-01-30 15:29 - 316293120 _____ () C:\Users\me\Downloads\kav_rescue_10.iso
2015-01-30 15:14 - 2010-08-19 19:22 - 00409600 _____ (Kaspersky Lab ZAO) C:\Users\me\Documents\rescue2usb.exe
2015-01-30 15:14 - 2010-08-16 17:02 - 00019181 ____R () C:\Users\me\Documents\license_notice.txt
2015-01-30 15:14 - 2010-06-22 13:39 - 00000237 _____ () C:\Users\me\Documents\syslinux.cfg
2015-01-30 15:14 - 2010-04-01 11:01 - 00028160 _____ () C:\Users\me\Documents\syslinux.exe
2015-01-30 15:14 - 2009-10-16 16:43 - 00237849 _____ () C:\Users\me\Documents\grub.exe
2015-01-30 06:44 - 2015-01-30 06:51 - 129983728 _____ (Microsoft Corporation) C:\Users\me\Downloads\msert.exe
2015-01-29 23:50 - 2015-01-30 15:01 - 00000000 ____D () C:\Users\me\Downloads\Kaspersky Rescue2Usb
2015-01-29 23:27 - 2015-01-30 15:06 - 00387584 _____ () C:\Users\me\Downloads\rescue2usb.exe
2015-01-29 06:39 - 2015-01-29 06:39 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-29 06:39 - 2015-01-29 06:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-29 06:38 - 2015-01-29 06:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-01-28 05:28 - 2015-01-28 06:22 - 00000000 ____D () C:\Users\me\Downloads\rhz
2015-01-28 02:17 - 2014-10-10 17:50 - 00000000 ____D () C:\Users\me\Documents\Guru3D.com
2015-01-28 02:16 - 2015-01-28 02:16 - 00228175 _____ () C:\Users\me\Downloads\NV-Inspector-[Guru3D.com].rar
2015-01-26 18:21 - 2015-01-26 18:21 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-26 18:21 - 2015-01-26 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 06:43 - 2015-01-22 06:43 - 00000000 ____D () C:\Users\me\Documents\VLC
2015-01-22 03:31 - 2015-01-22 03:31 - 00002425 _____ () C:\Users\me\AppData\Local\recently-used.xbel
2015-01-22 03:30 - 2015-01-22 03:31 - 00000000 ____D () C:\Users\me\AppData\Local\gtk-2.0
2015-01-22 03:20 - 2015-01-22 03:20 - 00000000 ____D () C:\Users\me\.thumbnails
2015-01-21 18:21 - 2015-01-22 03:34 - 00000000 ____D () C:\Users\me\.gimp-2.8
2015-01-21 18:21 - 2015-01-21 18:21 - 00000000 ____D () C:\Users\me\AppData\Local\gegl-0.2
2015-01-21 18:18 - 2015-01-21 18:18 - 00000921 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-21 18:18 - 2015-01-21 18:18 - 00000909 _____ () C:\Users\Public\Desktop\GIMP 2.lnk
2015-01-21 18:18 - 2015-01-21 18:18 - 00000000 ____D () C:\Program Files\GIMP 2
2015-01-21 18:00 - 2015-01-21 18:16 - 91931728 _____ (The GIMP Team ) C:\Users\me\Downloads\gimp-2.8.14-setup-1.exe
2015-01-21 06:52 - 2015-01-21 06:52 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2015-01-21 06:50 - 2014-10-15 13:56 - 02812448 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00768104 _____ (Intel Corporation) C:\windows\system32\Gfxv4_0.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00764520 _____ (Intel Corporation) C:\windows\system32\Gfxv2_0.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00471656 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00456808 _____ () C:\windows\system32\igfxTray.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00454416 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys
2015-01-21 06:50 - 2014-10-15 13:56 - 00417896 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00355328 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-01-21 06:50 - 2014-10-15 13:56 - 00290816 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-01-21 06:50 - 2014-10-15 13:56 - 00279144 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00195176 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00154728 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00087144 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2015-01-21 06:50 - 2014-10-15 13:56 - 00086632 _____ (Intel Corporation) C:\windows\system32\DPTopologyAppv2_0.exe
2015-01-21 06:41 - 2015-01-21 06:41 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-01-21 06:35 - 2015-01-21 06:35 - 02333416 _____ (Intel) C:\Users\me\Downloads\Intel Driver Update Utility Installer.exe
2015-01-21 06:35 - 2015-01-21 06:35 - 00001193 _____ () C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-01-21 06:35 - 2015-01-21 06:35 - 00000000 ____D () C:\Users\me\AppData\Local\Intel
2015-01-21 06:35 - 2015-01-21 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-01-21 06:35 - 2015-01-21 06:35 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility
2015-01-21 04:50 - 2015-02-04 05:58 - 00000000 ____D () C:\Users\me\AppData\Roaming\vlc
2015-01-21 04:50 - 2015-01-21 04:50 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-21 04:50 - 2015-01-21 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-21 04:48 - 2015-01-21 04:49 - 24743106 _____ () C:\Users\me\Downloads\vlc-2.1.5-win32(1).exe
2015-01-21 04:40 - 2015-02-03 23:56 - 00000000 ____D () C:\Users\me\Desktop\myball
2015-01-20 05:38 - 2015-01-21 01:01 - 00000000 ____D () C:\Users\me\AppData\Roaming\NVIDIA
2015-01-20 05:31 - 2015-01-20 05:32 - 00000000 ____D () C:\Users\me\AppData\Local\NVIDIA Corporation
2015-01-20 05:31 - 2015-01-20 05:31 - 00001374 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-01-20 05:30 - 2015-01-20 05:31 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-20 05:30 - 2015-01-20 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-01-20 05:30 - 2015-01-20 05:30 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-20 05:30 - 2015-01-20 05:30 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-01-20 05:30 - 2014-12-13 10:03 - 06859408 _____ (NVIDIA Corporation) C:\windows\system32\nvcpl.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 03513488 _____ (NVIDIA Corporation) C:\windows\system32\nvsvc64.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 02558608 _____ (NVIDIA Corporation) C:\windows\system32\nvsvcr.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 01097360 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshext.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 00935240 _____ (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
2015-01-20 05:30 - 2014-12-13 10:03 - 00628040 _____ (NVIDIA Corporation) C:\windows\SysWOW64\oemdspif.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 00386368 _____ (NVIDIA Corporation) C:\windows\system32\nvmctray.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 00075080 _____ (NVIDIA Corporation) C:\windows\system32\nv3dappshextr.dll
2015-01-20 05:30 - 2014-12-13 10:03 - 00062608 _____ (NVIDIA Corporation) C:\windows\system32\nvshext.dll
2015-01-20 05:30 - 2014-12-13 02:11 - 02824504 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2015-01-20 05:30 - 2014-12-13 02:11 - 02210040 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2015-01-20 05:30 - 2014-12-13 02:11 - 01715224 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2015-01-20 05:30 - 2014-12-13 02:11 - 01291464 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2015-01-20 05:30 - 2014-12-13 01:11 - 04151176 _____ () C:\windows\system32\nvcoproc.bin
2015-01-20 05:29 - 2014-12-13 12:08 - 32099472 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 25460552 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 24764232 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 20465808 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 18594432 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 17264312 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 16040184 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 14128496 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 13288360 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 13202520 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 10770120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 10710160 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 10345280 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2015-01-20 05:29 - 2014-12-13 12:08 - 03610440 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 03293136 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 03248968 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 02897824 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 01895056 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434709.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 01556624 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434709.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00968336 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00942400 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00928072 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00906560 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00496272 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00399688 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00391488 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00346944 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00178632 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00165760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2015-01-20 05:29 - 2014-12-13 12:08 - 00027983 _____ () C:\windows\system32\nvinfo.pb
2015-01-20 05:29 - 2014-11-22 12:46 - 00038032 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvvad64v.sys
2015-01-20 05:29 - 2014-11-22 12:46 - 00035472 _____ (NVIDIA Corporation) C:\windows\system32\nvaudcap64v.dll
2015-01-20 05:29 - 2014-11-22 12:46 - 00032400 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvaudcap32v.dll
2015-01-20 05:28 - 2015-01-20 05:28 - 00000000 ____D () C:\NVIDIA
2015-01-20 04:44 - 2015-01-20 05:01 - 307606328 _____ (NVIDIA Corporation) C:\Users\me\Downloads\347.09-notebook-win8-win7-64bit-international-whql.exe
2015-01-20 04:20 - 2010-06-29 05:44 - 00000000 ____D () C:\Users\me\Downloads\OptimusTools_64bit
2015-01-20 04:19 - 2015-01-20 04:20 - 01170043 _____ (Igor Pavlov) C:\Users\me\Downloads\OptimusTools_64bit.exe
2015-01-20 03:32 - 2015-01-20 03:32 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-20 03:30 - 2015-01-20 16:24 - 00000000 ____D () C:\Users\me\AppData\Local\Popcorn-Time
2015-01-20 03:29 - 2015-01-20 03:29 - 00002216 _____ () C:\Users\me\Desktop\Popcorn Time.lnk
2015-01-20 03:29 - 2015-01-20 03:29 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-01-20 03:29 - 2015-01-20 03:29 - 00000000 ____D () C:\Users\me\AppData\Local\Popcorn Time
2015-01-20 03:28 - 2015-01-20 03:29 - 24743106 _____ () C:\Users\me\Downloads\vlc-2.1.5-win32.exe
2015-01-20 03:24 - 2015-01-20 03:24 - 00000000 ____D () C:\Users\me\AppData\Local\eclipse
2015-01-20 03:24 - 2015-01-20 03:24 - 00000000 ____D () C:\Users\me\.swt
2015-01-20 03:22 - 2015-01-20 03:22 - 00001032 _____ () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zona.lnk
2015-01-20 03:22 - 2015-01-20 03:22 - 00001002 _____ () C:\Users\me\Desktop\Zona.lnk
2015-01-20 03:22 - 2015-01-20 03:22 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 03:22 - 2015-01-20 03:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-20 03:19 - 2015-01-20 03:22 - 00000000 ____D () C:\Program Files (x86)\Zona
2015-01-20 03:17 - 2015-01-20 03:27 - 23236288 _____ (Popcorn Official) C:\Users\me\Downloads\Popcorn-Time-0.3.7.1-Setup.exe
2015-01-20 03:05 - 2015-01-20 03:16 - 00000000 ____D () C:\Users\me\AppData\Local\untv
2015-01-20 03:03 - 2015-01-20 03:04 - 47168853 _____ () C:\Users\me\Downloads\untv-0.8.2-win.zip
2015-01-20 02:53 - 2015-01-20 02:58 - 00000000 ____D () C:\Users\me\AppData\Local\Flixtor
2015-01-20 02:50 - 2015-01-20 02:50 - 24873865 _____ ( ) C:\Users\me\Downloads\Flixtor.exe
2015-01-20 02:26 - 2015-01-20 04:49 - 00000000 ____D () C:\Users\me\AppData\Roaming\Zona
2015-01-19 19:35 - 2015-02-05 00:48 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-19 19:35 - 2015-01-19 19:35 - 00002159 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-19 19:35 - 2015-01-19 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-19 19:35 - 2015-01-19 19:35 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-01-19 19:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-01-19 19:34 - 2014-12-03 08:54 - 00799944 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-01-19 19:34 - 2014-12-03 08:54 - 00150536 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-01-19 19:34 - 2014-08-12 17:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-01-19 19:11 - 2015-01-19 19:16 - 202841672 _____ (Kaspersky Lab) C:\Users\me\Downloads\kis15.0.1.415en.exe
2015-01-17 18:23 - 2015-01-20 16:22 - 00000000 ____D () C:\Users\me\AppData\Local\Google
2015-01-17 18:23 - 2015-01-17 18:23 - 00000854 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182269937-568623715-2630426270-1002Core1d03271e18776f8.job
2015-01-17 18:23 - 2015-01-17 18:23 - 00000854 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3182269937-568623715-2630426270-1002Core.job
2015-01-17 18:22 - 2015-01-17 18:22 - 00880784 _____ (Google Inc.) C:\Users\me\Downloads\GoogleVoiceAndVideoSetup.exe
2015-01-17 06:26 - 2015-02-05 02:24 - 00000000 ____D () C:\Users\me\AppData\Roaming\tixati
2015-01-17 06:23 - 2015-01-21 01:56 - 00000851 _____ () C:\Users\me\Desktop\Tixati.lnk
2015-01-17 06:23 - 2015-01-17 06:23 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-01-17 06:23 - 2015-01-17 06:23 - 00000000 ____D () C:\Program Files\tixati
2015-01-17 06:22 - 2015-01-17 06:22 - 11177760 _____ () C:\Users\me\Downloads\tixati-1.99-1.win64-install.exe
2015-01-17 06:14 - 2015-01-31 18:38 - 00001449 _____ () C:\Users\me\Documents\DesignLibrary_Photoshop.log
2015-01-17 06:03 - 2015-01-17 06:03 - 00000118 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-01-17 05:52 - 2015-01-17 05:52 - 00000000 ___RD () C:\Users\me\Creative Cloud Files
2015-01-17 05:51 - 2015-01-17 05:51 - 00001340 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2015-01-17 05:51 - 2015-01-17 05:51 - 00001328 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2015-01-17 05:50 - 2015-01-17 06:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-17 05:43 - 2015-01-17 06:05 - 00000000 ____D () C:\Program Files\Adobe
2015-01-17 05:43 - 2015-01-17 05:43 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-01-17 05:43 - 2015-01-17 05:43 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-17 05:40 - 2015-01-17 05:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-17 05:32 - 2015-01-17 05:33 - 00525646 _____ () C:\Users\me\Downloads\adobe.snr.patch-painter.BY.Haroun.rar
2015-01-17 05:26 - 2015-01-17 05:26 - 00344064 _____ () C:\Users\me\Documents\Database1.accdb
2015-01-17 05:23 - 2015-01-21 06:53 - 00000425 _____ () C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-01-17 05:15 - 2015-01-17 05:52 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-17 05:08 - 2015-02-04 18:28 - 00003758 _____ () C:\windows\System32\Tasks\AutoKMS
2015-01-17 05:08 - 2015-01-17 05:24 - 00000000 ____D () C:\windows\AutoKMS
2015-01-17 04:47 - 2015-01-29 06:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-17 04:46 - 2015-01-17 04:46 - 00000000 ____D () C:\windows\PCHEALTH
2015-01-17 04:46 - 2015-01-17 04:46 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-01-17 04:46 - 2015-01-17 04:46 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-17 04:46 - 2015-01-17 04:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-01-17 04:45 - 2015-01-17 04:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-17 04:45 - 2015-01-17 04:45 - 00000000 ____D () C:\Users\me\AppData\Local\Microsoft Help
2015-01-17 04:45 - 2015-01-17 04:45 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-01-17 04:45 - 2015-01-17 04:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-17 04:44 - 2015-01-29 06:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-17 04:44 - 2015-01-17 04:44 - 00000000 __RHD () C:\MSOCache
2015-01-17 02:19 - 2015-01-17 02:19 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-01-17 02:19 - 2015-01-17 02:19 - 00000000 ____D () C:\Users\me\AppData\Roaming\WinRAR
2015-01-17 02:19 - 2015-01-17 02:19 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-17 02:19 - 2015-01-17 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-17 02:18 - 2015-01-17 02:19 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-17 02:18 - 2015-01-17 02:18 - 01985608 _____ () C:\Users\me\Downloads\winrar-x64-521b1ar.exe
2015-01-16 21:19 - 2015-01-16 22:13 - 00000022 _____ () C:\windows\GPU-Z.INI
2015-01-16 21:19 - 2015-01-16 21:19 - 00000000 ____D () C:\Temp
2015-01-16 21:18 - 2015-01-16 21:19 - 00000000 ____D () C:\Users\me\Documents\3DMark
2015-01-16 21:18 - 2015-01-16 21:18 - 00000000 ____D () C:\Users\me\AppData\Local\Futuremark
2015-01-16 21:17 - 2015-01-16 21:17 - 00001227 _____ () C:\Users\Public\Desktop\3DMark.lnk
2015-01-16 21:17 - 2015-01-16 21:17 - 00000000 ____D () C:\Program Files\Futuremark
2015-01-16 21:16 - 2015-01-16 21:16 - 00000193 _____ () C:\windows\DirectX.log
2015-01-16 21:16 - 2015-01-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-01-16 21:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2015-01-16 21:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2015-01-16 21:16 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2015-01-16 21:16 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2015-01-16 21:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2015-01-16 21:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2015-01-16 21:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2015-01-16 21:16 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2015-01-16 21:16 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2015-01-16 21:14 - 2015-01-16 21:14 - 00000000 ____D () C:\Users\me\Downloads\redist
2015-01-16 19:20 - 2015-01-16 19:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\WebApp
2015-01-16 19:19 - 2014-12-31 13:14 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-16 19:18 - 2015-01-16 19:18 - 00000000 ____D () C:\Users\me\Documents\Lenovo
2015-01-16 19:18 - 2015-01-16 19:18 - 00000000 ____D () C:\Users\me\AppData\Roaming\Lenovo
2015-01-16 19:05 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2015-01-16 19:05 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2015-01-16 19:03 - 2015-01-16 19:04 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 19:03 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-16 19:01 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2015-01-16 19:00 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-01-16 19:00 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-01-16 19:00 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-01-16 18:59 - 2014-11-10 04:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll
2015-01-16 18:59 - 2014-11-10 03:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-01-16 18:59 - 2014-10-31 01:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-01-16 18:59 - 2014-10-31 01:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-01-16 18:57 - 2014-09-22 05:06 - 00258368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-01-16 18:57 - 2014-09-22 05:06 - 00114496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-01-16 18:57 - 2014-09-22 04:49 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-01-16 18:57 - 2014-09-03 00:08 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\winshfhc.dll
2015-01-16 18:57 - 2014-09-03 00:08 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\winshfhc.dll
2015-01-16 18:57 - 2014-03-20 05:41 - 00376152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys
2015-01-16 18:57 - 2014-03-13 14:35 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wof.sys
2015-01-16 18:57 - 2014-03-06 11:24 - 00111616 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2015-01-16 18:57 - 2014-03-06 11:24 - 00033280 ____C (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2015-01-16 18:57 - 2014-03-06 11:22 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2015-01-16 18:57 - 2014-03-06 11:19 - 00283648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-01-16 18:57 - 2014-03-06 11:19 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-01-16 18:56 - 2014-12-09 03:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-16 18:56 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-01-16 18:56 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-16 18:56 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-01-16 18:56 - 2014-11-22 04:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-01-16 18:56 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-01-16 18:56 - 2014-11-22 04:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-01-16 18:56 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-01-16 18:56 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-01-16 18:56 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-01-16 18:56 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-16 18:56 - 2014-11-22 04:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-01-16 18:56 - 2014-11-22 04:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-01-16 18:56 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-01-16 18:56 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-01-16 18:56 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-01-16 18:56 - 2014-11-22 03:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-01-16 18:56 - 2014-11-22 03:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-01-16 18:56 - 2014-11-22 03:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-01-16 18:56 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-01-16 18:56 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-01-16 18:56 - 2014-11-22 03:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-01-16 18:56 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-01-16 18:56 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-01-16 18:56 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-01-16 18:56 - 2014-11-22 03:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-01-16 18:56 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-01-16 18:56 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-01-16 18:56 - 2014-11-22 03:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-01-16 18:56 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-01-16 18:56 - 2014-11-22 03:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-01-16 18:56 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-01-16 18:56 - 2014-11-22 03:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-01-16 18:56 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-01-16 18:56 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-01-16 18:56 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-01-16 18:56 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-01-16 18:56 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-01-16 18:56 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-01-16 18:56 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-01-16 18:56 - 2014-10-31 07:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2015-01-16 18:56 - 2014-10-31 07:12 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-01-16 18:56 - 2014-10-31 07:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2015-01-16 18:56 - 2014-10-31 07:09 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2015-01-16 18:56 - 2014-10-31 07:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-01-16 18:56 - 2014-10-31 07:06 - 00237568 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-01-16 18:56 - 2014-10-31 07:06 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-01-16 18:56 - 2014-10-31 07:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-01-16 18:56 - 2014-10-31 06:57 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-01-16 18:56 - 2014-10-31 06:56 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-01-16 18:56 - 2014-10-31 06:54 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2015-01-16 18:56 - 2014-10-31 06:53 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-01-16 18:56 - 2014-10-31 06:52 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\hlink.dll
2015-01-16 18:56 - 2014-10-31 06:51 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-01-16 18:56 - 2014-10-31 06:51 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-01-16 18:56 - 2014-10-31 06:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-01-16 18:56 - 2014-10-31 06:40 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2015-01-16 18:56 - 2014-10-31 06:38 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-01-16 18:56 - 2014-10-31 06:30 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-01-16 18:56 - 2014-10

Edited by Oh My!, 04 February 2015 - 10:09 PM.
Posted log information


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 04 February 2015 - 10:11 PM

Please upload both documents and do not copy and paste the information. I am not getting all of the information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 10:21 PM

here is what you request

b.zip is for the TXT

hubal.zip is for the sys-info

Attached Files

  • Attached File  b.zip   73.07KB   2 downloads
  • Attached File  hubal.zip   64.54KB   0 downloads

Edited by hubal, 04 February 2015 - 10:23 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 04 February 2015 - 10:49 PM

Thank you for the information.

Unfortunately there is evidence of pirated software on your computer and I am going to request you remove it before we continue. If you are willing to do that please do so and let me know when it has been completed and we will carry on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 04 February 2015 - 11:16 PM

can you tell me which one or send me a message with more info, recently iv downloaded a lot of trails and sometimes i leave things

"as is" forgetting to remove them after testing ?  things i barley use


Edited by hubal, 04 February 2015 - 11:19 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:24 AM

Posted 04 February 2015 - 11:24 PM

Adobe Photoshop
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 hubal

hubal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 05 February 2015 - 07:03 AM

ok i uninstall it :(

:offtopic: 

also i do watch torrent tv shows, where i live that doesn't matter. please do not tell me to remove those. i dont sell them or anything, remember not everyone can afford overpriced adobe or paid TV shows. 75% of the world population are poor people. not justifying piracy ,i am just putting things into its perspective


Edited by hubal, 05 February 2015 - 07:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users