Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with virus/malware: Utop.it, stamplive.com, Chrome redirects, pop-ups


  • This topic is locked This topic is locked
6 replies to this topic

#1 Clonkex

Clonkex

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Tablelands, NSW, Australia
  • Local time:08:12 PM

Posted 10 March 2015 - 08:36 PM

Hey all,
 
Most of the computers on our network are affected with a virus that we can't get rid of. I'm extremely experienced with computers in general and particularly Windows, but very inexperienced in removing viruses and malware because we've never had any before.
 
The problem: When we open pages (not all, but most) in Chrome, the pages take an excessively long time to load. Then they sit there and partially lock up the browser for 5 seconds or so. Then they finish loading and nothing happens for another 5 seconds or so. Then the loading symbol starts flickering as hundreds of ads attempt to load. Very often an overlay is created over the entire page so that clicking anywhere opens a new tab trying to load stamplive.com. If I watch what Chrome is loading (in the bottom-left) I see a lot of different websites, most with "ad" in the address. One common address is Utop.it. Additionally, when I block-select text on some websites, a pop-up appears which is directly related to Utop.it. See this image that someone else posted from this Google product forums thread.
 
What I've tried: I've run Malwarebytes Antimalware, Avast! Antivirus, Spybot Search and Destroy and various rootkit scanners (including Kaspersky's TDSSKiller) - none of them find anything except Malwarebytes (read on for specifics). I've tried safe mode and not safe mode. Malwarebytes finds two files (see the attached log), both related to Utop.it. To delete them, Chrome has to be closed. When I reopen Chrome, they reappear. I'm reasonably certain those files are a symptom, not the cause. I tried reinstalling Chrome on my PC, but the virus came back after a couple of days and those two files that Malwarebytes always found still reappeared after reinstalling Chrome, so I suspect the virus was never actually removed. I've powered down both of our routers for five minutes each (though not at the same time as each other).

I've searched for hours on Google and can't find any information on how to remove the virus. I desperately do not want to reinstall Windows, not least because I would have to do it on about five computers, and even then can't be sure the virus/malware will be removed. If I've missed any necessary info, please tell me and I'll provide it. Help?!

 

NOTE: The following logs are from my PC only. I'm hoping that we can work out what the virus is from my computer and use that info to remove it on the rest of them.

 

EDIT: I just remembered I've also run AdwCleaner, RKill and Junkware Removal Tool. I can't remember if any of those tools brought up any results, but none of them cured the problem.

Addition.txt and malwarebytes log.txt are attached.

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by David (administrator) on HAROLD on 11-03-2015 12:12:39
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\System32\AtwtusbIcon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Almico Software (www.almico.com)) C:\Program Files (x86)\SpeedFan\speedfan.exe
(Jeroen Pelgrims) C:\Users\David\AppData\Local\Apps\2.0\BHM0PDMH.644\PVBR5Y7V.X9Y\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
() E:\Program Files\Unity 5.0.0f4\MonoDevelop\bin\MonoDevelop.exe
(Unity Technologies ApS) E:\Program Files\Unity 5.0.0f4\Editor\Unity.exe
(Unity Technologies ApS) E:\Program Files\Unity 5.0.0f4\Editor\Data\Tools64\UnityShaderCompiler.exe
(Unity Technologies ApS) E:\Program Files\Unity 5.0.0f4\Editor\Data\Tools\UnityShaderCompiler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-26] (NVIDIA Corporation)
HKLM\...\Run: [AtwtusbIcon] => C:\Windows\system32\AtwtusbIcon.exe [3593728 2012-09-10] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis)
HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\MountPoints2: {91d6568d-a196-11e3-9578-bc5ff4dcc25d} - F:\Installer_Windows.exe
HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\MountPoints2: {f418f3b5-cffa-11e3-8ae8-bc5ff4dcc25d} - G:\AutoRun.exe
HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\MountPoints2: {ff70ef2e-db4a-11e3-a10f-bc5ff4dcc25d} - G:\AutoRun.exe
HKU\S-1-5-21-715575704-4020683070-549173419-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms ()
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-04] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-04] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-09-13] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-24] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-11-11] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2014-11-11] (LastPass)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{B597B79E-1A3E-4CB1-8674-E3D4E441BBA8}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-04] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-14] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-24] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2014-11-11] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-715575704-4020683070-549173419-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\David\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-25] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2013-05-29] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2013-06-20] (National Instruments)
FF Extension: LastPass - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\prz90v4y.default\Extensions\support@lastpass.com [2014-11-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-07]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-07]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-07]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-07]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-07]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-07]
CHR Extension: (Backtick) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\daiejhinmmfgincamkeeobmpffhdljim [2015-03-07]
CHR Extension: (Session Buddy) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-03-07]
CHR Extension: (Google Sheets) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-07]
CHR Extension: (Better Youtube History) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-07]
CHR Extension: (RSS Feed Reader) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-03-07]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
S4 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-04-04] (Reprise Software Inc.) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
S4 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation)
S4 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S4 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation)
S4 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
S4 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation)
S4 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation)
S4 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-26] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-26] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-21] (Electronic Arts)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-13] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-11] ()
S4 RadeonPro Support Service; C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
S4 SVLAdminServiceX64; C:\Program Files (x86)\Software Verification\SVL Service x64\svlService_x64.exe [21792 2014-06-03] ()
S4 SVLAdminServiceX86; C:\Program Files (x86)\Software Verification\SVL Service x86\svlService.exe [24928 2014-05-23] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 WTService; C:\Windows\system32\atwtusb.exe [581632 2012-11-22] () [File not signed]
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2014-03-27] ()
S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2014-03-13] (DELL Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BioNTDrv; C:\Program Files (x86)\Paragon Software\Migrate OS to SSD\program\BioNTDrv.SYS [19024 2011-03-01] (Paragon Software GmbH)
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-04] (Corsair Components, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-07-08] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [12288 2009-08-23] () [File not signed]
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [25504 2013-10-21] (Resplendence Software Projects Sp.)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-06-10] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-02-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2015-02-10] (Acronis International GmbH)
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-09-09] (Oracle Corporation)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-02-10] (Acronis International GmbH)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 ss_bbus; system32\DRIVERS\ss_bbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 12:12 - 2015-03-11 12:12 - 00034327 _____ () C:\Users\David\Desktop\FRST.txt
2015-03-11 12:11 - 2015-03-11 12:12 - 00000000 ____D () C:\FRST
2015-03-11 12:11 - 2015-03-11 12:11 - 02095104 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-03-11 01:38 - 2015-03-11 01:38 - 00044766 _____ () C:\Users\David\Desktop\2571-1373801055-PluginLibrary-12.zip
2015-03-11 01:37 - 2015-03-11 01:37 - 00019057 _____ () C:\Users\David\Desktop\OUGC Additional Usergroup Images_#1_dev.zip
2015-03-11 01:33 - 2015-03-11 01:33 - 00014967 _____ () C:\Users\David\Desktop\Username Change Approval, Limit and History_#2_stable.zip
2015-03-11 01:32 - 2015-03-11 01:32 - 00002907 _____ () C:\Users\David\Desktop\Sprited Smilies_#3_stable.zip
2015-03-11 01:25 - 2015-03-11 01:25 - 00014350 _____ () C:\Users\David\Desktop\Edit History Log_#2_stable.zip
2015-03-11 01:25 - 2015-03-11 01:25 - 00005104 _____ () C:\Users\David\Desktop\Report Private Messages_#1_stable.zip
2015-03-11 01:25 - 2015-03-11 01:25 - 00003660 _____ () C:\Users\David\Desktop\Reset Poll_#1_stable.zip
2015-03-10 17:44 - 2015-03-10 17:44 - 06208736 _____ (Tim Kosse) C:\Users\David\Desktop\FileZilla_3.10.2_win32-setup.exe
2015-03-10 17:44 - 2015-03-10 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-10 17:28 - 2015-03-10 17:28 - 00000000 ____D () C:\Users\David\Documents\Ultimate Game Dev
2015-03-09 01:14 - 2015-03-09 01:14 - 00000085 _____ () C:\Windows\wininit.ini
2015-03-09 01:14 - 2015-03-09 01:14 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-07 19:38 - 2015-03-07 19:39 - 00000000 ____D () C:\Users\David\Desktop\Physik
2015-03-07 19:20 - 2015-03-07 19:20 - 00000799 _____ () C:\Users\Public\Desktop\Unity.lnk
2015-03-07 19:20 - 2015-03-07 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.0.0f4 (64-bit)
2015-03-07 15:58 - 2015-03-07 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-07 15:45 - 2015-03-11 12:01 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 15:45 - 2015-03-10 16:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 15:45 - 2015-03-07 15:58 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2015-03-07 15:45 - 2015-03-07 15:56 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-07 15:45 - 2015-03-07 15:56 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-07 15:43 - 2015-03-07 15:43 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieBrowserModeList
2015-03-07 15:42 - 2015-03-07 15:43 - 00000000 ____D () C:\Users\David\Desktop\Google
2015-03-07 12:21 - 2015-03-09 01:16 - 00000000 ____D () C:\Windows\pss
2015-03-07 11:42 - 2015-03-09 08:44 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-07 11:13 - 2015-01-23 15:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-07 11:13 - 2015-01-23 15:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-07 11:13 - 2015-01-23 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-07 11:13 - 2015-01-23 14:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-07 10:37 - 2015-03-09 01:12 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-07 10:37 - 2015-03-07 10:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-03-07 01:11 - 2014-07-01 09:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-07 01:11 - 2014-07-01 09:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-03-07 01:11 - 2014-06-06 17:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-07 01:11 - 2014-06-06 17:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-07 01:11 - 2014-03-10 08:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-07 01:11 - 2014-03-10 08:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-07 01:11 - 2014-03-10 08:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-03-07 01:11 - 2014-03-10 08:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-03-07 01:08 - 2015-01-14 16:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-07 01:08 - 2015-01-14 16:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-07 01:08 - 2015-01-12 14:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-07 01:08 - 2015-01-12 14:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-07 01:08 - 2015-01-12 14:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-07 01:08 - 2015-01-12 13:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-07 01:08 - 2015-01-12 13:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-07 01:08 - 2015-01-12 13:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-07 01:08 - 2015-01-12 13:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-07 01:08 - 2015-01-12 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-07 01:08 - 2015-01-12 13:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-07 01:08 - 2015-01-12 13:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-07 01:08 - 2015-01-12 13:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-07 01:08 - 2015-01-12 13:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-07 01:08 - 2015-01-12 13:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-07 01:08 - 2015-01-12 13:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-07 01:08 - 2015-01-12 13:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-07 01:08 - 2015-01-12 13:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-07 01:08 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-07 01:08 - 2015-01-12 13:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-07 01:08 - 2015-01-12 13:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-07 01:08 - 2015-01-12 13:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-07 01:08 - 2015-01-12 13:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-07 01:08 - 2015-01-12 13:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-07 01:08 - 2015-01-12 13:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-07 01:08 - 2015-01-12 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-07 01:08 - 2015-01-12 13:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-07 01:08 - 2015-01-12 13:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-07 01:08 - 2015-01-12 13:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-07 01:08 - 2015-01-12 12:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-07 01:08 - 2015-01-12 12:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-07 01:08 - 2015-01-12 12:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-07 01:08 - 2015-01-12 12:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-07 01:08 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-07 01:08 - 2015-01-12 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-07 01:08 - 2015-01-12 12:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-07 01:08 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-07 01:08 - 2015-01-12 12:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-07 01:08 - 2015-01-12 12:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-07 01:08 - 2015-01-12 12:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-07 01:08 - 2015-01-12 12:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-07 01:08 - 2015-01-12 12:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-07 01:08 - 2015-01-12 12:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-07 01:08 - 2015-01-12 12:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-07 01:08 - 2015-01-12 12:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-07 01:08 - 2015-01-12 12:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-07 01:08 - 2015-01-12 12:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-07 01:08 - 2015-01-12 12:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-07 01:08 - 2015-01-12 12:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-07 01:08 - 2015-01-12 12:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-07 01:08 - 2015-01-12 11:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-07 01:08 - 2015-01-12 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-07 00:27 - 2014-08-29 13:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-07 00:26 - 2015-01-14 17:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-07 00:26 - 2015-01-14 17:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-07 00:26 - 2015-01-14 17:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-07 00:26 - 2015-01-14 17:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-07 00:26 - 2015-01-14 16:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-07 00:26 - 2015-01-14 16:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-07 00:26 - 2015-01-14 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-07 00:25 - 2014-07-17 13:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-07 00:25 - 2014-07-17 13:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-07 00:25 - 2014-07-17 13:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-07 00:25 - 2014-07-17 12:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-03-07 00:25 - 2014-07-17 12:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-07 00:25 - 2014-07-17 12:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-07 00:24 - 2015-01-15 19:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-07 00:24 - 2015-01-15 19:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-07 00:24 - 2015-01-15 19:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-07 00:24 - 2015-01-15 19:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-07 00:24 - 2015-01-15 19:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-07 00:24 - 2015-01-15 19:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-07 00:24 - 2015-01-15 19:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-07 00:24 - 2015-01-15 19:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-07 00:24 - 2015-01-15 19:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-07 00:24 - 2015-01-15 19:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-07 00:24 - 2015-01-15 19:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-07 00:24 - 2015-01-15 18:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-07 00:24 - 2015-01-15 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-07 00:24 - 2015-01-15 18:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-07 00:24 - 2015-01-15 18:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-07 00:24 - 2015-01-15 18:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-07 00:24 - 2015-01-15 18:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-07 00:24 - 2015-01-15 15:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-07 00:23 - 2015-01-10 17:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-07 00:23 - 2015-01-10 17:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-07 00:23 - 2015-01-10 17:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-07 00:23 - 2014-11-11 14:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-07 00:23 - 2014-11-11 13:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-03-07 00:23 - 2014-10-14 13:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-07 00:22 - 2013-04-10 10:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-03-07 00:22 - 2013-04-03 09:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-03-07 00:21 - 2015-01-13 14:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-07 00:21 - 2015-01-13 13:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-07 00:21 - 2015-01-09 13:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-07 00:21 - 2014-10-03 13:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-07 00:21 - 2014-10-03 13:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-07 00:21 - 2014-10-03 13:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-07 00:21 - 2014-10-03 13:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-07 00:21 - 2014-10-03 13:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-07 00:21 - 2014-10-03 12:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-07 00:21 - 2014-10-03 12:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-07 00:21 - 2014-10-03 12:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-07 00:21 - 2014-08-23 13:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-07 00:21 - 2014-08-23 12:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-03-07 00:21 - 2014-07-14 13:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-07 00:21 - 2014-07-14 12:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-07 00:21 - 2014-06-19 09:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-07 00:21 - 2014-06-03 21:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-07 00:21 - 2014-06-03 21:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-07 00:21 - 2014-06-03 21:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-07 00:21 - 2014-06-03 21:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-07 00:21 - 2014-06-03 20:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-07 00:21 - 2014-06-03 20:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-07 00:21 - 2014-06-03 20:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-03-07 00:20 - 2014-12-19 14:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-07 00:20 - 2014-12-19 12:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-07 00:20 - 2014-12-12 04:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-07 00:20 - 2014-12-08 14:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-07 00:20 - 2014-12-08 13:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-07 00:20 - 2014-12-06 15:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-07 00:20 - 2014-12-06 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-07 00:20 - 2014-12-06 14:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-07 00:20 - 2014-10-25 12:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-07 00:20 - 2014-10-25 12:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-07 00:20 - 2014-10-18 13:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-07 00:20 - 2014-10-18 12:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-07 00:20 - 2014-09-04 16:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-07 00:20 - 2014-09-04 16:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-03-07 00:20 - 2014-08-30 13:10 - 06583296 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-07 00:20 - 2014-08-30 12:50 - 05702656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-07 00:20 - 2014-08-21 17:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-07 00:20 - 2014-08-21 17:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-07 00:20 - 2014-08-21 17:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-03-07 00:20 - 2014-08-21 17:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-07 00:20 - 2014-08-12 13:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-07 00:20 - 2014-08-12 12:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-07 00:20 - 2014-06-16 13:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-06 23:48 - 2015-03-06 23:48 - 00003352 _____ () C:\Users\David\Desktop\Rkill.txt
2015-03-06 23:41 - 2015-03-06 23:43 - 00000000 ____D () C:\AdwCleaner
2015-03-06 23:40 - 2015-03-06 23:40 - 00001796 _____ () C:\sc-cleaner.txt
2015-03-06 14:35 - 2015-03-09 08:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-06 14:35 - 2015-03-09 01:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-01 15:37 - 2015-03-01 15:38 - 00000000 ____D () C:\Users\David\VFX
2015-02-25 23:47 - 2015-02-25 23:47 - 00000000 ____D () C:\Users\David\AppData\Roaming\Blender Foundation
2015-02-24 09:50 - 2015-02-24 09:50 - 00000222 _____ () C:\Users\David\Desktop\Besiege.url
2015-02-23 23:37 - 2015-02-23 23:37 - 00000000 ____D () C:\Users\David\AppData\Roaming\Imagineer Systems Ltd
2015-02-23 23:34 - 2015-03-01 16:01 - 00000000 ____D () C:\TempMochaPro
2015-02-23 23:34 - 2015-02-23 23:34 - 00000000 ____D () C:\Users\David\AppData\Local\Imagineer Systems Ltd
2015-02-23 23:34 - 2015-02-23 23:34 - 00000000 ____D () C:\ProgramData\Imagineer Systems Ltd
2015-02-23 23:27 - 2015-02-23 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mocha Pro V4
2015-02-23 23:27 - 2015-02-23 23:27 - 00000000 ____D () C:\Program Files\Imagineer Systems Ltd
2015-02-23 22:50 - 2015-02-23 23:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\pftrack
2015-02-23 22:37 - 2015-02-23 23:39 - 00009188 _____ () C:\Users\David\Documents\pftrack 2012.1.log
2015-02-23 22:36 - 2015-02-23 22:48 - 00000000 ____D () C:\Program Files\The Pixel Farm
2015-02-22 23:38 - 2015-02-22 23:08 - 00002013 _____ () C:\Users\David\Desktop\boujou 5.0.lnk
2015-02-22 23:37 - 2015-02-22 23:37 - 00000000 ____D () C:\Users\David\PFTrack
2015-02-22 23:33 - 2015-02-23 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Pixel Farm
2015-02-22 23:33 - 2015-02-22 23:33 - 00002064 _____ () C:\Users\Public\Desktop\PFTrack V4.1.lnk
2015-02-22 23:33 - 2015-02-22 23:33 - 00000000 ____D () C:\Program Files (x86)\The Pixel Farm
2015-02-22 23:31 - 2015-02-22 23:31 - 00000000 ____D () C:\Users\David\AppData\Roaming\SynthEyes
2015-02-22 23:31 - 2015-02-22 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andersson Technologies LLC
2015-02-22 23:31 - 2015-02-22 23:31 - 00000000 ____D () C:\Program Files (x86)\Andersson Technologies LLC
2015-02-22 23:09 - 2015-02-22 23:09 - 00000000 ____D () C:\Users\David\Documents\SafeNet Sentinel
2015-02-22 23:08 - 2015-02-22 23:08 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel
2015-02-22 23:08 - 2015-02-22 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vicon
2015-02-22 23:08 - 2015-02-22 23:08 - 00000000 ____D () C:\Program Files (x86)\Vicon
2015-02-22 20:54 - 2015-02-22 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft
2015-02-22 20:52 - 2015-02-22 20:52 - 00000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf
2015-02-22 20:27 - 2015-02-22 20:27 - 00000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt
2015-02-22 17:45 - 2015-02-22 23:40 - 00000000 ____D () C:\Users\David\Desktop\FusionTest1
2015-02-22 17:02 - 2015-02-22 17:02 - 00000838 _____ () C:\Users\Public\Desktop\Fusion.lnk
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\Users\Public\Documents\Blackmagic Design
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\Users\David\Documents\Blackmagic Design
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\Blackmagic Design
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\ProgramData\Blackmagic Design
2015-02-22 17:02 - 2015-02-22 17:02 - 00000000 ____D () C:\Program Files\Blackmagic Design
2015-02-22 11:10 - 2015-02-22 11:38 - 00000812 _____ () C:\Users\Public\Desktop\Magicka.lnk
2015-02-22 11:10 - 2015-02-22 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magicka
2015-02-21 22:27 - 2015-02-24 00:24 - 00000000 ____D () C:\Users\David\Desktop\Torrents
2015-02-21 20:03 - 2015-02-21 20:04 - 00830660 _____ () C:\Users\David\Desktop\Magicka.Steamworks.Fix.1.4.16.0.7z
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\Users\David\Desktop\Magicka-SKIDROW
2015-02-21 19:56 - 2015-02-21 19:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive
2015-02-21 11:35 - 2015-02-21 11:35 - 00000000 ____D () C:\Users\David\AppData\Local\Steam
2015-02-20 22:17 - 2015-02-20 22:17 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2015-02-18 16:16 - 2015-02-19 01:04 - 00049206 _____ () C:\Users\David\Desktop\Cube.bmp
2015-02-18 01:00 - 2015-02-18 01:00 - 00006044 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2015-02-16 15:50 - 2015-02-16 15:50 - 00102015 _____ () C:\Users\David\Desktop\cancelled transaction.xps
2015-02-16 10:18 - 2015-02-16 10:18 - 00000000 ____D () C:\Users\David\AppData\Local\EMU
2015-02-16 00:17 - 2015-02-16 00:17 - 00000858 _____ () C:\Users\Public\Desktop\Worms Clan Wars.lnk
2015-02-16 00:17 - 2015-02-16 00:17 - 00000000 ___HD () C:\Windows\PIF
2015-02-16 00:17 - 2015-02-16 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worms Clan Wars
2015-02-15 17:11 - 2015-02-15 17:11 - 00000000 ____D () C:\Users\David\Documents\Petroglyph
2015-02-15 17:10 - 2015-02-15 17:10 - 00000817 _____ () C:\Users\Public\Desktop\Grey Goo.lnk
2015-02-15 17:10 - 2015-02-15 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grey Goo
2015-02-14 11:52 - 2015-02-14 11:52 - 1862546398 _____ () C:\Windows\MEMORY.DMP
2015-02-14 11:52 - 2015-02-14 11:52 - 00291616 _____ () C:\Windows\Minidump\021415-7796-01.dmp
2015-02-11 12:48 - 2015-02-11 12:50 - 00000000 ____D () C:\Users\David\AppData\Roaming\Nidhogg
2015-02-11 12:29 - 2015-02-11 12:29 - 00000788 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nidhogg.lnk
2015-02-11 12:29 - 2015-02-11 12:29 - 00000776 _____ () C:\Users\Public\Desktop\Nidhogg.lnk
2015-02-11 12:29 - 2015-02-11 12:29 - 00000000 ____D () C:\Program Files (x86)\Nidhogg
2015-02-10 21:49 - 2015-02-10 21:49 - 00000000 ____D () C:\Users\David\AppData\Roaming\Acronis
2015-02-10 21:46 - 2015-02-11 00:15 - 00000000 ____D () C:\ProgramData\Acronis
2015-02-10 21:46 - 2015-02-10 21:46 - 01464096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00269600 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\snapman.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00198432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00161568 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vididr.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00117024 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\vidsflt.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00116000 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2015-02-10 21:46 - 2015-02-10 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2015-02-10 21:46 - 2015-02-10 21:46 - 00000000 ____D () C:\Program Files (x86)\Acronis

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 12:04 - 2009-07-14 15:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 12:04 - 2009-07-14 15:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 11:10 - 2014-06-23 15:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-11 10:10 - 2014-02-28 12:35 - 01643285 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 01:30 - 2013-09-29 19:05 - 00000000 ____D () C:\Users\David\AppData\Roaming\FileZilla
2015-03-10 17:28 - 2014-11-22 13:00 - 00000000 ____D () C:\Users\David\Desktop\Stiff to Sort
2015-03-09 15:54 - 2014-03-01 00:06 - 00000000 ____D () C:\ProgramData\Unity
2015-03-09 10:22 - 2014-11-20 17:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-09 10:22 - 2013-10-06 11:26 - 00000000 ____D () C:\Program Files (x86)\Mumble
2015-03-09 10:21 - 2013-10-06 11:26 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mumble
2015-03-09 08:54 - 2015-01-09 23:44 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-03-09 08:54 - 2013-09-26 17:39 - 00000000 ____D () C:\Users\David\AppData\Local\Deployment
2015-03-09 08:48 - 2009-07-14 16:13 - 00801230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-09 08:44 - 2014-11-28 13:43 - 00028714 _____ () C:\Windows\setupact.log
2015-03-09 08:44 - 2014-10-04 11:02 - 00000000 ____D () C:\ProgramData\VMware
2015-03-09 08:44 - 2014-03-01 09:43 - 01173160 _____ () C:\Windows\PFRO.log
2015-03-09 08:44 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 01:16 - 2015-01-10 13:41 - 00003018 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-03-09 00:10 - 2014-10-24 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2015-03-08 22:31 - 2014-12-26 23:51 - 00003015 _____ () C:\Users\David\Desktop\thang.txt
2015-03-07 19:45 - 2013-10-27 00:09 - 00000000 ____D () C:\Users\David\AppData\Roaming\Unity
2015-03-07 19:21 - 2013-09-28 13:44 - 00000000 ____D () C:\Users\David\AppData\Local\Unity
2015-03-07 15:58 - 2013-09-26 17:40 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-07 15:44 - 2014-10-13 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-07 15:40 - 2013-11-09 14:20 - 00007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-03-07 12:59 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache
2015-03-07 12:12 - 2009-07-14 13:34 - 00000496 _____ () C:\Windows\win.ini
2015-03-07 12:11 - 2014-06-23 17:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 11:24 - 2014-06-09 17:35 - 00000000 ____D () C:\Program Files\DebugDiag
2015-03-07 11:14 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Registration
2015-03-07 10:49 - 2009-07-14 15:45 - 00361888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-07 10:48 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-07 10:43 - 2014-08-04 02:06 - 00291282 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-03-07 10:42 - 2014-08-04 02:03 - 00290704 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-03-07 10:40 - 2014-02-27 19:35 - 00793352 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-07 01:15 - 2014-03-01 06:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-06 16:39 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\Web
2015-03-06 14:29 - 2014-11-22 09:29 - 00000000 ____D () C:\Windows\Minidump
2015-03-05 09:21 - 2013-09-28 01:23 - 00000000 ____D () C:\Users\David\AppData\Roaming\Free Download Manager
2015-03-04 00:17 - 2014-02-27 22:50 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 15:37 - 2014-02-27 17:44 - 00000000 ____D () C:\Users\David
2015-02-28 12:50 - 2015-01-10 13:42 - 00003208 _____ () C:\Windows\System32\Tasks\NIUpdateServiceCheckTask
2015-02-25 23:02 - 2013-10-05 13:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\BitTorrent
2015-02-24 09:50 - 2014-02-13 13:45 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-23 23:22 - 2013-10-01 13:36 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-02-22 20:54 - 2013-10-02 14:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-21 21:49 - 2014-02-27 19:31 - 00610404 _____ () C:\Windows\DirectX.log
2015-02-21 13:09 - 2014-04-04 13:13 - 00000000 ____D () C:\ProgramData\Origin
2015-02-21 13:02 - 2014-04-04 13:42 - 00291296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-02-21 13:02 - 2014-04-04 13:32 - 00291296 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-02-21 13:00 - 2014-02-16 00:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-02-21 12:55 - 2014-04-04 13:33 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-02-20 22:34 - 2013-12-26 00:18 - 00000000 ____D () C:\Program Files (x86)\Minecraft
2015-02-18 01:00 - 2013-09-29 14:09 - 00000000 ___HD () C:\Users\David\.gimp-2.8
2015-02-16 17:07 - 2013-09-29 14:12 - 00000000 ____D () C:\Users\David\AppData\Local\gtk-2.0
2015-02-13 15:15 - 2014-12-30 13:13 - 00000000 ____D () C:\Users\David\Documents\Arduino
2015-02-13 12:18 - 2014-02-27 19:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 11:05 - 2015-01-27 22:09 - 00000000 ____D () C:\Users\David\mapscache
2015-02-11 11:05 - 2015-01-27 22:09 - 00000000 ____D () C:\Users\David\apmplanner2

==================== Files in the root of some directories =======

2014-11-11 20:55 - 2014-11-11 20:55 - 14147584 _____ () C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-12-31 23:52 - 2014-01-01 00:02 - 0065617 _____ () C:\Users\David\AppData\Roaming\Camdata.ini
2013-12-31 23:52 - 2014-01-01 00:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamLayout.ini
2013-12-31 23:52 - 2014-01-01 00:02 - 0000408 _____ () C:\Users\David\AppData\Roaming\CamShapes.ini
2013-12-31 23:52 - 2014-01-01 00:02 - 0004548 _____ () C:\Users\David\AppData\Roaming\CamStudio.cfg
2015-01-17 14:22 - 2015-01-18 13:18 - 0000699 _____ () C:\Users\David\AppData\Roaming\DriveCalculator Preferences
2014-12-28 10:08 - 2014-12-28 22:57 - 0003982 _____ () C:\Users\David\AppData\Roaming\LTspiceIV.ini
2014-02-07 09:30 - 2014-05-14 18:22 - 0000813 _____ () C:\Users\David\AppData\Roaming\MPQEditor.ini
2013-12-31 23:51 - 2013-12-31 23:52 - 0000096 _____ () C:\Users\David\AppData\Roaming\version2.xml
2014-04-05 15:22 - 2014-04-18 18:18 - 0003584 _____ () C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 17:28 - 2014-08-14 17:28 - 1065984 _____ () C:\Users\David\AppData\Local\file__0.localstorage
2013-10-24 11:05 - 2013-10-24 11:05 - 0000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat
2013-10-25 14:19 - 2013-10-25 14:19 - 0000000 ___SH () C:\Users\David\AppData\Local\LumaEmu
2015-02-18 01:00 - 2015-02-18 01:00 - 0006044 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2013-11-09 14:20 - 2015-03-07 15:40 - 0007631 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-02-22 20:52 - 2015-02-22 20:52 - 0000080 _____ () C:\Users\David\AppData\Local\X-Plane Installer.prf
2015-02-22 20:27 - 2015-02-22 20:27 - 0000036 _____ () C:\Users\David\AppData\Local\x-plane_install_10.txt
2014-08-31 12:26 - 2014-08-31 12:26 - 0000044 _____ () C:\ProgramData\.SimImages

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\David\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\David\AppData\Local\Temp\Installer_Windows.exe
C:\Users\David\AppData\Local\Temp\pftrack-4.1r2.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\David\AppData\Local\Temp\sfamcc00001.dll
C:\Users\David\AppData\Local\Temp\sfareca00001.dll
C:\Users\David\AppData\Local\Temp\sfextra.dll
C:\Users\David\AppData\Local\Temp\sonarinst.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll
C:\Users\David\AppData\Local\Temp\syn07setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 10:06

==================== End Of Log ============================

Attached Files


Edited by Clonkex, 11 March 2015 - 12:15 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 AM

Posted 14 March 2015 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 ss_bbus; system32\DRIVERS\ss_bbus.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:07BB519E

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#3 Clonkex

Clonkex
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Tablelands, NSW, Australia
  • Local time:08:12 PM

Posted 14 March 2015 - 10:34 AM

I don't know if the issue is fixed yet. Right now it's 2.30am and I'm very, very tired, so I'll do some proper tests tomorrow and report back. Thanks for your help so far :)
 
Here's the results from FRST:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by David at 2015-03-15 02:25:22 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKU\S-1-5-21-715575704-4020683070-549173419-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 ss_bbus; system32\DRIVERS\ss_bbus.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:07BB519E
 
End
*****************
 
Processes closed successfully.
HKU\S-1-5-21-715575704-4020683070-549173419-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
ss_bbus => Service deleted successfully.
C:\ProgramData\TEMP => ":07BB519E" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 02:25:23 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 AM

Posted 14 March 2015 - 01:02 PM

Keep me posted.

#5 Clonkex

Clonkex
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Tablelands, NSW, Australia
  • Local time:08:12 PM

Posted 15 March 2015 - 11:51 PM

Ok, so I believe the virus is removed on my PC. I have seen no evidence of it for several days. However, I believe we still have the problem on several other computers. It's my opinion that it would be safe to run that FRST script on the other computers as well, but I'm not sure whether the virus will be named the same on the other computers. If the problem was related to the Google Policy Restriction, then the script should work, but if the problem was the ADS, then the name may be randomised.

 

My next step will be to run FRST again on my PC and post it (FRST.txt) here (since I assume that's what you'll want - if not, just say so :)), and then run the program on all other computers and compare the logs. That way I hope to determine which of the items the FRST script fixed was the cause of the virus.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 AM

Posted 16 March 2015 - 06:57 AM

We do not service 2 computers on the same topic.
As you said the issues is the same but the fix may be different.

Run the FRST tool on the other computer(s).

Create a new topic for each computer and post the log for that computer.

When done post the links here. I will review the logs and expedite the matter.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 AM

Posted 22 March 2015 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users