Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Colormedia.dll; cmwr.sys; cmwf.sys removal help


  • This topic is locked This topic is locked
22 replies to this topic

#1 jd.mason

jd.mason

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 13 February 2015 - 04:31 PM

Hello, I'm having a problem deleting Colormedia.dll, cmwr.sys, cmwf.sys after I got a PicColor infection. AdwareCleaner found the cmwr.sys and cmwf.sys drivers. Clicked the clean option, but after a reboot they where still there. Tried out Freefixer to remove the drivers, but it wasn't able to delete them thanks to the registry not allowing them to be deleted. Good news is that Freefixer found three places Colormedia.dll was installed.  I tried to delete all the files manually, but I received file to large to move error. Attempted to use Unlocker to delete the files but it wasn't able to delete them either. Also when I try to delete the registries in regedit, I get access is denied. I was reading this topic  AdwCleaner can't remove "cwmf service" looks like he was able to delete the files. I would have tried it but it was personalized for his computer. I hope you will be able help me delete these persistent files.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015

Ran by Justin (administrator) on JUSTIN-PC on 13-02-2015 13:56:22Attached File  Addition_13-02-2015_13-57-13.txt   50.07KB   3 downloads
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available profiles: Justin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
(InCode Solutions) C:\Program Files (x86)\InCode Solutions\RemoveIT Pro 2015 Ultra\removeit.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [RemoveIT Pro v9Ultra] => C:\Program Files (x86)\InCode Solutions\RemoveIT Pro 2015 Ultra\removeit.exe [2769920 2015-01-10] (InCode Solutions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
SearchScopes: HKLM -> {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-22]
FF HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files (x86)\RebateRobot Chrome Extension\rrchrome_opencandy-c2_2_0_1.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3358912 2014-09-21] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-12-17] (Wellbia.com Co., Ltd.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] () [File not signed] <==== ATTENTION
R1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] () [File not signed] <==== ATTENTION
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-02-09] (Glarysoft Ltd)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-29] (INCA Internet Co., Ltd.) [File not signed]
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S3 vproiah; system32\DRIVERS\vproiah.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 13:18 - 2015-02-13 13:18 - 00000056 _____ () C:\Windows\setupact.log
2015-02-13 13:18 - 2015-02-13 13:18 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-13 01:06 - 2015-02-13 01:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-13 01:06 - 2015-02-13 01:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-13 01:05 - 2015-02-13 01:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 00:53 - 2015-02-13 00:53 - 00001483 _____ () C:\Users\Public\Desktop\RemoveIT Pro 2015 Ultra.lnk
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\InCode Solutions
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro 2015 Ultra
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\Program Files (x86)\InCode Solutions
2015-02-13 00:52 - 2015-02-13 00:52 - 09334944 _____ (InCode Solutions ) C:\Users\Justin\Downloads\removeitpro_ultra.exe
2015-02-13 00:44 - 2015-02-13 00:44 - 00000212 _____ () C:\Users\Justin\Downloads\Search.txt
2015-02-13 00:42 - 2015-02-13 00:43 - 00054792 _____ () C:\Users\Justin\Downloads\Addition.txt
2015-02-13 00:40 - 2015-02-13 13:56 - 00024193 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-02-13 00:40 - 2015-02-13 13:56 - 00000000 ____D () C:\FRST
2015-02-13 00:40 - 2015-02-13 00:40 - 02134016 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-02-12 23:58 - 2015-02-12 23:58 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Justin\Downloads\SpyHunter-Installer.exe
2015-02-12 23:40 - 2015-02-12 23:40 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 23:40 - 2015-02-12 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 23:40 - 2015-02-12 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 23:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 23:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 22:55 - 2015-02-12 22:57 - 00000000 ____D () C:\Users\Justin\Downloads\Autoruns
2015-02-12 22:55 - 2015-02-12 22:55 - 00573697 _____ () C:\Users\Justin\Downloads\Autoruns.zip
2015-02-12 22:49 - 2015-02-12 22:51 - 00000000 ____D () C:\Program Files\Unlocker
2015-02-12 22:49 - 2015-02-12 22:49 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-02-12 22:31 - 2015-02-12 22:31 - 00402911 _____ () C:\Users\Justin\Downloads\Unlocker1.9.2.exe
2015-02-12 22:26 - 2015-02-12 22:36 - 00000172 _____ () C:\Windows\SysWOW64\Partizan.RRI
2015-02-12 22:26 - 2015-02-12 22:26 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2015-02-12 22:23 - 2015-02-12 22:23 - 00000000 ____D () C:\ProgramData\RegRun
2015-02-12 22:22 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-02-12 22:22 - 2015-02-12 22:26 - 00000000 ____D () C:\Users\Justin\Documents\RegRun2
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2015-02-12 22:22 - 2015-02-12 22:22 - 00000000 ____D () C:\Users\Justin\Downloads\unhackmeb
2015-02-12 22:19 - 2015-02-12 22:21 - 16607035 _____ () C:\Users\Justin\Downloads\unhackmeb.zip
2015-02-12 21:37 - 2010-03-08 03:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2015-02-12 21:12 - 2015-02-12 21:38 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\FreeFixer
2015-02-12 21:12 - 2015-02-12 21:21 - 00000000 ____D () C:\Users\Justin\AppData\Local\FreeFixer
2015-02-12 21:12 - 2015-02-12 21:12 - 00000000 ____D () C:\Program Files\FreeFixer
2015-02-12 21:00 - 2015-02-12 23:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 21:00 - 2015-02-12 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 21:00 - 2015-02-12 21:01 - 02666167 _____ (Kephyr) C:\Users\Justin\Downloads\freefixersetup.exe
2015-02-12 20:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 20:48 - 2015-02-12 20:50 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.08.3.1004.exe
2015-02-12 20:35 - 2015-02-12 20:36 - 05325808 _____ (Piriform Ltd) C:\Users\Justin\Downloads\ccsetup502pro.exe
2015-02-12 20:25 - 2015-02-12 20:44 - 00000000 ____D () C:\Users\Justin\Documents\Combo fix Log
2015-02-12 20:23 - 2015-02-12 20:23 - 00036826 _____ () C:\ComboFix.txt
2015-02-12 20:14 - 2015-02-12 20:14 - 00028672 _____ () C:\Windows\system32\config\system.gu
2015-02-12 19:54 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 19:54 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 19:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 19:42 - 2015-02-12 20:23 - 00000000 ____D () C:\Qoobox
2015-02-12 19:42 - 2015-02-12 20:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 19:39 - 2015-02-12 19:41 - 05611930 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2015-02-12 18:55 - 2015-02-12 18:55 - 00003600 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Scanning
2015-02-12 18:55 - 2015-02-12 18:55 - 00003528 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Autostart
2015-02-12 18:51 - 2015-02-12 18:51 - 07365120 _____ (Safebytes) C:\Users\Justin\Downloads\TotalSystemCare_Installer.exe
2015-02-12 18:49 - 2015-02-12 18:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 18:48 - 2015-02-12 18:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Justin\Downloads\revosetup.exe
2015-02-12 16:59 - 2015-02-02 11:13 - 01388274 _____ (Thisisu) C:\Users\Justin\Desktop\JRT_NEW.exe
2015-02-12 16:46 - 2015-02-12 16:46 - 01388274 _____ (Thisisu) C:\Users\Justin\Downloads\JRT (1).exe
2015-02-12 02:21 - 2015-01-22 20:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 02:21 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 02:20 - 2015-01-22 21:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 02:20 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 01:45 - 2015-02-12 01:45 - 17709352 _____ (Adobe Systems Inc.) C:\Users\Justin\Downloads\Adobe_Air_v16.0.0.245.exe
2015-02-12 01:12 - 2015-02-12 01:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-12 01:11 - 2015-02-12 01:11 - 00849352 _____ () C:\Users\Justin\Downloads\AppManagerSetup_1.47.exe
2015-02-11 23:17 - 2015-02-11 23:52 - 106666301 _____ () C:\Users\Justin\Downloads\LOP.DIDI.rar
2015-02-11 17:49 - 2015-02-11 17:49 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\AMD
2015-02-11 17:35 - 2015-02-11 17:35 - 00000000 ____D () C:\ProgramData\ATI
2015-02-11 17:34 - 2015-02-11 17:34 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\library_dir
2015-02-11 17:33 - 2015-02-11 17:33 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201502111733358462.log
2015-02-11 17:33 - 2015-02-11 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-11 17:33 - 2015-02-11 17:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-11 17:32 - 2015-02-11 17:32 - 00018637 _____ () C:\Windows\SysWOW64\CCCInstall_201502111732192969.log
2015-02-11 17:32 - 2015-02-11 17:32 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-11 17:30 - 2015-02-11 17:31 - 00000000 ____D () C:\Program Files\AMD
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-02-11 17:28 - 2015-02-11 17:28 - 00000000 ____D () C:\AMD
2015-02-11 17:24 - 2015-02-11 17:24 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Justin\Downloads\autodetectutility.exe
2015-02-11 16:41 - 2015-02-11 17:32 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-11 16:41 - 2015-02-11 16:41 - 00000000 ____D () C:\Program Files\ATI
2015-02-11 12:10 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 12:10 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 12:10 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 12:10 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 07:55 - 2015-02-11 07:58 - 104597312 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Justin\Downloads\sp46260.exe
2015-02-11 07:52 - 2015-02-11 07:52 - 05165056 _____ () C:\Users\Justin\Downloads\HPSupportSolutionsFramework-11.51.0048.msi
2015-02-11 07:27 - 2015-02-11 07:27 - 00000000 ____D () C:\663058c33701b990d8d1b8b73e70b6
2015-02-11 01:29 - 2015-02-11 01:29 - 00000000 ____D () C:\8631c53844f73fb3e3ae2e860f9a6b
2015-02-10 15:49 - 2015-02-03 20:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 15:49 - 2015-02-03 20:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 15:49 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 15:48 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 15:48 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 15:48 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 15:48 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 15:48 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 15:48 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 15:48 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 15:48 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 15:48 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 15:48 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 15:48 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 15:48 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 15:48 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 15:48 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 15:48 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 15:48 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 15:48 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 15:48 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 15:48 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 15:48 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 15:48 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 15:48 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 15:48 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 15:48 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 15:48 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 15:48 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 15:48 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 15:48 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 15:48 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 15:48 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 15:48 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 15:48 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 15:48 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 15:48 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 15:48 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 15:48 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 15:48 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 15:48 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 15:48 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 15:48 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 15:48 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 15:48 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 15:48 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 15:48 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 15:48 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 15:48 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 15:47 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 15:47 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 15:47 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 15:47 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 15:47 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 15:47 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 15:47 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 15:47 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 15:47 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 15:47 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 15:47 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 15:47 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 15:47 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 15:47 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 15:47 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 15:47 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 15:47 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 15:47 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 15:47 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 15:47 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 15:47 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 15:47 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 15:47 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 15:47 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 15:47 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 15:47 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 15:47 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 15:47 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 15:47 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 15:47 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 15:47 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 15:47 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 15:47 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 15:47 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 15:46 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 00:22 - 2015-02-12 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-10 00:21 - 2015-02-10 00:21 - 02112512 _____ () C:\Users\Justin\Downloads\AdwCleaner.exe
2015-02-10 00:08 - 2015-02-01 19:22 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2015-02-10 00:04 - 2015-02-10 00:04 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Auslogics
2015-02-10 00:03 - 2015-02-10 00:03 - 07866608 _____ (Auslogics Software Pty Ltd ) C:\Users\Justin\Downloads\disk-defrag-setup_3600.exe
2015-02-09 23:19 - 2015-02-09 23:19 - 02333416 _____ (Intel) C:\Users\Justin\Downloads\Intel Driver Update Utility Installer.exe
2015-02-09 23:19 - 2015-02-09 23:19 - 00000000 ____D () C:\Users\Justin\AppData\Local\Intel
2015-02-09 23:13 - 2015-02-09 23:13 - 00000000 ____D () C:\Users\Justin\Downloads\DirectX_11_Setup
2015-02-09 23:09 - 2015-02-09 23:11 - 100655797 _____ () C:\Users\Justin\Downloads\DirectX_11_Setup.zip
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-02-09 22:15 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-02-09 22:15 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-09 22:15 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-02-09 22:15 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-02-09 22:15 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-02-09 22:15 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-02-09 22:15 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-02-09 22:15 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-02-09 22:15 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-02-09 22:15 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-02-09 22:15 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-02-09 22:15 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-02-09 22:15 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-02-09 22:15 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-02-09 22:15 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-02-09 22:13 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-02-09 22:13 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-02-09 22:13 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-09 22:13 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-02-09 22:04 - 2015-02-09 22:04 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup (1).exe
2015-02-09 21:57 - 2015-02-09 21:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Easeware
2015-02-09 21:56 - 2015-02-09 21:56 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup.exe
2015-02-09 21:54 - 2015-02-09 21:55 - 125683715 _____ (Realtek Semiconductor Corp.) C:\Users\Justin\Downloads\realtek_high_definition_audio_6.0.1.7246.exe
2015-02-09 21:54 - 2015-02-09 21:54 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\PC-Doctor
2015-02-09 21:05 - 2015-02-13 13:35 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-09 21:05 - 2015-02-13 13:34 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-09 21:05 - 2015-02-09 21:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\GlarySoft
2015-02-09 21:05 - 2015-02-09 21:05 - 14920448 _____ () C:\Users\Justin\Downloads\gu5setup.exe
2015-02-09 21:05 - 2015-02-09 21:05 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00002976 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-02-09 21:05 - 2015-02-09 21:05 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-02-09 21:05 - 2015-02-09 21:05 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-09 21:05 - 2015-02-09 21:05 - 00001046 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\DiskDefrag
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-02-09 14:04 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 14:03 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-09 14:03 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-09 01:21 - 2015-02-09 01:21 - 00003338 _____ () C:\Windows\System32\Tasks\{5A6D67DB-C02E-411B-96AA-541B9688B18B}
2015-02-08 13:58 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-08 13:58 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-08 13:58 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-08 13:58 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-08 13:57 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-08 13:57 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-08 13:57 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-08 13:57 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-08 13:57 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-08 13:57 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-08 13:57 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-08 13:57 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-08 13:57 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-08 13:57 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-08 13:57 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-07 22:57 - 2012-11-14 14:36 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2015-02-07 22:57 - 2012-11-14 14:36 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2015-01-30 02:57 - 2015-01-30 02:57 - 00681148 _____ () C:\Users\Justin\Downloads\lefemmarmor1.1.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00623731 _____ () C:\Users\Justin\Downloads\entertainers.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00467884 _____ () C:\Users\Justin\Downloads\firemoth1.1.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00273049 _____ () C:\Users\Justin\Downloads\adamantiumarmor.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00174668 _____ () C:\Users\Justin\Downloads\ebartifact.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00044071 _____ () C:\Users\Justin\Downloads\bittercoastsounds.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00006958 _____ () C:\Users\Justin\Downloads\area_effect_arrows.zip
2015-01-30 02:50 - 2015-01-30 02:50 - 00033998 _____ () C:\Users\Justin\Downloads\masterindex.zip
2015-01-29 15:44 - 2015-01-29 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-29 15:44 - 2015-01-29 15:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-24 19:39 - 2015-01-24 19:39 - 05876119 _____ () C:\Users\Justin\Downloads\Morrowind Code Patch-19510-2-1.zip
2015-01-24 18:19 - 2015-01-24 18:19 - 00003036 _____ () C:\Windows\System32\Tasks\{03004C98-9DEF-4D7E-BB95-F2DB46BC1A34}
2015-01-24 17:51 - 2015-01-24 17:51 - 00002153 _____ () C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
2015-01-24 17:51 - 2015-01-24 17:51 - 00000000 ____D () C:\Program Files (x86)\directx
2015-01-24 17:45 - 2015-01-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-01-24 17:45 - 2015-01-24 17:45 - 00001042 _____ () C:\Users\Public\Desktop\Morrowind.lnk
2015-01-24 17:32 - 2015-02-04 17:31 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 17:22 - 2015-01-24 17:22 - 00000000 ____D () C:\Users\Justin\AppData\Local\Morrowind
2015-01-19 19:45 - 2015-01-19 19:46 - 03058976 _____ () C:\Users\Justin\Downloads\HeroesAndGenerals-setup-100297.exe
2015-01-18 22:51 - 2015-01-21 00:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-18 22:50 - 2015-01-18 22:50 - 14087848 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\mseinstall.exe
2015-01-17 21:18 - 2015-01-17 21:18 - 01707939 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe
2015-01-17 19:56 - 2015-02-12 21:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 19:54 - 2015-01-17 19:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Justin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 18:31 - 2015-01-17 18:32 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Justin\Downloads\sh-remover.exe
2015-01-17 18:24 - 2015-01-17 18:24 - 00000000 ____D () C:\shoplog
2015-01-17 17:46 - 2015-02-06 14:05 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-17 17:46 - 2015-01-17 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-17 17:45 - 2015-02-13 13:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 17:45 - 2015-02-13 00:59 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 17:45 - 2015-02-04 15:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-17 17:45 - 2015-02-04 15:54 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-17 17:45 - 2015-01-17 17:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-17 16:48 - 2015-01-07 21:07 - 00045216 _____ () C:\Windows\system32\Drivers\cmwr.sys
2015-01-17 16:48 - 2015-01-07 21:07 - 00033952 _____ () C:\Windows\system32\Drivers\cmwf.sys
2015-01-17 16:48 - 2015-01-07 20:54 - 00370688 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-01-17 16:48 - 2015-01-07 20:54 - 00324776 _____ (CartCrunch Israel Ltd.) C:\Windows\SysWOW64\ColorMedia.dll
2015-01-17 16:47 - 2015-01-17 16:59 - 00003172 _____ () C:\Windows\System32\Tasks\GoForFiles Installer Starter
2015-01-17 01:21 - 2015-01-17 01:21 - 353625035 _____ () C:\Users\Justin\Downloads\黑幕私货0.7z
2015-01-14 16:45 - 2015-01-14 16:47 - 81414436 _____ () C:\Users\Justin\Downloads\SkyTEST - Realistic Animals and Predators 1_38-10175-1-38.rar
2015-01-14 16:45 - 2015-01-14 16:45 - 00055044 _____ () C:\Users\Justin\Downloads\SkyTEST - Realistic Animals and Predators - Dragonborn-10175-1-35.7z
2015-01-14 16:45 - 2015-01-14 16:45 - 00002183 _____ () C:\Users\Justin\Downloads\SkyTEST - Realistic Animals and Predators - Dawnguard-10175-1-28.7z
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-13 13:37 - 2010-07-08 17:16 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000UA.job
2015-02-13 13:34 - 2014-07-15 19:10 - 00000000 ____D () C:\Users\Justin\AppData\Local\LogMeIn Hamachi
2015-02-13 13:34 - 2011-02-03 21:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-13 13:31 - 2012-03-29 21:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-13 13:26 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 13:26 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 13:24 - 2010-05-20 11:29 - 01465770 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 13:23 - 2010-10-15 10:21 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-13 13:19 - 2012-08-28 20:13 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-13 13:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 01:14 - 2012-08-13 23:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Media Player Classic
2015-02-13 01:13 - 2010-07-15 15:17 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-02-13 01:13 - 2010-03-19 10:08 - 00000000 ____D () C:\Windows\Panther
2015-02-13 01:05 - 2012-07-17 10:33 - 00000000 ____D () C:\Users\Justin\AppData\Local\Skyrim
2015-02-12 20:23 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-02-12 20:16 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-12 20:14 - 2010-07-08 15:47 - 00000000 ____D () C:\Users\Justin
2015-02-12 20:14 - 2009-07-13 19:34 - 30932992 _____ () C:\Windows\system32\config\system.gu.bak
2015-02-12 20:14 - 2009-07-13 19:34 - 101449728 _____ () C:\Windows\system32\config\software.gu.bak
2015-02-12 20:14 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2015-02-12 20:13 - 2009-07-13 19:34 - 00524288 _____ () C:\Windows\system32\config\default.gu.bak
2015-02-12 20:13 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.gu.bak
2015-02-12 19:49 - 2012-05-12 11:20 - 00001830 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-12 17:39 - 2011-12-05 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
2015-02-12 17:39 - 2010-09-18 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3
2015-02-12 17:39 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 16:37 - 2010-07-08 17:16 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000Core.job
2015-02-12 01:46 - 2014-08-19 23:24 - 00000000 ____D () C:\Users\Justin\AppData\Local\Adobe
2015-02-11 17:33 - 2012-07-01 17:35 - 00000000 ____D () C:\ProgramData\AMD
2015-02-11 14:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 13:56 - 2014-12-10 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 13:56 - 2014-05-06 15:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 13:34 - 2014-04-20 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 13:33 - 2010-07-08 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 13:33 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 07:53 - 2010-03-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-11 07:16 - 2009-07-13 21:45 - 05060152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 01:29 - 2013-08-13 15:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:19 - 2010-07-10 18:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 22:20 - 2010-03-19 09:21 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-09 22:13 - 2010-03-19 09:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-09 17:17 - 2014-11-08 13:19 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 14:36 - 2012-02-08 19:03 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-02-08 19:51 - 2013-01-18 21:08 - 00000000 ____D () C:\ProgramData\Skype
2015-02-08 14:03 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 23:05 - 2012-03-29 21:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 23:05 - 2012-03-29 21:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 23:05 - 2011-05-19 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 22:58 - 2013-10-23 20:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 22:57 - 2012-11-14 14:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 22:56 - 2012-11-14 14:37 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-07 22:56 - 2012-11-14 14:37 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-07 22:56 - 2012-11-14 14:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-07 22:55 - 2014-10-27 10:41 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 22:55 - 2012-11-14 14:37 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-07 22:54 - 2010-07-18 08:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-04 14:50 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 14:49 - 2014-03-31 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 01:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-18 20:34 - 2012-11-27 14:34 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-01-18 20:34 - 2012-11-27 14:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-01-17 20:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-17 17:44 - 2009-07-13 22:13 - 00006476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 16:47 - 2012-08-15 21:48 - 00000045 _____ () C:\user.js
2015-01-14 11:32 - 2012-11-14 10:36 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
 
==================== Files in the root of some directories =======
 
2013-05-18 23:14 - 2013-05-19 23:09 - 0000005 _____ () C:\Users\Justin\AppData\Roaming\BCT-TTL.DAT
2012-03-07 19:03 - 2012-03-07 19:03 - 0090738 _____ () C:\Users\Justin\AppData\Roaming\icarus-dxdiag.xml
2015-01-17 19:17 - 2015-01-17 20:37 - 0000115 _____ () C:\Users\Justin\AppData\Roaming\LogFile.txt
2013-07-26 23:09 - 2014-10-12 23:09 - 0000230 _____ () C:\Users\Justin\AppData\Roaming\WB.CFG
2013-06-16 23:10 - 2014-01-28 00:09 - 0000005 _____ () C:\Users\Justin\AppData\Roaming\WBPU-TTL.DAT
2012-02-20 13:04 - 2012-02-20 13:04 - 0000104 _____ () C:\Users\Justin\AppData\Roaming\wklnhst.dat
2011-04-20 08:17 - 2011-04-20 08:17 - 0000094 _____ () C:\Users\Justin\AppData\Local\fusioncache.dat
2014-11-06 12:40 - 2014-11-06 12:40 - 0004096 ____H () C:\Users\Justin\AppData\Local\keyfile3.drm
2011-01-27 22:39 - 2011-01-27 22:40 - 3199631 _____ () C:\Users\Justin\AppData\Local\tmp003.JPG
2011-09-24 11:51 - 2011-09-24 11:51 - 0407948 _____ () C:\Users\Justin\AppData\Local\tmp1271400345_1253X940_DOUTZEN-KROES-WALLPAPER.JPG
2011-08-04 20:43 - 2011-08-04 20:43 - 0413474 _____ () C:\Users\Justin\AppData\Local\tmp2245.0
2011-08-04 20:43 - 2011-08-04 20:43 - 0081537 _____ () C:\Users\Justin\AppData\Local\tmp2245.1
2011-08-04 20:43 - 2011-08-04 20:43 - 0083274 _____ () C:\Users\Justin\AppData\Local\tmp2245.2
2011-08-04 20:43 - 2011-08-04 20:43 - 0084047 _____ () C:\Users\Justin\AppData\Local\tmp2245.3
2011-08-04 20:43 - 2011-08-04 20:43 - 0084724 _____ () C:\Users\Justin\AppData\Local\tmp2245.4
2011-08-04 20:43 - 2011-08-04 20:43 - 0081537 _____ () C:\Users\Justin\AppData\Local\tmp2245.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0207506 _____ () C:\Users\Justin\AppData\Local\tmp2257.0
2011-08-04 20:44 - 2011-08-04 20:44 - 0060049 _____ () C:\Users\Justin\AppData\Local\tmp2257.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0007365 _____ () C:\Users\Justin\AppData\Local\tmp2257_navi.JPG
2011-08-04 20:43 - 2011-08-04 20:43 - 0389074 _____ () C:\Users\Justin\AppData\Local\tmp2270.0
2011-08-04 20:43 - 2011-08-04 20:43 - 0073273 _____ () C:\Users\Justin\AppData\Local\tmp2270.1
2011-08-04 20:43 - 2011-08-04 20:43 - 0073749 _____ () C:\Users\Justin\AppData\Local\tmp2270.2
2011-08-04 20:43 - 2011-08-04 20:43 - 0073792 _____ () C:\Users\Justin\AppData\Local\tmp2270.3
2011-08-04 20:43 - 2011-08-04 20:43 - 0389074 _____ () C:\Users\Justin\AppData\Local\tmp2270.4
2011-08-04 20:43 - 2011-08-04 20:43 - 0073484 _____ () C:\Users\Justin\AppData\Local\tmp2270.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0292926 _____ () C:\Users\Justin\AppData\Local\tmp2277.0
2011-08-04 20:44 - 2011-08-04 20:44 - 0185881 _____ () C:\Users\Justin\AppData\Local\tmp2277.1
2011-08-04 20:44 - 2011-08-04 20:44 - 0182491 _____ () C:\Users\Justin\AppData\Local\tmp2277.2
2011-08-04 20:44 - 2011-08-04 20:44 - 0188370 _____ () C:\Users\Justin\AppData\Local\tmp2277.3
2011-08-04 20:44 - 2011-08-04 20:44 - 0188547 _____ () C:\Users\Justin\AppData\Local\tmp2277.4
2011-08-04 20:44 - 2011-08-04 20:44 - 0185881 _____ () C:\Users\Justin\AppData\Local\tmp2277.5
2011-08-04 20:44 - 2011-08-04 20:44 - 0185675 _____ () C:\Users\Justin\AppData\Local\tmp2277.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0009658 _____ () C:\Users\Justin\AppData\Local\tmp2277_navi.JPG
2011-09-02 09:42 - 2011-09-02 09:42 - 0456996 _____ () C:\Users\Justin\AppData\Local\tmp2313.JPG
2011-09-02 09:33 - 2011-09-02 09:33 - 0259186 _____ () C:\Users\Justin\AppData\Local\tmp3423.JPG
2011-07-07 22:28 - 2011-07-07 22:28 - 0358495 _____ () C:\Users\Justin\AppData\Local\tmp;.0
2011-07-07 22:28 - 2011-07-07 22:28 - 0226139 _____ () C:\Users\Justin\AppData\Local\tmp;.1
2011-07-07 22:28 - 2011-07-07 22:28 - 0227959 _____ () C:\Users\Justin\AppData\Local\tmp;.2
2011-07-07 22:28 - 2011-07-07 22:28 - 0227751 _____ () C:\Users\Justin\AppData\Local\tmp;.3
2011-07-07 22:28 - 2011-07-07 22:28 - 0358495 _____ () C:\Users\Justin\AppData\Local\tmp;.4
2011-07-07 22:28 - 2011-07-07 22:28 - 0228182 _____ () C:\Users\Justin\AppData\Local\tmp;.JPG
2011-09-11 16:57 - 2011-09-11 16:57 - 1183438 _____ () C:\Users\Justin\AppData\Local\tmpA86242FB980F079AAB87388E7701FB5B(WWW.WALLZ.EU).0
2011-09-11 16:57 - 2011-09-11 16:57 - 0206086 _____ () C:\Users\Justin\AppData\Local\tmpA86242FB980F079AAB87388E7701FB5B(WWW.WALLZ.EU).JPG
2011-01-20 23:54 - 2011-01-20 23:54 - 2945551 _____ () C:\Users\Justin\AppData\Local\tmpARCH 005.0
2011-01-20 23:54 - 2011-01-20 23:54 - 0646472 _____ () C:\Users\Justin\AppData\Local\tmpARCH 005.JPG
2010-09-09 12:08 - 2010-09-09 12:08 - 3271936 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.0
2010-09-09 12:08 - 2010-09-09 12:08 - 1052403 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.1
2010-09-09 12:08 - 2010-09-09 12:08 - 1045240 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.2
2010-09-09 12:08 - 2010-09-09 12:08 - 1060521 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.3
2010-09-09 12:08 - 2010-09-09 12:08 - 3271936 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.JPG
2011-09-22 21:00 - 2011-09-22 21:00 - 0361964 _____ () C:\Users\Justin\AppData\Local\tmpAUTUMN-REESER-2-U0USF4C6V5-1600X1200.JPG
2011-09-22 21:01 - 2011-09-22 21:01 - 0549730 _____ () C:\Users\Justin\AppData\Local\tmpAUTUMNREESER1.JPG
2011-09-10 12:47 - 2011-09-10 12:47 - 2338820 _____ () C:\Users\Justin\AppData\Local\tmpBRIE-JACOBS-LESBIAN.JPG
2011-08-07 20:48 - 2011-08-23 18:03 - 0234726 _____ () C:\Users\Justin\AppData\Local\tmpELIZABETH-BANKS-004(WWW.THEWALLPAPERS.ORG).0
2011-08-23 18:03 - 2011-08-23 18:03 - 0204925 _____ () C:\Users\Justin\AppData\Local\tmpELIZABETH-BANKS-004(WWW.THEWALLPAPERS.ORG).JPG
2011-09-19 13:38 - 2011-09-19 13:38 - 0586026 _____ () C:\Users\Justin\AppData\Local\tmpSCARLETT_JOHANSSON,_ACTRESS_AND_SINGER_13423.JPG
2011-09-01 22:14 - 2011-09-01 22:14 - 0100261 _____ () C:\Users\Justin\AppData\Local\tmpX.0
2011-09-01 22:14 - 2011-09-01 22:14 - 0095425 _____ () C:\Users\Justin\AppData\Local\tmpX.JPG
2014-10-21 17:34 - 2014-10-21 17:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-25 17:23 - 2010-05-26 17:23 - 0000032 ____R () C:\ProgramData\hash.dat
2011-07-22 17:59 - 2014-10-21 17:12 - 0001326 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\bitool.dll
C:\Users\Justin\AppData\Local\Temp\EsgInstallerx64Stub.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 14:56
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 17 February 2015 - 03:35 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

To run FRST on Vista, Windows 7 and Windows 8 in RE:

 

  • Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flashdrive into the infected PC.
    :spacer:
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt
    :spacer:
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 17 February 2015 - 04:22 PM

Hello Georgi,

Thank you for taking the time to look at my computer. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015

Ran by SYSTEM on MININT-HHL9FTO on 17-02-2015 14:03:53
Running from K:\Justin
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\Default\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Justin\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Justin\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\Justin\...\Run: [Akamai NetSession Interface] => C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\Justin\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Justin\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\Justin\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\Justin\...\Run: [RemoveIT Pro v9Ultra] => C:\Program Files (x86)\InCode Solutions\RemoveIT Pro 2015 Ultra\removeit.exe [2769920 2015-01-10] (InCode Solutions)
BootExecute: autocheck autochk *  
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3358912 2014-09-21] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-01] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-12-17] (Wellbia.com Co., Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
S1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-02-09] (Glarysoft Ltd)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-29] (INCA Internet Co., Ltd.)
S1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S0 Partizan; system32\drivers\Partizan.sys [X]
S3 vproiah; system32\DRIVERS\vproiah.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 12:57 - 2015-02-17 12:57 - 00000056 _____ () C:\Windows\setupact.log
2015-02-17 12:57 - 2015-02-17 12:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-17 12:51 - 2015-02-17 12:51 - 02085888 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2015-02-16 20:10 - 2015-02-16 21:33 - 152370329 _____ () C:\Users\Justin\Downloads\Chanel Preston And Freya French - Hardcore Latex Painslut Electrobleep.part5.rar
2015-02-14 20:46 - 2015-02-14 20:46 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\steam.transformice.com
2015-02-13 00:06 - 2015-02-13 00:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-13 00:06 - 2015-02-13 00:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-13 00:05 - 2015-02-13 00:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 23:53 - 2015-02-12 23:53 - 00001483 _____ () C:\Users\Public\Desktop\RemoveIT Pro 2015 Ultra.lnk
2015-02-12 23:53 - 2015-02-12 23:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\InCode Solutions
2015-02-12 23:53 - 2015-02-12 23:53 - 00000000 ____D () C:\Program Files (x86)\InCode Solutions
2015-02-12 23:52 - 2015-02-12 23:52 - 09334944 _____ (InCode Solutions ) C:\Users\Justin\Downloads\removeitpro_ultra.exe
2015-02-12 23:44 - 2015-02-12 23:44 - 00000212 _____ () C:\Users\Justin\Downloads\Search.txt
2015-02-12 23:42 - 2015-02-13 12:57 - 00052284 _____ () C:\Users\Justin\Downloads\Addition.txt
2015-02-12 23:40 - 2015-02-17 14:03 - 00000000 ____D () C:\FRST
2015-02-12 23:40 - 2015-02-13 12:57 - 00073882 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-02-12 23:40 - 2015-02-12 23:40 - 02134016 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-02-12 22:58 - 2015-02-12 22:58 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Justin\Downloads\SpyHunter-Installer.exe
2015-02-12 22:40 - 2015-02-12 22:40 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 22:40 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 22:40 - 2014-11-21 05:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-02-12 22:40 - 2014-11-21 05:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-02-12 21:55 - 2015-02-12 21:57 - 00000000 ____D () C:\Users\Justin\Downloads\Autoruns
2015-02-12 21:55 - 2015-02-12 21:55 - 00573697 _____ () C:\Users\Justin\Downloads\Autoruns.zip
2015-02-12 21:49 - 2015-02-12 21:51 - 00000000 ____D () C:\Program Files\Unlocker
2015-02-12 21:31 - 2015-02-12 21:31 - 00402911 _____ () C:\Users\Justin\Downloads\Unlocker1.9.2.exe
2015-02-12 21:26 - 2015-02-12 21:36 - 00000172 _____ () C:\Windows\SysWOW64\Partizan.RRI
2015-02-12 21:26 - 2015-02-12 21:26 - 00040208 _____ (Greatis Software) C:\Windows\System32\Partizan.exe
2015-02-12 21:23 - 2015-02-12 21:23 - 00000000 ____D () C:\ProgramData\RegRun
2015-02-12 21:22 - 2015-02-12 21:40 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-02-12 21:22 - 2015-02-12 21:26 - 00000000 ____D () C:\Users\Justin\Documents\RegRun2
2015-02-12 21:22 - 2015-02-12 21:22 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-02-12 21:22 - 2015-02-12 21:22 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2015-02-12 21:22 - 2015-02-12 21:22 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2015-02-12 21:22 - 2015-02-12 21:22 - 00000000 ____D () C:\Users\Justin\Downloads\unhackmeb
2015-02-12 21:19 - 2015-02-12 21:21 - 16607035 _____ () C:\Users\Justin\Downloads\unhackmeb.zip
2015-02-12 20:37 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\System32\ffnd.exe
2015-02-12 20:12 - 2015-02-12 20:38 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\FreeFixer
2015-02-12 20:12 - 2015-02-12 20:21 - 00000000 ____D () C:\Users\Justin\AppData\Local\FreeFixer
2015-02-12 20:12 - 2015-02-12 20:12 - 00000000 ____D () C:\Program Files\FreeFixer
2015-02-12 20:00 - 2015-02-12 22:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-02-12 20:00 - 2015-02-12 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 20:00 - 2015-02-12 20:01 - 02666167 _____ (Kephyr) C:\Users\Justin\Downloads\freefixersetup.exe
2015-02-12 19:58 - 2014-11-21 05:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-02-12 19:48 - 2015-02-12 19:50 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.08.3.1004.exe
2015-02-12 19:35 - 2015-02-12 19:36 - 05325808 _____ (Piriform Ltd) C:\Users\Justin\Downloads\ccsetup502pro.exe
2015-02-12 19:25 - 2015-02-12 19:44 - 00000000 ____D () C:\Users\Justin\Documents\Combo fix Log
2015-02-12 19:23 - 2015-02-12 19:23 - 00036826 _____ () C:\ComboFix.txt
2015-02-12 19:14 - 2015-02-12 19:14 - 00028672 _____ () C:\Windows\System32\config\system.gu
2015-02-12 18:54 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 18:54 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 18:54 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 18:54 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 18:54 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 18:54 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 18:54 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 18:54 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 18:42 - 2015-02-12 19:23 - 00000000 ____D () C:\Qoobox
2015-02-12 18:42 - 2015-02-12 19:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 18:39 - 2015-02-12 18:41 - 05611930 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2015-02-12 17:55 - 2015-02-12 17:55 - 00003600 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Scanning
2015-02-12 17:55 - 2015-02-12 17:55 - 00003528 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Autostart
2015-02-12 17:51 - 2015-02-12 17:51 - 07365120 _____ (Safebytes) C:\Users\Justin\Downloads\TotalSystemCare_Installer.exe
2015-02-12 17:49 - 2015-02-12 17:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 17:48 - 2015-02-12 17:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Justin\Downloads\revosetup.exe
2015-02-12 15:59 - 2015-02-02 10:13 - 01388274 _____ (Thisisu) C:\Users\Justin\Desktop\JRT_NEW.exe
2015-02-12 15:46 - 2015-02-12 15:46 - 01388274 _____ (Thisisu) C:\Users\Justin\Downloads\JRT (1).exe
2015-02-12 01:21 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 01:21 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 01:20 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-02-12 01:20 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-02-12 00:45 - 2015-02-12 00:45 - 17709352 _____ (Adobe Systems Inc.) C:\Users\Justin\Downloads\Adobe_Air_v16.0.0.245.exe
2015-02-12 00:12 - 2015-02-12 00:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-12 00:11 - 2015-02-12 00:11 - 00849352 _____ () C:\Users\Justin\Downloads\AppManagerSetup_1.47.exe
2015-02-11 16:49 - 2015-02-11 16:49 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\AMD
2015-02-11 16:35 - 2015-02-11 16:35 - 00000000 ____D () C:\ProgramData\ATI
2015-02-11 16:34 - 2015-02-11 16:34 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\library_dir
2015-02-11 16:33 - 2015-02-11 16:33 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201502111733358462.log
2015-02-11 16:33 - 2015-02-11 16:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-11 16:32 - 2015-02-11 16:32 - 00018637 _____ () C:\Windows\SysWOW64\CCCInstall_201502111732192969.log
2015-02-11 16:32 - 2015-02-11 16:32 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-11 16:30 - 2015-02-11 16:31 - 00000000 ____D () C:\Program Files\AMD
2015-02-11 16:30 - 2015-02-11 16:30 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-02-11 16:28 - 2015-02-11 16:28 - 00000000 ____D () C:\AMD
2015-02-11 16:24 - 2015-02-11 16:24 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Justin\Downloads\autodetectutility.exe
2015-02-11 15:41 - 2015-02-11 16:32 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-11 15:41 - 2015-02-11 15:41 - 00000000 ____D () C:\Program Files\ATI
2015-02-11 11:10 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
2015-02-11 11:10 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
2015-02-11 11:10 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
2015-02-11 11:10 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 06:55 - 2015-02-11 06:58 - 104597312 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Justin\Downloads\sp46260.exe
2015-02-11 06:52 - 2015-02-11 06:52 - 05165056 _____ () C:\Users\Justin\Downloads\HPSupportSolutionsFramework-11.51.0048.msi
2015-02-11 06:27 - 2015-02-11 06:27 - 00000000 ____D () C:\663058c33701b990d8d1b8b73e70b6
2015-02-11 00:29 - 2015-02-11 00:29 - 00000000 ____D () C:\8631c53844f73fb3e3ae2e860f9a6b
2015-02-10 14:49 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-02-10 14:49 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-02-10 14:49 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-02-10 14:49 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-02-10 14:49 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-02-10 14:49 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2015-02-10 14:49 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-02-10 14:49 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2015-02-10 14:48 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-02-10 14:48 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 14:48 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-02-10 14:48 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-02-10 14:48 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-02-10 14:48 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-02-10 14:48 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-02-10 14:48 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-02-10 14:48 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-02-10 14:48 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-02-10 14:48 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-02-10 14:48 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-02-10 14:48 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-02-10 14:48 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-02-10 14:48 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-02-10 14:48 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 14:48 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-10 14:48 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 14:48 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-02-10 14:48 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-10 14:48 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 14:48 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-02-10 14:48 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-02-10 14:48 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 14:48 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 14:48 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 14:48 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-02-10 14:48 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 14:48 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 14:48 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 14:48 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 14:48 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 14:48 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-02-10 14:48 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-02-10 14:48 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-02-10 14:48 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-02-10 14:48 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 14:48 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-02-10 14:48 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 14:48 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 14:48 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 14:48 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 14:48 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-02-10 14:48 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 14:48 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 14:48 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 14:48 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 14:48 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-02-10 14:48 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-02-10 14:48 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 14:48 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 14:48 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-02-10 14:48 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 14:48 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 14:47 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-02-10 14:47 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-02-10 14:47 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-02-10 14:47 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-02-10 14:47 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-02-10 14:47 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-02-10 14:47 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-02-10 14:47 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-02-10 14:47 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-02-10 14:47 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-02-10 14:47 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-02-10 14:47 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 14:47 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 14:47 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 14:47 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 14:47 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 14:47 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 14:47 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-02-10 14:47 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-02-10 14:47 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-02-10 14:47 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-02-10 14:47 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-02-10 14:47 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 14:47 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 14:47 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 14:47 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-02-10 14:47 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 14:47 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-02-10 14:47 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 14:47 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-10 14:47 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 14:47 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-02-10 14:47 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 14:47 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-02-10 14:47 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-02-10 14:47 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 14:47 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 14:46 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-09 23:22 - 2015-02-12 18:24 - 00000000 ____D () C:\AdwCleaner
2015-02-09 23:21 - 2015-02-09 23:21 - 02112512 _____ () C:\Users\Justin\Downloads\AdwCleaner.exe
2015-02-09 23:08 - 2015-02-01 18:22 - 00028960 _____ (Glarysoft Ltd) C:\Windows\System32\RegBootDefrag.exe
2015-02-09 23:04 - 2015-02-09 23:04 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Auslogics
2015-02-09 23:03 - 2015-02-09 23:03 - 07866608 _____ (Auslogics Software Pty Ltd ) C:\Users\Justin\Downloads\disk-defrag-setup_3600.exe
2015-02-09 22:19 - 2015-02-09 22:19 - 02333416 _____ (Intel) C:\Users\Justin\Downloads\Intel Driver Update Utility Installer.exe
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Users\Justin\AppData\Local\Intel
2015-02-09 22:13 - 2015-02-09 22:13 - 00000000 ____D () C:\Users\Justin\Downloads\DirectX_11_Setup
2015-02-09 22:09 - 2015-02-09 22:11 - 100655797 _____ () C:\Users\Justin\Downloads\DirectX_11_Setup.zip
2015-02-09 21:19 - 2015-02-09 21:19 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-09 21:19 - 2015-02-09 21:19 - 00000000 ____D () C:\Windows\System32\SRSLabs
2015-02-09 21:15 - 2014-05-14 17:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2015-02-09 21:15 - 2014-05-14 15:00 - 01099203 _____ () C:\Windows\System32\Drivers\RTAIODAT.DAT
2015-02-09 21:15 - 2014-05-12 19:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2015-02-09 21:15 - 2014-05-09 10:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtDataProc64.dll
2015-02-09 21:15 - 2014-04-30 10:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2015-02-09 21:15 - 2014-04-28 14:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RltkAPO64.dll
2015-02-09 21:15 - 2014-04-25 12:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2015-02-09 21:15 - 2014-04-25 12:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2015-02-09 21:15 - 2014-03-06 15:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2015-02-09 21:15 - 2014-01-28 10:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2015-02-09 21:15 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2015-02-09 21:15 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2015-02-09 21:15 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2015-02-09 21:15 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2015-02-09 21:15 - 2009-11-24 08:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2015-02-09 21:15 - 2009-11-24 08:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2015-02-09 21:13 - 2014-02-18 16:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2015-02-09 21:13 - 2013-10-16 02:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2015-02-09 21:13 - 2013-10-11 11:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2015-02-09 21:13 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2015-02-09 21:04 - 2015-02-09 21:04 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup (1).exe
2015-02-09 20:57 - 2015-02-09 20:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Easeware
2015-02-09 20:56 - 2015-02-09 20:56 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup.exe
2015-02-09 20:54 - 2015-02-09 20:55 - 125683715 _____ (Realtek Semiconductor Corp.) C:\Users\Justin\Downloads\realtek_high_definition_audio_6.0.1.7246.exe
2015-02-09 20:54 - 2015-02-09 20:54 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-02-09 20:10 - 2015-02-09 20:10 - 00000000 ____D () C:\ProgramData\PC-Doctor
2015-02-09 20:05 - 2015-02-17 12:45 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-09 20:05 - 2015-02-17 12:45 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-09 20:05 - 2015-02-09 20:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\GlarySoft
2015-02-09 20:05 - 2015-02-09 20:05 - 14920448 _____ () C:\Users\Justin\Downloads\gu5setup.exe
2015-02-09 20:05 - 2015-02-09 20:05 - 00020160 _____ (Glarysoft Ltd) C:\Windows\System32\Drivers\GUBootStartup.sys
2015-02-09 20:05 - 2015-02-09 20:05 - 00002976 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-02-09 20:05 - 2015-02-09 20:05 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-02-09 20:05 - 2015-02-09 20:05 - 00001046 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-09 20:05 - 2015-02-09 20:05 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\DiskDefrag
2015-02-09 13:04 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-02-09 13:03 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-02-09 13:03 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-09 00:21 - 2015-02-09 00:21 - 00003338 _____ () C:\Windows\System32\Tasks\{5A6D67DB-C02E-411B-96AA-541B9688B18B}
2015-02-08 12:58 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2015-02-08 12:58 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-08 12:58 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-08 12:58 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-02-08 12:57 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2015-02-08 12:57 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2015-02-08 12:57 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-02-08 12:57 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2015-02-08 12:57 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-08 12:57 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-08 12:57 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2015-02-08 12:57 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-08 12:57 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2015-02-08 12:57 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-08 12:57 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-07 21:57 - 2012-11-14 13:36 - 01034216 _____ (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2015-02-07 21:57 - 2012-11-14 13:36 - 00916456 _____ (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2015-01-30 01:57 - 2015-01-30 01:57 - 00681148 _____ () C:\Users\Justin\Downloads\lefemmarmor1.1.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00623731 _____ () C:\Users\Justin\Downloads\entertainers.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00467884 _____ () C:\Users\Justin\Downloads\firemoth1.1.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00273049 _____ () C:\Users\Justin\Downloads\adamantiumarmor.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00174668 _____ () C:\Users\Justin\Downloads\ebartifact.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00044071 _____ () C:\Users\Justin\Downloads\bittercoastsounds.zip
2015-01-30 01:57 - 2015-01-30 01:57 - 00006958 _____ () C:\Users\Justin\Downloads\area_effect_arrows.zip
2015-01-30 01:50 - 2015-01-30 01:50 - 00033998 _____ () C:\Users\Justin\Downloads\masterindex.zip
2015-01-29 14:44 - 2015-01-29 14:44 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-24 18:39 - 2015-01-24 18:39 - 05876119 _____ () C:\Users\Justin\Downloads\Morrowind Code Patch-19510-2-1.zip
2015-01-24 17:19 - 2015-01-24 17:19 - 00003036 _____ () C:\Windows\System32\Tasks\{03004C98-9DEF-4D7E-BB95-F2DB46BC1A34}
2015-01-24 16:51 - 2015-01-24 16:51 - 00002153 _____ () C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
2015-01-24 16:51 - 2015-01-24 16:51 - 00000000 ____D () C:\Program Files (x86)\directx
2015-01-24 16:45 - 2015-01-24 16:45 - 00001042 _____ () C:\Users\Public\Desktop\Morrowind.lnk
2015-01-24 16:32 - 2015-02-04 16:31 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 16:22 - 2015-01-24 16:22 - 00000000 ____D () C:\Users\Justin\AppData\Local\Morrowind
2015-01-19 18:45 - 2015-01-19 18:46 - 03058976 _____ () C:\Users\Justin\Downloads\HeroesAndGenerals-setup-100297.exe
2015-01-18 21:51 - 2015-01-20 23:24 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-18 21:50 - 2015-01-18 21:50 - 14087848 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\mseinstall.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 12:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 12:56 - 2010-05-20 10:29 - 01569259 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 12:55 - 2011-02-03 20:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-17 12:54 - 2014-07-15 18:10 - 00000000 ____D () C:\Users\Justin\AppData\Local\LogMeIn Hamachi
2015-02-17 12:54 - 2009-07-13 21:13 - 00006476 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-17 12:54 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-17 12:54 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-17 12:49 - 2010-10-15 09:21 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-17 12:47 - 2012-08-28 19:13 - 00000374 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-02-17 12:43 - 2015-01-17 16:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 01:59 - 2015-01-17 16:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-17 01:37 - 2010-07-08 16:16 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000UA.job
2015-02-17 01:31 - 2012-03-29 20:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-16 15:37 - 2010-07-08 16:16 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000Core.job
2015-02-13 14:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 00:14 - 2012-08-13 22:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Media Player Classic
2015-02-13 00:13 - 2010-07-15 14:17 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-02-13 00:13 - 2010-03-19 09:08 - 00000000 ____D () C:\Windows\Panther
2015-02-13 00:05 - 2012-07-17 09:33 - 00000000 ____D () C:\Users\Justin\AppData\Local\Skyrim
2015-02-12 20:00 - 2015-01-17 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 19:23 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default
2015-02-12 19:16 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-12 19:14 - 2010-07-08 14:47 - 00000000 ____D () C:\users\Justin
2015-02-12 19:14 - 2009-07-13 18:34 - 30932992 _____ () C:\Windows\System32\config\system.gu.bak
2015-02-12 19:14 - 2009-07-13 18:34 - 101449728 _____ () C:\Windows\System32\config\software.gu.bak
2015-02-12 19:14 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\security.gu.bak
2015-02-12 19:13 - 2009-07-13 18:34 - 00524288 _____ () C:\Windows\System32\config\default.gu.bak
2015-02-12 19:13 - 2009-07-13 18:34 - 00262144 _____ () C:\Windows\System32\config\sam.gu.bak
2015-02-12 18:49 - 2012-05-12 10:20 - 00001830 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-12 00:46 - 2014-08-19 22:24 - 00000000 ____D () C:\Users\Justin\AppData\Local\Adobe
2015-02-11 16:33 - 2012-07-01 16:35 - 00000000 ____D () C:\ProgramData\AMD
2015-02-11 12:56 - 2014-12-10 02:47 - 00000000 ____D () C:\Windows\System32\appraiser
2015-02-11 12:56 - 2014-05-06 14:08 - 00000000 ___SD () C:\Windows\System32\CompatTel
2015-02-11 12:34 - 2014-04-20 18:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 12:33 - 2010-07-08 15:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 12:33 - 2009-07-13 18:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 11:12 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 06:53 - 2010-03-19 08:16 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-11 06:16 - 2009-07-13 20:45 - 05060152 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-11 00:29 - 2013-08-13 14:15 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-11 00:19 - 2010-07-10 17:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-02-09 21:20 - 2010-03-19 08:21 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-09 21:13 - 2010-03-19 08:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-09 16:17 - 2014-11-08 12:19 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 13:36 - 2012-02-08 18:03 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-02-08 18:51 - 2013-01-18 20:08 - 00000000 ____D () C:\ProgramData\Skype
2015-02-07 22:05 - 2012-03-29 20:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 22:05 - 2012-03-29 20:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 22:05 - 2011-05-19 12:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 21:58 - 2013-10-23 19:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 21:57 - 2012-11-14 13:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 21:56 - 2012-11-14 13:37 - 00319912 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2015-02-07 21:56 - 2012-11-14 13:37 - 00191400 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2015-02-07 21:56 - 2012-11-14 13:37 - 00111016 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2015-02-07 21:55 - 2014-10-27 09:41 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-07 21:55 - 2014-10-27 09:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-07 21:55 - 2014-10-27 09:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-07 21:55 - 2014-10-27 09:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 21:55 - 2012-11-14 13:37 - 00190888 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2015-02-07 21:54 - 2010-07-18 07:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-06 13:05 - 2015-01-17 16:46 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 14:54 - 2015-01-17 16:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 14:54 - 2015-01-17 16:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 13:50 - 2009-07-13 21:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-21 00:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-18 19:34 - 2012-11-27 13:34 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-01-18 19:34 - 2012-11-27 13:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\bitool.dll
C:\Users\Justin\AppData\Local\Temp\EsgInstallerx64Stub.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE Association (whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point made on: 2015-02-12 22:03:01
Restore point made on: 2015-02-15 18:00:34
 
==================== Memory info =========================== 
 
Percentage of memory in use: 12%
Total physical RAM: 8183.09 MB
Available physical RAM: 7161.44 MB
Total Pagefile: 8181.24 MB
Available Pagefile: 7152.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:920.33 GB) (Free:198.07 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.08 GB) (Free:1.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive k: () (Removable) (Total:0.12 GB) (Free:0.09 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 120.8 MB) (Disk ID: 49E2A461)
Partition 1: (Not Active) - (Size=121 MB) - (Type=06)
 
 
LastRegBack: 2015-02-13 14:25
 
==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 18 February 2015 - 11:46 AM

Hello,

 

Please download the following file =>   and save it on the flash drive where FRST64.exe is located.

Boot back into Recovery Environment the way you did in your previous post.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST64.exe and press the Fix button just once and wait.

The tool will make a log file on the flashdrive in the same folder where frst64.exe is located named (Fixlog.txt).

Reboot the computer normally and post it to your reply.

 

 

 

Regards,

Georgi

 

 


cXfZ4wS.png


#5 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 18 February 2015 - 04:35 PM

Awesome they're gone! I had no idea about the Partizan.sys or catchme.sys. 

I'll stay with you till I get the all clear. 

 

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by SYSTEM at 2015-02-18 14:11:05 Run:1
Running from k:\Justin
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
S1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
S1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 Partizan; system32\drivers\Partizan.sys [X]
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWF
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWR
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
cmwf => Service deleted successfully.
cmwr => Service deleted successfully.
C:\Windows\system32\Drivers\cmwf.sys => Moved successfully.
C:\Windows\system32\Drivers\cmwr.sys => Moved successfully.
catchme => Service deleted successfully.
Partizan => Service deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWF => Key not found. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWR => Key not found. 
 
==== End of Fixlog 14:11:05 ====


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 19 February 2015 - 03:09 AM

Hi,

 

Awesome! :)

Please run a new scan with FRST from Normal Mode (make sure that Addition.txt is checked before you press the SCAN button) and then post both logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 19 February 2015 - 05:46 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Justin (administrator) on JUSTIN-PC on 19-02-2015 03:26:56
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
(InCode Solutions) C:\Program Files (x86)\InCode Solutions\RemoveIT Pro 2015 Ultra\removeit.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe [200560 2011-12-19] (GFI Software)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-18] (Valve Corporation)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Run: [RemoveIT Pro v9Ultra] => C:\Program Files (x86)\InCode Solutions\RemoveIT Pro 2015 Ultra\removeit.exe [2769920 2015-01-10] (InCode Solutions)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=9&ar=msnhome
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
SearchScopes: HKLM -> {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\ColorMedia.dll [324776] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 15 C:\Windows\system32\ColorMedia64.dll [370688] (CartCrunch Israel Ltd.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Justin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-1289362861-3339389545-1959194589-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-07-22]
FF HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]
CHR HKLM-x32\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files (x86)\RebateRobot Chrome Extension\rrchrome_opencandy-c2_2_0_1.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1226096 2012-05-03] (Lavasoft Limited)
S3 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-02-16] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3358912 2014-09-21] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-01] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [666720 2012-12-17] (Wellbia.com Co., Ltd.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-02-09] (Glarysoft Ltd)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-29] (INCA Internet Co., Ltd.) [File not signed]
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vproiah; system32\DRIVERS\vproiah.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 03:26 - 2015-02-19 03:27 - 00023018 _____ () C:\Users\Justin\Desktop\FRST.txt
2015-02-19 03:26 - 2015-02-19 03:26 - 00000000 ____D () C:\Users\Justin\Desktop\FRST-OlderVersion
2015-02-18 23:44 - 2015-02-18 23:44 - 00000000 ____D () C:\Users\Justin\AppData\Local\Steam
2015-02-18 14:05 - 2015-02-18 14:05 - 00000578 _____ () C:\Users\Justin\Downloads\fixlist.txt
2015-02-18 14:03 - 2015-02-18 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-18 14:03 - 2015-02-18 14:03 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-02-17 13:51 - 2015-02-17 13:51 - 02085888 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2015-02-14 21:46 - 2015-02-14 21:46 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\steam.transformice.com
2015-02-13 01:06 - 2015-02-13 01:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-13 01:06 - 2015-02-13 01:06 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-13 01:05 - 2015-02-13 01:06 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-13 00:53 - 2015-02-13 00:53 - 00001483 _____ () C:\Users\Public\Desktop\RemoveIT Pro 2015 Ultra.lnk
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\InCode Solutions
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RemoveIT Pro 2015 Ultra
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\Program Files (x86)\InCode Solutions
2015-02-13 00:52 - 2015-02-13 00:52 - 09334944 _____ (InCode Solutions ) C:\Users\Justin\Downloads\removeitpro_ultra.exe
2015-02-13 00:44 - 2015-02-13 00:44 - 00000212 _____ () C:\Users\Justin\Downloads\Search.txt
2015-02-13 00:42 - 2015-02-13 13:57 - 00052284 _____ () C:\Users\Justin\Downloads\Addition.txt
2015-02-13 00:40 - 2015-02-19 03:26 - 02086912 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-02-13 00:40 - 2015-02-19 03:26 - 00000000 ____D () C:\FRST
2015-02-13 00:40 - 2015-02-13 13:57 - 00073882 _____ () C:\Users\Justin\Downloads\FRST.txt
2015-02-12 23:58 - 2015-02-12 23:58 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Justin\Downloads\SpyHunter-Installer.exe
2015-02-12 23:40 - 2015-02-12 23:40 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 23:40 - 2015-02-12 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 23:40 - 2015-02-12 23:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 23:40 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 23:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 22:55 - 2015-02-12 22:57 - 00000000 ____D () C:\Users\Justin\Downloads\Autoruns
2015-02-12 22:55 - 2015-02-12 22:55 - 00573697 _____ () C:\Users\Justin\Downloads\Autoruns.zip
2015-02-12 22:49 - 2015-02-12 22:51 - 00000000 ____D () C:\Program Files\Unlocker
2015-02-12 22:49 - 2015-02-12 22:49 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-02-12 22:31 - 2015-02-12 22:31 - 00402911 _____ () C:\Users\Justin\Downloads\Unlocker1.9.2.exe
2015-02-12 22:26 - 2015-02-12 22:36 - 00000172 _____ () C:\Windows\SysWOW64\Partizan.RRI
2015-02-12 22:26 - 2015-02-12 22:26 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2015-02-12 22:23 - 2015-02-12 22:23 - 00000000 ____D () C:\ProgramData\RegRun
2015-02-12 22:22 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-02-12 22:22 - 2015-02-12 22:26 - 00000000 ____D () C:\Users\Justin\Documents\RegRun2
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\winstart.bat
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2015-02-12 22:22 - 2015-02-12 22:22 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2015-02-12 22:22 - 2015-02-12 22:22 - 00000000 ____D () C:\Users\Justin\Downloads\unhackmeb
2015-02-12 22:19 - 2015-02-12 22:21 - 16607035 _____ () C:\Users\Justin\Downloads\unhackmeb.zip
2015-02-12 21:37 - 2010-03-08 03:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2015-02-12 21:12 - 2015-02-12 21:38 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\FreeFixer
2015-02-12 21:12 - 2015-02-12 21:21 - 00000000 ____D () C:\Users\Justin\AppData\Local\FreeFixer
2015-02-12 21:12 - 2015-02-12 21:12 - 00000000 ____D () C:\Program Files\FreeFixer
2015-02-12 21:00 - 2015-02-12 23:55 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 21:00 - 2015-02-12 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 21:00 - 2015-02-12 21:01 - 02666167 _____ (Kephyr) C:\Users\Justin\Downloads\freefixersetup.exe
2015-02-12 20:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 20:48 - 2015-02-12 20:50 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.08.3.1004.exe
2015-02-12 20:35 - 2015-02-12 20:36 - 05325808 _____ (Piriform Ltd) C:\Users\Justin\Downloads\ccsetup502pro.exe
2015-02-12 20:25 - 2015-02-12 20:44 - 00000000 ____D () C:\Users\Justin\Documents\Combo fix Log
2015-02-12 20:23 - 2015-02-12 20:23 - 00036826 _____ () C:\ComboFix.txt
2015-02-12 20:14 - 2015-02-12 20:14 - 00028672 _____ () C:\Windows\system32\config\system.gu
2015-02-12 19:54 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 19:54 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 19:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 19:54 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 19:42 - 2015-02-12 20:23 - 00000000 ____D () C:\Qoobox
2015-02-12 19:42 - 2015-02-12 20:22 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 19:39 - 2015-02-12 19:41 - 05611930 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2015-02-12 18:55 - 2015-02-12 18:55 - 00003600 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Scanning
2015-02-12 18:55 - 2015-02-12 18:55 - 00003528 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Autostart
2015-02-12 18:51 - 2015-02-12 18:51 - 07365120 _____ (Safebytes) C:\Users\Justin\Downloads\TotalSystemCare_Installer.exe
2015-02-12 18:49 - 2015-02-12 18:57 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-12 18:48 - 2015-02-12 18:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Justin\Downloads\revosetup.exe
2015-02-12 16:59 - 2015-02-02 11:13 - 01388274 _____ (Thisisu) C:\Users\Justin\Desktop\JRT_NEW.exe
2015-02-12 16:46 - 2015-02-12 16:46 - 01388274 _____ (Thisisu) C:\Users\Justin\Downloads\JRT (1).exe
2015-02-12 02:21 - 2015-01-22 20:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 02:21 - 2015-01-22 20:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 02:20 - 2015-01-22 21:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 02:20 - 2015-01-22 21:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 01:45 - 2015-02-12 01:45 - 17709352 _____ (Adobe Systems Inc.) C:\Users\Justin\Downloads\Adobe_Air_v16.0.0.245.exe
2015-02-12 01:12 - 2015-02-12 01:12 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-02-12 01:11 - 2015-02-12 01:11 - 00849352 _____ () C:\Users\Justin\Downloads\AppManagerSetup_1.47.exe
2015-02-11 17:49 - 2015-02-11 17:49 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\AMD
2015-02-11 17:35 - 2015-02-11 17:35 - 00000000 ____D () C:\ProgramData\ATI
2015-02-11 17:34 - 2015-02-11 17:34 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\library_dir
2015-02-11 17:33 - 2015-02-11 17:33 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201502111733358462.log
2015-02-11 17:33 - 2015-02-11 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-11 17:33 - 2015-02-11 17:33 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-11 17:32 - 2015-02-11 17:32 - 00018637 _____ () C:\Windows\SysWOW64\CCCInstall_201502111732192969.log
2015-02-11 17:32 - 2015-02-11 17:32 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-11 17:30 - 2015-02-11 17:31 - 00000000 ____D () C:\Program Files\AMD
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-02-11 17:28 - 2015-02-11 17:28 - 00000000 ____D () C:\AMD
2015-02-11 17:24 - 2015-02-11 17:24 - 05451464 _____ (Advanced Micro Devices, Inc.) C:\Users\Justin\Downloads\autodetectutility.exe
2015-02-11 16:41 - 2015-02-11 17:32 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-11 16:41 - 2015-02-11 16:41 - 00000000 ____D () C:\Program Files\ATI
2015-02-11 12:10 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 12:10 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 12:10 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 12:10 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 07:55 - 2015-02-11 07:58 - 104597312 _____ (Hewlett-Packard Development Company, L.P. ) C:\Users\Justin\Downloads\sp46260.exe
2015-02-11 07:52 - 2015-02-11 07:52 - 05165056 _____ () C:\Users\Justin\Downloads\HPSupportSolutionsFramework-11.51.0048.msi
2015-02-11 07:27 - 2015-02-11 07:27 - 00000000 ____D () C:\663058c33701b990d8d1b8b73e70b6
2015-02-11 01:29 - 2015-02-11 01:29 - 00000000 ____D () C:\8631c53844f73fb3e3ae2e860f9a6b
2015-02-10 15:49 - 2015-02-03 20:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 15:49 - 2015-02-03 20:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 15:49 - 2015-02-03 20:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 15:49 - 2015-01-27 16:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 15:48 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 15:48 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 15:48 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 15:48 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 15:48 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 15:48 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 15:48 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 15:48 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 15:48 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 15:48 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 15:48 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 15:48 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 15:48 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 15:48 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 15:48 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 15:48 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 15:48 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 15:48 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 15:48 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 15:48 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 15:48 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 15:48 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 15:48 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 15:48 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 15:48 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 15:48 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 15:48 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 15:48 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 15:48 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 15:48 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 15:48 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 15:48 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 15:48 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 15:48 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 15:48 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 15:48 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 15:48 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 15:48 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 15:48 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 15:48 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 15:48 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 15:48 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 15:48 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 15:48 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 15:48 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 15:48 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 15:48 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 15:48 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 15:48 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 15:48 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 15:47 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 15:47 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 15:47 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 15:47 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 15:47 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 15:47 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 15:47 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 15:47 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 15:47 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 15:47 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 15:47 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 15:47 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 15:47 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 15:47 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 15:47 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 15:47 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 15:47 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 15:47 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 15:47 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 15:47 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 15:47 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 15:47 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 15:47 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 15:47 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 15:47 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 15:47 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 15:47 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 15:47 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 15:47 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 15:47 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 15:47 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 15:47 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 15:47 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 15:47 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 15:47 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 15:46 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 00:22 - 2015-02-12 19:24 - 00000000 ____D () C:\AdwCleaner
2015-02-10 00:21 - 2015-02-10 00:21 - 02112512 _____ () C:\Users\Justin\Downloads\AdwCleaner.exe
2015-02-10 00:08 - 2015-02-01 19:22 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2015-02-10 00:04 - 2015-02-10 00:04 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Auslogics
2015-02-10 00:03 - 2015-02-10 00:03 - 07866608 _____ (Auslogics Software Pty Ltd ) C:\Users\Justin\Downloads\disk-defrag-setup_3600.exe
2015-02-09 23:19 - 2015-02-09 23:19 - 02333416 _____ (Intel) C:\Users\Justin\Downloads\Intel Driver Update Utility Installer.exe
2015-02-09 23:19 - 2015-02-09 23:19 - 00000000 ____D () C:\Users\Justin\AppData\Local\Intel
2015-02-09 23:13 - 2015-02-09 23:13 - 00000000 ____D () C:\Users\Justin\Downloads\DirectX_11_Setup
2015-02-09 23:09 - 2015-02-09 23:11 - 100655797 _____ () C:\Users\Justin\Downloads\DirectX_11_Setup.zip
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-02-09 22:19 - 2015-02-09 22:19 - 00000000 ____D () C:\Windows\system32\SRSLabs
2015-02-09 22:15 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-02-09 22:15 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-02-09 22:15 - 2014-05-12 20:11 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-02-09 22:15 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-02-09 22:15 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-02-09 22:15 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-02-09 22:15 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-02-09 22:15 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-02-09 22:15 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-02-09 22:15 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-02-09 22:15 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-02-09 22:15 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-02-09 22:15 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-02-09 22:15 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-02-09 22:15 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-02-09 22:15 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-02-09 22:13 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-02-09 22:13 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-02-09 22:13 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-02-09 22:13 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-02-09 22:04 - 2015-02-09 22:04 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup (1).exe
2015-02-09 21:57 - 2015-02-09 21:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Easeware
2015-02-09 21:56 - 2015-02-09 21:56 - 02070192 _____ (Easeware ) C:\Users\Justin\Downloads\DriverNavigator_Setup.exe
2015-02-09 21:54 - 2015-02-09 21:55 - 125683715 _____ (Realtek Semiconductor Corp.) C:\Users\Justin\Downloads\realtek_high_definition_audio_6.0.1.7246.exe
2015-02-09 21:54 - 2015-02-09 21:54 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-02-09 21:10 - 2015-02-09 21:10 - 00000000 ____D () C:\ProgramData\PC-Doctor
2015-02-09 21:05 - 2015-02-18 14:15 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-02-09 21:05 - 2015-02-18 14:15 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2015-02-09 21:05 - 2015-02-09 21:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\GlarySoft
2015-02-09 21:05 - 2015-02-09 21:05 - 14920448 _____ () C:\Users\Justin\Downloads\gu5setup.exe
2015-02-09 21:05 - 2015-02-09 21:05 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2015-02-09 21:05 - 2015-02-09 21:05 - 00002976 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2015-02-09 21:05 - 2015-02-09 21:05 - 00002634 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2015-02-09 21:05 - 2015-02-09 21:05 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-02-09 21:05 - 2015-02-09 21:05 - 00001046 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\DiskDefrag
2015-02-09 21:05 - 2015-02-09 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-02-09 14:04 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-09 14:03 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-09 14:03 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-09 01:21 - 2015-02-09 01:21 - 00003338 _____ () C:\Windows\System32\Tasks\{5A6D67DB-C02E-411B-96AA-541B9688B18B}
2015-02-08 13:58 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-02-08 13:58 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-08 13:58 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-08 13:58 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-02-08 13:57 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-02-08 13:57 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-02-08 13:57 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-08 13:57 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-02-08 13:57 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-02-08 13:57 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-02-08 13:57 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-02-08 13:57 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-08 13:57 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-08 13:57 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-02-08 13:57 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-07 22:57 - 2012-11-14 14:36 - 01034216 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2015-02-07 22:57 - 2012-11-14 14:36 - 00916456 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2015-01-30 02:57 - 2015-01-30 02:57 - 00681148 _____ () C:\Users\Justin\Downloads\lefemmarmor1.1.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00623731 _____ () C:\Users\Justin\Downloads\entertainers.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00467884 _____ () C:\Users\Justin\Downloads\firemoth1.1.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00273049 _____ () C:\Users\Justin\Downloads\adamantiumarmor.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00174668 _____ () C:\Users\Justin\Downloads\ebartifact.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00044071 _____ () C:\Users\Justin\Downloads\bittercoastsounds.zip
2015-01-30 02:57 - 2015-01-30 02:57 - 00006958 _____ () C:\Users\Justin\Downloads\area_effect_arrows.zip
2015-01-30 02:50 - 2015-01-30 02:50 - 00033998 _____ () C:\Users\Justin\Downloads\masterindex.zip
2015-01-24 19:39 - 2015-01-24 19:39 - 05876119 _____ () C:\Users\Justin\Downloads\Morrowind Code Patch-19510-2-1.zip
2015-01-24 18:19 - 2015-01-24 18:19 - 00003036 _____ () C:\Windows\System32\Tasks\{03004C98-9DEF-4D7E-BB95-F2DB46BC1A34}
2015-01-24 17:51 - 2015-01-24 17:51 - 00002153 _____ () C:\Users\Public\Desktop\The Elder Scrolls Construction Set.lnk
2015-01-24 17:51 - 2015-01-24 17:51 - 00000000 ____D () C:\Program Files (x86)\directx
2015-01-24 17:45 - 2015-01-24 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-01-24 17:45 - 2015-01-24 17:45 - 00001042 _____ () C:\Users\Public\Desktop\Morrowind.lnk
2015-01-24 17:32 - 2015-02-04 17:31 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 17:22 - 2015-01-24 17:22 - 00000000 ____D () C:\Users\Justin\AppData\Local\Morrowind
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 03:26 - 2014-07-15 19:10 - 00000000 ____D () C:\Users\Justin\AppData\Local\LogMeIn Hamachi
2015-02-19 03:26 - 2011-02-03 21:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-19 03:00 - 2010-05-20 11:29 - 01596986 ____N () C:\Windows\WindowsUpdate.log
2015-02-19 02:59 - 2015-01-17 17:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 02:37 - 2010-07-08 17:16 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000UA.job
2015-02-19 02:31 - 2012-03-29 21:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 00:35 - 2010-10-15 10:21 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-18 16:37 - 2010-07-08 17:16 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1289362861-3339389545-1959194589-1000Core.job
2015-02-18 15:59 - 2015-01-17 17:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 14:22 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 14:22 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 14:15 - 2012-08-28 20:13 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-18 14:13 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-17 20:34 - 2012-11-27 14:34 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-02-17 20:34 - 2012-11-27 14:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-02-17 13:54 - 2009-07-13 22:13 - 00006476 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 16:20 - 2012-11-14 10:36 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-02-13 15:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 01:14 - 2012-08-13 23:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Media Player Classic
2015-02-13 01:13 - 2010-07-15 15:17 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-02-13 01:13 - 2010-03-19 10:08 - 00000000 ____D () C:\Windows\Panther
2015-02-13 01:05 - 2012-07-17 10:33 - 00000000 ____D () C:\Users\Justin\AppData\Local\Skyrim
2015-02-12 21:00 - 2015-01-17 19:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 20:23 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2015-02-12 20:16 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-12 20:14 - 2010-07-08 15:47 - 00000000 ____D () C:\Users\Justin
2015-02-12 20:14 - 2009-07-13 19:34 - 30932992 _____ () C:\Windows\system32\config\system.gu.bak
2015-02-12 20:14 - 2009-07-13 19:34 - 101449728 _____ () C:\Windows\system32\config\software.gu.bak
2015-02-12 20:14 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2015-02-12 20:13 - 2009-07-13 19:34 - 00524288 _____ () C:\Windows\system32\config\default.gu.bak
2015-02-12 20:13 - 2009-07-13 19:34 - 00262144 _____ () C:\Windows\system32\config\sam.gu.bak
2015-02-12 19:49 - 2012-05-12 11:20 - 00001830 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-12 17:39 - 2011-12-05 01:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
2015-02-12 17:39 - 2010-09-18 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3
2015-02-12 17:39 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-12 01:46 - 2014-08-19 23:24 - 00000000 ____D () C:\Users\Justin\AppData\Local\Adobe
2015-02-11 17:33 - 2012-07-01 17:35 - 00000000 ____D () C:\ProgramData\AMD
2015-02-11 13:56 - 2014-12-10 03:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 13:56 - 2014-05-06 15:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 13:34 - 2014-04-20 19:58 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 13:33 - 2010-07-08 16:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 13:33 - 2009-07-13 19:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 12:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 07:53 - 2010-03-19 09:16 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2015-02-11 07:16 - 2009-07-13 21:45 - 05060152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 01:29 - 2013-08-13 15:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:19 - 2010-07-10 18:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 22:20 - 2010-03-19 09:21 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-02-09 22:13 - 2010-03-19 09:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-09 17:17 - 2014-11-08 13:19 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 14:36 - 2012-02-08 19:03 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-02-08 19:51 - 2013-01-18 21:08 - 00000000 ____D () C:\ProgramData\Skype
2015-02-08 14:03 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-07 23:05 - 2012-03-29 21:37 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 23:05 - 2012-03-29 21:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 23:05 - 2011-05-19 13:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 22:58 - 2013-10-23 20:22 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-07 22:57 - 2012-11-14 14:35 - 00000000 ____D () C:\Program Files\Java
2015-02-07 22:56 - 2012-11-14 14:37 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-07 22:56 - 2012-11-14 14:37 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-07 22:56 - 2012-11-14 14:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-07 22:55 - 2014-10-27 10:41 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-07 22:55 - 2014-10-27 10:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-07 22:55 - 2012-11-14 14:37 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-07 22:54 - 2010-07-18 08:52 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-06 14:05 - 2015-01-17 17:46 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 15:54 - 2015-01-17 17:45 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 15:54 - 2015-01-17 17:45 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 14:50 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-27 14:49 - 2014-03-31 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-21 01:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-21 00:24 - 2015-01-18 22:51 - 00001945 _____ () C:\Windows\epplauncher.mif
 
==================== Files in the root of some directories =======
 
2013-05-18 23:14 - 2013-05-19 23:09 - 0000005 _____ () C:\Users\Justin\AppData\Roaming\BCT-TTL.DAT
2012-03-07 19:03 - 2012-03-07 19:03 - 0090738 _____ () C:\Users\Justin\AppData\Roaming\icarus-dxdiag.xml
2015-01-17 19:17 - 2015-01-17 20:37 - 0000115 _____ () C:\Users\Justin\AppData\Roaming\LogFile.txt
2013-07-26 23:09 - 2014-10-12 23:09 - 0000230 _____ () C:\Users\Justin\AppData\Roaming\WB.CFG
2013-06-16 23:10 - 2014-01-28 00:09 - 0000005 _____ () C:\Users\Justin\AppData\Roaming\WBPU-TTL.DAT
2012-02-20 13:04 - 2012-02-20 13:04 - 0000104 _____ () C:\Users\Justin\AppData\Roaming\wklnhst.dat
2011-04-20 08:17 - 2011-04-20 08:17 - 0000094 _____ () C:\Users\Justin\AppData\Local\fusioncache.dat
2014-11-06 12:40 - 2014-11-06 12:40 - 0004096 ____H () C:\Users\Justin\AppData\Local\keyfile3.drm
2011-01-27 22:39 - 2011-01-27 22:40 - 3199631 _____ () C:\Users\Justin\AppData\Local\tmp003.JPG
2011-09-24 11:51 - 2011-09-24 11:51 - 0407948 _____ () C:\Users\Justin\AppData\Local\tmp1271400345_1253X940_DOUTZEN-KROES-WALLPAPER.JPG
2011-08-04 20:43 - 2011-08-04 20:43 - 0413474 _____ () C:\Users\Justin\AppData\Local\tmp2245.0
2011-08-04 20:43 - 2011-08-04 20:43 - 0081537 _____ () C:\Users\Justin\AppData\Local\tmp2245.1
2011-08-04 20:43 - 2011-08-04 20:43 - 0083274 _____ () C:\Users\Justin\AppData\Local\tmp2245.2
2011-08-04 20:43 - 2011-08-04 20:43 - 0084047 _____ () C:\Users\Justin\AppData\Local\tmp2245.3
2011-08-04 20:43 - 2011-08-04 20:43 - 0084724 _____ () C:\Users\Justin\AppData\Local\tmp2245.4
2011-08-04 20:43 - 2011-08-04 20:43 - 0081537 _____ () C:\Users\Justin\AppData\Local\tmp2245.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0207506 _____ () C:\Users\Justin\AppData\Local\tmp2257.0
2011-08-04 20:44 - 2011-08-04 20:44 - 0060049 _____ () C:\Users\Justin\AppData\Local\tmp2257.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0007365 _____ () C:\Users\Justin\AppData\Local\tmp2257_navi.JPG
2011-08-04 20:43 - 2011-08-04 20:43 - 0389074 _____ () C:\Users\Justin\AppData\Local\tmp2270.0
2011-08-04 20:43 - 2011-08-04 20:43 - 0073273 _____ () C:\Users\Justin\AppData\Local\tmp2270.1
2011-08-04 20:43 - 2011-08-04 20:43 - 0073749 _____ () C:\Users\Justin\AppData\Local\tmp2270.2
2011-08-04 20:43 - 2011-08-04 20:43 - 0073792 _____ () C:\Users\Justin\AppData\Local\tmp2270.3
2011-08-04 20:43 - 2011-08-04 20:43 - 0389074 _____ () C:\Users\Justin\AppData\Local\tmp2270.4
2011-08-04 20:43 - 2011-08-04 20:43 - 0073484 _____ () C:\Users\Justin\AppData\Local\tmp2270.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0292926 _____ () C:\Users\Justin\AppData\Local\tmp2277.0
2011-08-04 20:44 - 2011-08-04 20:44 - 0185881 _____ () C:\Users\Justin\AppData\Local\tmp2277.1
2011-08-04 20:44 - 2011-08-04 20:44 - 0182491 _____ () C:\Users\Justin\AppData\Local\tmp2277.2
2011-08-04 20:44 - 2011-08-04 20:44 - 0188370 _____ () C:\Users\Justin\AppData\Local\tmp2277.3
2011-08-04 20:44 - 2011-08-04 20:44 - 0188547 _____ () C:\Users\Justin\AppData\Local\tmp2277.4
2011-08-04 20:44 - 2011-08-04 20:44 - 0185881 _____ () C:\Users\Justin\AppData\Local\tmp2277.5
2011-08-04 20:44 - 2011-08-04 20:44 - 0185675 _____ () C:\Users\Justin\AppData\Local\tmp2277.JPG
2011-08-04 20:44 - 2011-08-04 20:44 - 0009658 _____ () C:\Users\Justin\AppData\Local\tmp2277_navi.JPG
2011-09-02 09:42 - 2011-09-02 09:42 - 0456996 _____ () C:\Users\Justin\AppData\Local\tmp2313.JPG
2011-09-02 09:33 - 2011-09-02 09:33 - 0259186 _____ () C:\Users\Justin\AppData\Local\tmp3423.JPG
2011-07-07 22:28 - 2011-07-07 22:28 - 0358495 _____ () C:\Users\Justin\AppData\Local\tmp;.0
2011-07-07 22:28 - 2011-07-07 22:28 - 0226139 _____ () C:\Users\Justin\AppData\Local\tmp;.1
2011-07-07 22:28 - 2011-07-07 22:28 - 0227959 _____ () C:\Users\Justin\AppData\Local\tmp;.2
2011-07-07 22:28 - 2011-07-07 22:28 - 0227751 _____ () C:\Users\Justin\AppData\Local\tmp;.3
2011-07-07 22:28 - 2011-07-07 22:28 - 0358495 _____ () C:\Users\Justin\AppData\Local\tmp;.4
2011-07-07 22:28 - 2011-07-07 22:28 - 0228182 _____ () C:\Users\Justin\AppData\Local\tmp;.JPG
2011-09-11 16:57 - 2011-09-11 16:57 - 1183438 _____ () C:\Users\Justin\AppData\Local\tmpA86242FB980F079AAB87388E7701FB5B(WWW.WALLZ.EU).0
2011-09-11 16:57 - 2011-09-11 16:57 - 0206086 _____ () C:\Users\Justin\AppData\Local\tmpA86242FB980F079AAB87388E7701FB5B(WWW.WALLZ.EU).JPG
2011-01-20 23:54 - 2011-01-20 23:54 - 2945551 _____ () C:\Users\Justin\AppData\Local\tmpARCH 005.0
2011-01-20 23:54 - 2011-01-20 23:54 - 0646472 _____ () C:\Users\Justin\AppData\Local\tmpARCH 005.JPG
2010-09-09 12:08 - 2010-09-09 12:08 - 3271936 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.0
2010-09-09 12:08 - 2010-09-09 12:08 - 1052403 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.1
2010-09-09 12:08 - 2010-09-09 12:08 - 1045240 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.2
2010-09-09 12:08 - 2010-09-09 12:08 - 1060521 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.3
2010-09-09 12:08 - 2010-09-09 12:08 - 3271936 _____ () C:\Users\Justin\AppData\Local\tmpARCHITECTURE 010.JPG
2011-09-22 21:00 - 2011-09-22 21:00 - 0361964 _____ () C:\Users\Justin\AppData\Local\tmpAUTUMN-REESER-2-U0USF4C6V5-1600X1200.JPG
2011-09-22 21:01 - 2011-09-22 21:01 - 0549730 _____ () C:\Users\Justin\AppData\Local\tmpAUTUMNREESER1.JPG
2011-09-10 12:47 - 2011-09-10 12:47 - 2338820 _____ () C:\Users\Justin\AppData\Local\tmpBRIE-JACOBS-LESBIAN.JPG
2011-08-07 20:48 - 2011-08-23 18:03 - 0234726 _____ () C:\Users\Justin\AppData\Local\tmpELIZABETH-BANKS-004(WWW.THEWALLPAPERS.ORG).0
2011-08-23 18:03 - 2011-08-23 18:03 - 0204925 _____ () C:\Users\Justin\AppData\Local\tmpELIZABETH-BANKS-004(WWW.THEWALLPAPERS.ORG).JPG
2011-09-19 13:38 - 2011-09-19 13:38 - 0586026 _____ () C:\Users\Justin\AppData\Local\tmpSCARLETT_JOHANSSON,_ACTRESS_AND_SINGER_13423.JPG
2011-09-01 22:14 - 2011-09-01 22:14 - 0100261 _____ () C:\Users\Justin\AppData\Local\tmpX.0
2011-09-01 22:14 - 2011-09-01 22:14 - 0095425 _____ () C:\Users\Justin\AppData\Local\tmpX.JPG
2014-10-21 17:34 - 2014-10-21 17:34 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-25 17:23 - 2010-05-26 17:23 - 0000032 ____R () C:\ProgramData\hash.dat
2011-07-22 17:59 - 2014-10-21 17:12 - 0001326 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\bitool.dll
C:\Users\Justin\AppData\Local\Temp\EsgInstallerx64Stub.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-13 15:25
 
==================== End Of Log ============================

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 19 February 2015 - 07:01 PM

Hello,

 

 

2 Anti-virus Programs Running Simultaneously

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG AntiVirus Free Edition 2015 or Ad-Aware Antivirus.

 

 

 

Registry Editor / Cleaner Warning !!

 

The following is referring to Glary Utilities 5 and CCleaner
.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

I would suggest you to uninstall the following programs:

 

FreeFixer => it should be used by trained users only.

 

We should remove a few leftovers of Colormedia:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 03 February 2016 - 05:43 AM.
typo.

cXfZ4wS.png


#9 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 20 February 2015 - 04:33 AM

  Hello Georgi,

 

I'm having trouble with the new fix. My internet connection goes out on my computer. When I open either Chrome or Explorer, I get Error Code:DNS_PROBE_FINISHED_NO_INTERNET. Also my computer loses connection to my wireless printer. Did a system restore from before you started helping me.

 

I reran your first fix.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by SYSTEM at 2015-02-20 00:25:33 Run:4
Running from k:\Justin
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
S1 cmwf; C:\Windows\system32\Drivers\cmwf.sys [33952 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
S1 cmwr; C:\Windows\system32\Drivers\cmwr.sys [45216 2015-01-07] (CartCrunch Israel Ltd.) <==== ATTENTION
C:\Windows\system32\Drivers\cmwf.sys
C:\Windows\system32\Drivers\cmwr.sys
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 Partizan; system32\drivers\Partizan.sys [X]
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWF
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWR
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
cmwf => Service deleted successfully.
cmwr => Service deleted successfully.
C:\Windows\system32\Drivers\cmwf.sys => Moved successfully.
C:\Windows\system32\Drivers\cmwr.sys => Moved successfully.
catchme => Service deleted successfully.
Partizan => Service deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWF => Key not found. 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMWR => Key not found. 
 
==== End of Fixlog 00:25:33 ====
 
 
All the programs you highlighted are gone. I removed Adware, but I'm not too sure how much I like AVG. I did not run glary's or ccleaner's registry cleaners. But I did use Spy Hunter a while ago to detect malware in my registry, so I could remove it manually. I hope I didn't damage anything.  :( Removed Game booster,because I never noticed a performance increase while playing my games. And I never did run Removeit Pro.
 
 
Here's the most recent fixlog for the new fix
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Justin at 2015-02-20 01:49:31 Run:6
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
cmd: netsh winsock reset
CHR HKLM-x32\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files (x86)\RebateRobot Chrome Extension\rrchrome_opencandy-c2_2_0_1.crx [Not Found]
cmd: type "C:\ComboFix.txt"
C:\ProgramData\hash.dat
Task: {1123BB01-A38A-4995-90A8-8CA9E5A8DAD5} - System32\Tasks\GoForFiles Installer Starter => C:\Users\Justin\AppData\Local\Temp\GoForFilesxOFFTvMXL6.exe <==== ATTENTION
Task: {5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {A7C4C371-0F9C-4D62-8B90-6783155FADA5} - System32\Tasks\TotalSystemCare.Scanning => C:\Program Files\TotalSystemCare\totalsystemcare.exe
Task: {BB92A515-F748-4021-AD76-E50A7195F364} - System32\Tasks\{01E91803-6D89-4593-9640-6C37BE52E514} => pcalua.exe -a C:\Users\Justin\AppData\Local\Temp\Babylon.exe -d C:\Users\Justin\AppData\Local\Temp\ -c -s -affilID=18865
Task: {C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9} - System32\Tasks\TotalSystemCare.Autostart => C:\Program Files\TotalSystemCare\totalsystemcare.exe
C:\Program Files\TotalSystemCare
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
emptytemp:
end
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90eee664-34b1-422a-a782-779af65cdf6d} => value deleted successfully.
C:\Windows\SysWOW64\ColorMedia.dll => Moved successfully.
C:\Windows\system32\ColorMedia64.dll => Moved successfully.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda" => Key deleted successfully.
 
=========  type "C:\ComboFix.txt" =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
"C:\ProgramData\hash.dat" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1123BB01-A38A-4995-90A8-8CA9E5A8DAD5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1123BB01-A38A-4995-90A8-8CA9E5A8DAD5}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoForFiles Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoForFiles Installer Starter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7C4C371-0F9C-4D62-8B90-6783155FADA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C4C371-0F9C-4D62-8B90-6783155FADA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Scanning => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TotalSystemCare.Scanning" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB92A515-F748-4021-AD76-E50A7195F364}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB92A515-F748-4021-AD76-E50A7195F364}" => Key deleted successfully.
C:\Windows\System32\Tasks\{01E91803-6D89-4593-9640-6C37BE52E514} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01E91803-6D89-4593-9640-6C37BE52E514}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9}" => Key deleted successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Autostart => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TotalSystemCare.Autostart" => Key deleted successfully.
"C:\Program Files\TotalSystemCare" => File/Directory not found.
"C:\ProgramData\Temp" => ":0B4227B4" ADS not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia" => Key deleted successfully.
EmptyTemp: => Removed 113.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 01:49:48 ====

 

I rescanned with FRST in normal mode without the deleted programs.

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 20 February 2015 - 09:29 AM

Hi,

 

I am sorry to hear about your troubles. Not sure what happened, but I guess that something interfered with the fix.

 

Btw I think that you attached the old logs from FRST?

 

Please run a new scan with FRST (make sure that Addition.txt is checked before you press the Scan Button) and then please attach both files to your next reply.

 

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 20 February 2015 - 04:13 PM

Here's the new scans.

Attached Files



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 21 February 2015 - 04:32 AM

Hi,

 

 

Let's try to remove this stubborn adware this way:

 

 

STEP 1

 

Please download LSPFix.exe from here => LSPFix.exe and save it to your desktop.


 

STEP 2

 

 

Please download the following file =>  and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

STEP 3

 

 

If your computer is unable to connect to internet after the script above then please try the following:

 

A )

 

Run the LSPFix.exe that you have downloaded earlier.

Check the I know what I'm doing box.
In the Keep box you should see one or more instances of ColorMedia.dll and ColorMedia64.dll
Select every instance of ColorMedia.dll and ColorMedia64.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish.
If no ColorMedia.dll and ColorMedia64.dll files are found then exit the program and try the next set of steps.

 

B )

 

If still no joy then please proceed with the steps below:

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".

Copy/paste the following text at the command prompt and press enter after each line:

 

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset

netsh int ip reset all

netsh interface ipv4 reset

netsh interface ipv6 reset

Next please Control Panel => Open up Network and Internet and go to the Network and Sharing Center.

 

Click on Change adapter settings on the left hand panel.

 

This will bring up a list of adapters present on your computer. Most people will have a Local Area Connection while laptop users will add a Wireless Network Connection and possibly a Bluetooth Network Connection...go ahead and right click on Local Area Connection and click on Properties.

 

NOTE: These steps do not change if you are modifying the Wireless Network Connection instead.

 

If prompted by UAC, click on Yes.

 

Highlight Internet Protocol Version 4 (TCP/IPv4) and click on Properties.

 

Click the two radio buttons that say Obtain an IP address automatically and Obtain DNS server address automatically.

Click OK, and then Close to finish.

Reboot the computer in order the changes to take effect.

 

C )

 

If you are still unable to connect to Internet then go ahead and use System Restore to bring the system back to its previous state.

  1. Open System Restore by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818. In the search box, type System Restore, and then, in the list of results, click System Restore. 18abb370-ac1e-4b6b-b663-e028a75bf05b_48. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

  2. Do one of the following:

    • If there is a recommended restore point, click Choose a different restore point, and then click Next.

    • If there isn't a recommended restore point, click Next.

  3. Click the restore point that you want, and then click Next.

    To view the programs and drivers that will be affected (which could include programs that will be deleted), click Scan for affected programs.

  4. Review the restore point, and then click Finish.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 21 February 2015 - 04:33 AM.

cXfZ4wS.png


#13 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 21 February 2015 - 02:34 PM

Good News Georgi, your fix worked the first time! I still have internet and I can't find Colormedia.dll.

Should I remove LSPFix? 

Also here is the fix log

 

 

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Justin at 2015-02-21 12:08:24 Run:7
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
C:\Program Files (x86)\Ad-Aware Antivirus
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File
Unlock: C:\Windows\SysWOW64\ColorMedia.dll
Unlock: C:\Windows\system32\ColorMedia64.dll
C:\Windows\SysWOW64\ColorMedia.dll
C:\Windows\system32\ColorMedia64.dll
CHR HKLM-x32\...\Chrome\Extension: [pmfbdeonhcacfoakminfhhgllaelfhda] - C:\Program Files (x86)\RebateRobot Chrome Extension\rrchrome_opencandy-c2_2_0_1.crx [Not Found]
C:\Program Files (x86)\RebateRobot Chrome Extension
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2015-02-19 21:17 - 2015-02-19 21:17 - 00000000 ____D () C:\ProgramData\GFI Software
2015-02-13 00:53 - 2015-02-19 23:16 - 00000000 ____D () C:\Program Files (x86)\InCode Solutions
2015-02-13 00:53 - 2015-02-13 00:53 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\InCode Solutions
2015-02-12 22:26 - 2015-02-12 22:36 - 00000172 _____ () C:\Windows\SysWOW64\Partizan.RRI
2015-02-12 22:26 - 2015-02-12 22:26 - 00040208 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2015-02-12 22:23 - 2015-02-12 22:23 - 00000000 ____D () C:\ProgramData\RegRun
2015-02-12 22:22 - 2015-02-19 23:16 - 00000000 ____D () C:\Users\Justin\Documents\RegRun2
2015-02-12 22:22 - 2015-02-12 22:40 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2015-02-12 21:37 - 2010-03-08 03:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2015-02-12 21:12 - 2015-02-12 21:38 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\FreeFixer
2015-02-12 21:12 - 2015-02-12 21:21 - 00000000 ____D () C:\Users\Justin\AppData\Local\FreeFixer
2015-02-12 18:55 - 2015-02-12 18:55 - 00003600 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Scanning
2015-02-12 18:55 - 2015-02-12 18:55 - 00003528 _____ () C:\Windows\System32\Tasks\TotalSystemCare.Autostart
Task: {1123BB01-A38A-4995-90A8-8CA9E5A8DAD5} - System32\Tasks\GoForFiles Installer Starter => C:\Users\Justin\AppData\Local\Temp\GoForFilesxOFFTvMXL6.exe <==== ATTENTION
Task: {1E1D0C00-9763-42D2-A57F-CB702FDE71C5} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {A7C4C371-0F9C-4D62-8B90-6783155FADA5} - System32\Tasks\TotalSystemCare.Scanning => C:\Program Files\TotalSystemCare\totalsystemcare.exe
Task: {BB92A515-F748-4021-AD76-E50A7195F364} - System32\Tasks\{01E91803-6D89-4593-9640-6C37BE52E514} => pcalua.exe -a C:\Users\Justin\AppData\Local\Temp\Babylon.exe -d C:\Users\Justin\AppData\Local\Temp\ -c -s -affilID=18865
Task: {C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9} - System32\Tasks\TotalSystemCare.Autostart => C:\Program Files\TotalSystemCare\totalsystemcare.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
Unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
cmd: netsh winsock reset
cmd: ipconfig /flushdns
emptytemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SBRegRebootCleaner => value deleted successfully.
"C:\Program Files (x86)\Ad-Aware Antivirus" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{90eee664-34b1-422a-a782-779af65cdf6d} => value deleted successfully.
"C:\Windows\SysWOW64\ColorMedia.dll" => File/Directory unlocked successfully.
"C:\Windows\system32\ColorMedia64.dll" => File/Directory unlocked successfully.
C:\Windows\SysWOW64\ColorMedia.dll => Moved successfully.
C:\Windows\system32\ColorMedia64.dll => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmfbdeonhcacfoakminfhhgllaelfhda" => Key deleted successfully.
"C:\Program Files (x86)\RebateRobot Chrome Extension" => File/Directory not found.
SBRE => Service deleted successfully.
C:\ProgramData\GFI Software => Moved successfully.
C:\Program Files (x86)\InCode Solutions => Moved successfully.
C:\Users\Justin\AppData\Roaming\InCode Solutions => Moved successfully.
C:\Windows\SysWOW64\Partizan.RRI => Moved successfully.
C:\Windows\system32\Partizan.exe => Moved successfully.
C:\ProgramData\RegRun => Moved successfully.
C:\Users\Justin\Documents\RegRun2 => Moved successfully.
C:\Program Files (x86)\UnHackMe => Moved successfully.
C:\Windows\system32\ffnd.exe => Moved successfully.
C:\Users\Justin\AppData\Roaming\FreeFixer => Moved successfully.
C:\Users\Justin\AppData\Local\FreeFixer => Moved successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Scanning => Moved successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Autostart => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1123BB01-A38A-4995-90A8-8CA9E5A8DAD5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1123BB01-A38A-4995-90A8-8CA9E5A8DAD5}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoForFiles Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoForFiles Installer Starter" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E1D0C00-9763-42D2-A57F-CB702FDE71C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E1D0C00-9763-42D2-A57F-CB702FDE71C5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E5B2FDD-E108-483D-BA00-EAEF4FCC12ED}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BlockAndSurf Update => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7C4C371-0F9C-4D62-8B90-6783155FADA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7C4C371-0F9C-4D62-8B90-6783155FADA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Scanning not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TotalSystemCare.Scanning" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB92A515-F748-4021-AD76-E50A7195F364}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB92A515-F748-4021-AD76-E50A7195F364}" => Key deleted successfully.
C:\Windows\System32\Tasks\{01E91803-6D89-4593-9640-6C37BE52E514} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{01E91803-6D89-4593-9640-6C37BE52E514}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C519EA89-E88B-4E52-B5D6-D1ECF8CC98A9}" => Key deleted successfully.
C:\Windows\System32\Tasks\TotalSystemCare.Autostart not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TotalSystemCare.Autostart" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwf.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\cmwr.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ColorMedia" => Key deleted successfully.
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9" => Key unlocked successfully.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 911.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:08:47 ====


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:43 PM

Posted 22 February 2015 - 02:02 AM

Hi,

 

Nice work! :)

 

 

STEP 1

 

 

Also let's check for PUPs leftovers:

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 2

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Malware 2.0.4.1028 Final to your desktop.
 

  • Double-click mbam-setup-2.0.4.1028.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

Regards,

Georgi


cXfZ4wS.png


#15 jd.mason

jd.mason
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:43 PM

Posted 23 February 2015 - 10:07 PM

AdwCleaner Log
 
# AdwCleaner v4.111 - Logfile created 23/02/2015 at 03:31:09
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Justin - JUSTIN-PC
# Running from : C:\Users\Justin\Desktop\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17631
 
 
-\\ Google Chrome v40.0.2214.115
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [12538 bytes] - [10/02/2015 00:22:34]
AdwCleaner[R1].txt - [12599 bytes] - [10/02/2015 00:26:00]
AdwCleaner[R2].txt - [1202 bytes] - [12/02/2015 01:09:59]
AdwCleaner[R3].txt - [1320 bytes] - [12/02/2015 16:32:32]
AdwCleaner[R4].txt - [1379 bytes] - [12/02/2015 18:45:01]
AdwCleaner[R5].txt - [1713 bytes] - [12/02/2015 18:58:04]
AdwCleaner[R6].txt - [1555 bytes] - [12/02/2015 19:22:08]
AdwCleaner[R7].txt - [1530 bytes] - [23/02/2015 03:26:35]
AdwCleaner[S0].txt - [12903 bytes] - [10/02/2015 00:27:32]
AdwCleaner[S1].txt - [1286 bytes] - [12/02/2015 01:14:29]
AdwCleaner[S2].txt - [1805 bytes] - [12/02/2015 19:02:06]
AdwCleaner[S3].txt - [1639 bytes] - [12/02/2015 19:24:17]
AdwCleaner[S4].txt - [1459 bytes] - [23/02/2015 03:31:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1518  bytes] ##########
 
JRT Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Justin on Mon 02/23/2015 at 19:12:39.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/23/2015 at 19:15:29.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/23/2015
Scan Time: 7:16:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.24.01
Rootkit Database: v2015.02.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Justin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382349
Time Elapsed: 19 min, 54 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
HitmanPro log
 
HitmanPro 3.7.9.238
www.hitmanpro.com
 
   Computer name . . . . : JUSTIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Justin-PC\Justin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-02-23 19:38:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 26
 
   Objects scanned . . . : 2,408,566
   Files scanned . . . . : 70,683
   Remnants scanned  . . : 911,380 files / 1,426,503 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Justin\AppData\Local\PunkBuster\APB\pb\dll\wc002271.dll
      Size . . . . . . . : 954,666 bytes
      Age  . . . . . . . : 1128.1 days (2012-01-22 18:22:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AD495109DC0B390CB8EB4B68E6395B5B28260CC310A29E966BEDEF1B6BDCAA70
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
 
   C:\Users\Justin\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 68.8 days (2014-12-17 00:48:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Justin\AppData\Local\PunkBuster\APB\pb\pbclold.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 1128.1 days (2012-01-22 16:38:21)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Justin\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 139,904 bytes
      Age  . . . . . . . : 1128.1 days (2012-01-22 16:38:33)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 5FFC3A37106249E619700B233D73AC3024B5902A76A6FCEA687B7123DD8D68AD
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
 
   C:\Users\Justin\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,134,016 bytes
      Age  . . . . . . . : 10.8 days (2015-02-13 00:40:02)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 905D71ABB9F62D59AD3B66CC3269F18E151CCC62EA113B06472A815CB8CA2833
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Justin\Desktop\FRST64.exe
      Size . . . . . . . : 2,086,912 bytes
      Age  . . . . . . . : 3.7 days (2015-02-20 02:27:00)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : CF3043EEDAACEDF33C72A84670D8C24560054CEC81AB37FA58B3A4E1965A74F5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Justin\Desktop\FRST64.exe
          1.5s C:\Users\Justin\Desktop\FRST-OlderVersion\
 
   C:\Users\Justin\Downloads\FRST64.exe
      Size . . . . . . . : 2,085,888 bytes
      Age  . . . . . . . : 6.2 days (2015-02-17 13:51:46)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 6BA40461E9C8E75357899143AABD734B3E0EB436D67B6F5338AEFFEB9F3BF323
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-1289362861-3339389545-1959194589-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Justin\Downloads\FRST64.exe
 
   C:\Windows\SysWOW64\GameMon.des
      Size . . . . . . . : 3,358,912 bytes
      Age  . . . . . . . : 1367.2 days (2011-05-28 13:55:54)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 22B4F46AF7D0F81CEF2B4281CA8D0C4AEC472C7796D1A894891362DC57E96DEC
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 2135
      Version  . . . . . : 2014.9.22.1
      RSA Key Size . . . : 2048
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
 
   C:\Windows\SysWOW64\xsherlock.xem
      Size . . . . . . . : 666,720 bytes
      Age  . . . . . . . : 798.1 days (2012-12-17 17:38:33)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : FA75544B3ABE97267905DD0AC42CC2B93BC95CC328F9383CA7DD97B72D60C23B
      Product  . . . . . : XIGNCODE3
      Publisher  . . . . : Wellbia.com Co., Ltd.
      Description  . . . : XIGNCODE3 Game Start Service
      Version  . . . . . : 3.1.0.1
      RSA Key Size . . . : 2048
      Service  . . . . . : xsherlock
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\xsherlock\
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users