Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Panda Antivirus comprimised


  • Please log in to reply
9 replies to this topic

#1 Mattwo

Mattwo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 11 March 2015 - 08:39 PM

I am using Windows 8.1 64-bit
 
Panda cloud antivirus crashed and refused to load, so I tried to install panda pro 
antivirus(and while I was uninstalling the cloud antivirus, it froze partway, so I ended 
the process and tried again, but it gave me an error in spanish, so I used revo uninstaller to remove it instead), but there's no text in the program! I remembered that I had set one of my language settings to japanese because I had to unzip some 3D models with the folder names intact, but when I rebooted my computer after changing it back, many of the essential files for Panda Antivirus were missing, including the uninstaller but it still thought it was installed. Revo did not help this time.
 
Also, before I downloaded panda pro and revo, I had some issues with crossrider in chrome that malwarebytes removed(there doesn't appear to be an option to export the log as a text file). It made it so I couldn't download or upload any files and randomly scrolled down youtube video pages or removed the scrollbar, very inconsistent issues to say the least. I'm not sure if this is related, but it might be.
 
I have prepared these logs for your convenience.
 
 
 Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31
 Adobe Flash Player 16.0.0.305  
 Google Chrome (40.0.2214.115) 
 Google Chrome (41.0.2272.89) 
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbam.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
 
 
Farbar Service Scanner Version: 17-01-2015
Ran by Mat (administrator) on 11-03-2015 at 18:35:01
Running from "C:\Users\Mat\Downloads"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
 
\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
 
 
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:29:39 PM, on 3/11/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mat\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
http://g.msn.com/HPDSK14/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
http://g.msn.com/HPDSK14/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
 
http://g.msn.com/HPDSK14/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
 
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
 
http://g.msn.com/HPDSK14/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows
 
\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\windows\SysWOW64\userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
 
\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program 
 
Files (x86)\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:
 
\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program 
 
Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
 
\HPNetworkCheckPlugin.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program 
 
Files (x86)\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe
 
\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard
 
\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java 
 
Update\jusched.exe"
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized 
 
/regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" 
 
/MONITOR
O4 - HKCU\..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_00A3C4DDD362FC3807A3726B34A9ED52] "C:\Program 
 
Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources
 
\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - 
 
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck
 
\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework
 
\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-
 
DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources
 
\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{680FE98A-7B94-4666-8A3E-58BA116B2C48}: NameServer 
 
= 192.168.1.1,8.8.8.8
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files 
 
(x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe 
 
Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows
 
\System32\alg.exe (file missing)
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - Unknown owner - 
 
C:\ProgramData\BitRaider\BRSptStub.exe (file missing)
O23 - Service:  HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:
 
\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:
 
\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - c:\Program 
 
Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - c:\Program Files 
 
(x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows
 
\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows
 
\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent 
 
Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files 
 
(x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program 
 
Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files 
 
(x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:
 
\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) 
 
- Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common
 
\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel 
 
Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service
 
\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) 
 
- Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - 
 
Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - 
 
c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® 
 
Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel
 
\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - 
 
Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components
 
\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe 
 
(file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) 
 
- Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components
 
\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe 
 
(file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:
 
\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows
 
\system32\GameMon.des.exe (file missing)
O23 - Service:  HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files
 
\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin
 
\OriginClientService.exe
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files 
 
(x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: panda_url_filtering Service (panda_url_filtering) - Panda Security - C:
 
\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:
 
\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows
 
\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files 
 
(x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:
 
\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:
 
\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:
 
\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:
 
\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common 
 
Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program 
 
Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:
 
\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:
 
\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows
 
\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows
 
\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:
 
\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown 
 
owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown 
 
owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - 
 
C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - 
 
Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12398 bytes

Edited by Queen-Evie, 12 March 2015 - 07:14 AM.
moved from Am I Infected to Malware Removal Logs forum. HTJ logs are allowed only in MRL


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 15 March 2015 - 09:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running now?

#3 Mattwo

Mattwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 15 March 2015 - 03:49 PM

Well I found out that youtube video pages are still randomly scrolling down. Like I said, the problems were inconsistent, though none of the rest of the problems seem to have returned.

 

I didn't remove anything I wasn't sure about, but here's the logs you requested. Just for the record, Firefox is not presently installed and I do not use IE, only chrome.

 

# AdwCleaner v4.112 - Logfile created 15/03/2015 at 13:39:48
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Mat - MAT2
# Running from : C:\Users\Mat\Downloads\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Mat\AppData\Local\torch
[x] Not Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp
File Deleted : C:\END
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Deleted : C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\torch
Key Deleted : HKLM\SOFTWARE\torch
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v41.0.2272.89
 
[C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R1].txt - [3181 bytes] - [15/03/2015 13:38:20]
AdwCleaner[S0].txt - [3132 bytes] - [15/03/2015 13:39:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3191  bytes] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Mat (administrator) on MAT2 on 15-03-2015 13:29:34
Running from C:\Users\Mat\Downloads
Loaded Profiles: Mat (Available profiles: Mat)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security) C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2793016 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [154680 2013-09-05] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456296 2014-09-17] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-02-27] (Raptr, Inc)
HKLM\...\Winlogon: [Userinit] C:\windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\...\Run: [GoogleChromeAutoLaunch_00A3C4DDD362FC3807A3726B34A9ED52] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-06] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK14/1
HKU\S-1-5-21-995401230-3401810522-3088764369-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-995401230-3401810522-3088764369-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-05] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll [2014-10-17] ()
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Tcpip\..\Interfaces\{680FE98A-7B94-4666-8A3E-58BA116B2C48}: [NameServer] 192.168.1.1,8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.tumblr.com/dashboard", "hxxp://webmail.aol.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Heartbeat) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aailiojlhjbichheofhdpcongebcgcgm [2015-01-18]
CHR Extension: (Google Slides) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Adblock Plus) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-08]
CHR Extension: (Google Search) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Tumblr Hate) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijmmhejgoenehpmbiajimmfgjegkcej [2014-12-08]
CHR Extension: (Ponyhoof) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjjgphedlaihnlgaibiaihhmhaejjdd [2014-12-08]
CHR Extension: (APNG) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2014-12-08]
CHR Extension: (Google Sheets) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-08]
CHR Extension: (XKit) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-08]
CHR Extension: (AdBlock) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-08]
CHR Extension: (Save to Pulse) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\imnghiiajfangdaolekmphkaohhcnklj [2014-12-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (ClipConverter) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\njjjgjlocdhecpgdcfjblcnfebfnmhpp [2015-02-24]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-08]
CHR Extension: (Tumblr Savior) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-12-08]
CHR Extension: (ScriptSafe) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-12-08]
CHR Extension: (Fullscreen Anything) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh [2015-02-21]
CHR Extension: (No Name) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2015-02-21]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (Google Docs) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Google Search) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (Google Docs) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Adblock Plus) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-16]
CHR Extension: (Google Search) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (XKit) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-16]
CHR Extension: (AdBlock) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (Google Docs) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Google Search) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
CHR Profile: C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-16]
CHR Extension: (Google Docs) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-16]
CHR Extension: (Google Drive) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-16]
CHR Extension: (YouTube) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-16]
CHR Extension: (Google Search) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-16]
CHR Extension: (Google Sheets) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-16]
CHR Extension: (Gmail) - C:\Users\Mat\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-16]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-09-05] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-12] (Intel Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-09-05] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-16] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe [296760 2014-09-19] (Panda Security)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S3 BRSptStub; "C:\ProgramData\BitRaider\BRSptStub.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-08-12] (Intel Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2015-02-08] (MotioninJoy) [File not signed]
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2014-10-28] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 panda_url_filteringd; C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 mfefire; No ImagePath
U3 MSK80Service; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-15 13:29 - 2015-03-15 13:29 - 00029848 _____ () C:\Users\Mat\Downloads\FRST.txt
2015-03-15 13:29 - 2015-03-15 13:29 - 00000000 ____D () C:\FRST
2015-03-15 13:28 - 2015-03-15 13:29 - 02095616 _____ (Farbar) C:\Users\Mat\Downloads\FRST64.exe
2015-03-14 16:59 - 2015-03-14 17:08 - 00093900 _____ () C:\Users\Mat\Downloads\Brainiac.jpeg
2015-03-14 11:29 - 2015-03-14 11:29 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\VSelect
2015-03-14 09:32 - 2015-03-14 09:32 - 00000000 ____D () C:\Users\Mat\Downloads\wmc
2015-03-14 09:31 - 2015-03-14 09:31 - 00921935 _____ () C:\Users\Mat\Downloads\mwc4h.zip
2015-03-14 09:18 - 2015-03-14 13:02 - 00000000 ____D () C:\Users\Mat\Downloads\IMT
2015-03-14 09:15 - 2015-03-14 09:15 - 00000000 ____D () C:\Users\Mat\Downloads\NO$GBA
2015-03-14 09:14 - 2015-03-14 09:14 - 00000000 ____D () C:\Users\Mat\Downloads\Staedty's Downfall stuff
2015-03-14 08:30 - 2015-03-14 08:53 - 284303255 _____ () C:\Users\Mat\Downloads\PSO2 White Day EQ 2015.mp4
2015-03-13 21:33 - 2015-03-13 21:33 - 05192059 _____ () C:\Users\Mat\Downloads\Japanese Ponyville (V1.1).zip
2015-03-13 21:33 - 2015-03-13 21:33 - 03130941 _____ () C:\Users\Mat\Downloads\Canterlot High Exterior (V1.1).rar
2015-03-13 21:33 - 2015-03-13 21:33 - 02221443 _____ () C:\Users\Mat\Downloads\Niceland (V1.1).rar
2015-03-13 20:54 - 2015-03-13 20:55 - 78866170 _____ () C:\Users\Mat\Downloads\Project DIVA f - Online Game Addicts Sprechchor (English-Romaji subs).mp4
2015-03-13 19:09 - 2015-03-13 19:27 - 00937434 _____ () C:\Users\Mat\Downloads\ネトゲ廃人シュプレヒコールモーション.zip
2015-03-13 16:45 - 2015-03-13 16:45 - 01858008 _____ () C:\Users\Mat\Downloads\ver1.2.lzh
2015-03-13 16:35 - 2015-03-13 16:35 - 04057545 _____ () C:\Users\Mat\Downloads\niconicoallstar.zip
2015-03-13 13:15 - 2015-03-13 13:15 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\PACE Anti-Piracy
2015-03-13 13:15 - 2015-03-13 13:15 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-03-13 12:33 - 2015-03-13 12:33 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-03-13 02:23 - 2015-03-13 08:33 - 00000000 ____D () C:\3590F75ABA9E485486C100C1A9D4FF06ZZ....Z.Z....Z.Z
2015-03-12 08:57 - 2015-03-12 08:58 - 00000000 ____D () C:\Users\Mat\Downloads\Gummy
2015-03-12 08:57 - 2015-03-12 08:57 - 01083827 _____ () C:\Users\Mat\Downloads\gummy__dl__by_edplus-d8le4yt.zip
2015-03-11 22:23 - 2015-03-11 22:23 - 00000000 ____D () C:\Users\Mat\Documents\NCSOFT
2015-03-11 20:14 - 2015-03-11 20:14 - 00020276 _____ () C:\Users\Mat\Downloads\[kickass.to]lego.batman.3.beyond.gotham.update.2.dlc.2014.repack.r.g.freedom.torrent
2015-03-11 19:27 - 2015-03-11 19:27 - 00001203 _____ () C:\Users\Public\Desktop\WildStar.lnk
2015-03-11 19:27 - 2015-03-11 19:27 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\NCSOFT
2015-03-11 19:27 - 2015-03-11 19:27 - 00000000 ____D () C:\Users\Mat\AppData\Local\NCSOFT
2015-03-11 19:27 - 2015-03-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2015-03-11 19:27 - 2015-03-11 19:27 - 00000000 ____D () C:\Program Files (x86)\NCSOFT
2015-03-11 19:03 - 2015-03-03 06:17 - 00295552 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-11 16:55 - 2015-03-11 19:12 - 00000000 _____ () C:\Users\Mat\Documents\errorissue.txt
2015-03-11 16:44 - 2015-03-11 16:45 - 00002219 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2015.lnk
2015-03-11 16:44 - 2015-03-11 16:44 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Panda Security
2015-03-11 16:30 - 2015-03-11 16:30 - 00001287 _____ () C:\Users\Mat\Desktop\Revo Uninstaller.lnk
2015-03-11 16:30 - 2015-03-11 16:30 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-03-11 16:21 - 2015-03-15 08:31 - 00551579 _____ () C:\windows\WindowsUpdate.log
2015-03-11 14:58 - 2015-03-11 14:58 - 01649936 _____ () C:\Users\Mat\Downloads\PANDAAP15.exe
2015-03-10 19:02 - 2015-03-10 19:02 - 00788754 _____ () C:\Users\Mat\Downloads\MMD_Cosmic_Cube.zip
2015-03-09 19:25 - 2015-03-09 19:25 - 00000000 ____D () C:\Users\Mat\Downloads\win64_153614
2015-03-09 19:23 - 2015-03-09 19:23 - 00003112 _____ () C:\windows\System32\Tasks\{35B1FB85-1632-4256-888B-5BB5F311827D}
2015-03-09 18:56 - 2015-03-09 18:56 - 00000000 ____D () C:\windows\LastGood
2015-03-09 18:48 - 2015-03-09 18:48 - 135090605 _____ () C:\Users\Mat\Downloads\10944417_1004754476218718_1309856604_n.mp4
2015-03-09 16:16 - 2015-03-09 16:16 - 00000000 ____D () C:\windows\LastGood.Tmp
2015-03-09 11:37 - 2015-03-09 11:37 - 00002109 _____ () C:\Users\Public\Desktop\SDFormatter.lnk
2015-03-09 11:37 - 2015-03-09 11:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2015-03-09 11:37 - 2015-03-09 11:37 - 00000000 ____D () C:\Program Files (x86)\SDA
2015-03-09 11:36 - 2015-03-09 11:36 - 00000000 ____D () C:\Users\Mat\AppData\Local\Downloaded Installations
2015-03-09 11:35 - 2015-03-09 11:36 - 00000000 ____D () C:\Users\Mat\Documents\sdcard
2015-03-09 10:51 - 2015-01-15 15:43 - 00563504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-09 10:51 - 2015-01-15 15:43 - 00177984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-09 10:51 - 2015-01-13 21:22 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-03-09 10:51 - 2015-01-13 20:53 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-03-09 10:50 - 2015-01-13 15:11 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-09 10:50 - 2015-01-13 15:04 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-03-09 10:50 - 2014-12-13 14:28 - 00513488 _____ () C:\windows\SysWOW64\locale.nls
2015-03-09 10:50 - 2014-12-13 14:28 - 00513488 _____ () C:\windows\system32\locale.nls
2015-03-09 10:50 - 2014-12-08 20:45 - 00393728 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-03-09 10:50 - 2014-12-08 18:56 - 00538624 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-03-09 10:50 - 2014-12-08 16:12 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-03-09 10:48 - 2015-01-19 11:42 - 01487976 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-03-09 10:48 - 2015-01-10 02:10 - 07472960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-09 10:48 - 2015-01-10 02:10 - 01733440 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-03-09 10:48 - 2015-01-10 01:28 - 01498360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-03-09 10:47 - 2015-02-03 16:38 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-09 10:47 - 2015-02-03 16:08 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-09 10:47 - 2015-02-03 16:08 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-09 10:47 - 2015-02-02 16:11 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-09 10:47 - 2015-02-02 16:11 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-09 10:47 - 2015-02-02 16:11 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-09 10:47 - 2015-01-10 01:22 - 04175872 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-09 10:47 - 2015-01-10 00:00 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-09 10:47 - 2015-01-09 23:38 - 00359424 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-03-09 10:47 - 2014-12-19 01:57 - 00788680 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-03-09 10:47 - 2014-12-19 01:25 - 00602776 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-03-09 10:46 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-09 10:46 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-09 10:46 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-09 10:46 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-09 10:46 - 2015-01-11 19:34 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-03-09 10:46 - 2015-01-11 19:32 - 06041088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-09 10:46 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-03-09 10:46 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-09 10:46 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-03-09 10:46 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-09 10:46 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-03-09 10:46 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-03-09 10:46 - 2015-01-11 18:58 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-03-09 10:46 - 2015-01-11 18:55 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-03-09 10:46 - 2015-01-11 18:51 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-03-09 10:46 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-09 10:46 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-09 10:46 - 2015-01-11 18:48 - 00374272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-09 10:46 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-09 10:46 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-03-09 10:46 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-09 10:46 - 2015-01-11 18:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2015-03-09 10:46 - 2015-01-11 18:30 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-03-09 10:46 - 2015-01-11 18:29 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-03-09 10:46 - 2015-01-11 18:27 - 02865152 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-03-09 10:46 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-09 10:46 - 2015-01-11 18:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-03-09 10:46 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-03-09 10:46 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-03-09 10:46 - 2015-01-11 18:23 - 00327168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-03-09 10:46 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-03-09 10:46 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-09 10:46 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-09 10:46 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-03-09 10:46 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-03-09 10:46 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-03-07 15:29 - 2015-03-07 15:30 - 276048941 _____ () C:\Users\Mat\Downloads\KICKASS Ridley Mod in Project M! (Moveset and Gameplay Showcase!).mp4
2015-03-07 10:15 - 2015-03-07 10:22 - 70446012 _____ () C:\Users\Mat\Downloads\Super Mario RPG with Kiwi; Episode 14 I WIN! SCREW YOU BOSHI!.mp4
2015-03-07 10:15 - 2015-03-07 10:17 - 47266741 _____ () C:\Users\Mat\Downloads\PSPort2- Made Pizza by PSO Cakesisters.mp4
2015-03-07 10:12 - 2015-03-07 10:12 - 00002981 _____ () C:\Users\Mat\Documents\4 obscure gaming facts.txt
2015-03-07 10:11 - 2015-03-07 10:12 - 13134044 _____ () C:\Users\Mat\Downloads\#26 Phantasy Star Online - Chronicles of August - CAKE SHOP.mp4
2015-03-07 10:07 - 2015-03-07 10:11 - 25488408 _____ () C:\Users\Mat\Downloads\Let's Play Phantasy Star Generation 1, Part 7- Dungeon Bakery and Sweet Toothed Governor.mp4
2015-03-07 10:05 - 2015-03-07 10:06 - 07035360 _____ () C:\Users\Mat\Downloads\Let's play Phantasy Star -10- Best shop location ever.mp4
2015-03-06 12:58 - 2015-03-06 12:58 - 00220062 _____ () C:\Users\Mat\Downloads\Toy Story ending.mp4
2015-03-06 12:55 - 2015-03-06 12:55 - 01382982 _____ () C:\Users\Mat\Downloads\Segata Sanshiro - End.mp4
2015-03-06 12:53 - 2015-03-06 12:53 - 03821899 _____ () C:\Users\Mat\Downloads\Segata Sanshiro in Sonic & All-Stars Racing Transformed.mp4
2015-03-06 12:48 - 2015-03-06 12:48 - 11062098 _____ () C:\Users\Mat\Downloads\Rent A Hero No. 1 - Unreleased Xbox English Version - Featuring Segata Sanshiro [RARE XBOX GAME].mp4
2015-03-06 09:12 - 2015-03-06 09:12 - 06489656 _____ () C:\Users\Mat\Downloads\Twi.bmp
2015-03-04 08:52 - 2015-03-04 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2015-03-04 08:52 - 2015-03-04 08:52 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2015-03-04 08:50 - 2015-03-04 08:50 - 00000000 ____D () C:\Users\Mat\AppData\Local\pinger.com
2015-03-04 08:46 - 2015-03-04 08:49 - 00000685 _____ () C:\Users\Mat\Documents\Uninstall STAR WARS The Old Republic.log
2015-03-04 08:44 - 2015-03-04 08:44 - 00002674 _____ () C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\defrag.lnk
2015-03-04 08:40 - 2015-03-05 14:04 - 00292757 _____ () C:\Users\Mat\Downloads\Untitled.prproj
2015-03-03 19:47 - 2015-03-03 19:47 - 10420256 _____ (CCCP Project ) C:\Users\Mat\Downloads\Combined-Community-Codec-Pack-2014-07-13.exe
2015-03-01 09:46 - 2015-03-01 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-03-01 09:45 - 2015-03-01 09:45 - 00004273 _____ () C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qbittorrent.lnk
2015-02-25 12:03 - 2015-02-25 12:03 - 00197392 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINKNC.sys
2015-02-25 12:03 - 2015-02-25 12:03 - 00163088 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINAflt.sys
2015-02-25 12:03 - 2015-02-25 12:03 - 00133904 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINProt.sys
2015-02-25 12:03 - 2015-02-25 12:03 - 00124176 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINProc.sys
2015-02-25 12:03 - 2015-02-25 12:03 - 00121616 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINFile.sys
2015-02-25 12:03 - 2015-02-25 12:03 - 00107792 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSINReg.sys
2015-02-25 03:57 - 2015-03-13 18:38 - 00000000 ____D () C:\Users\Mat\Downloads\Encoded Files
2015-02-25 02:14 - 2015-02-25 02:14 - 00003090 _____ () C:\windows\System32\Tasks\{ED3D1516-D4D3-4C63-BBC6-64B715442D89}
2015-02-25 02:14 - 2015-02-25 02:14 - 00003090 _____ () C:\windows\System32\Tasks\{52E7B7E2-E271-49A9-BDC6-409133913C43}
2015-02-25 01:42 - 2015-03-01 12:04 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-25 01:42 - 2015-02-25 01:42 - 00000000 ____D () C:\Program Files\WinRAR
2015-02-24 23:31 - 2015-03-11 18:08 - 00490308 _____ () C:\windows\system32\perfh011.dat
2015-02-24 23:31 - 2015-03-11 18:08 - 00140018 _____ () C:\windows\system32\perfc011.dat
2015-02-24 23:31 - 2015-02-24 23:28 - 00144476 _____ () C:\windows\system32\perfi011.dat
2015-02-24 23:31 - 2015-02-24 23:28 - 00033362 _____ () C:\windows\system32\perfd011.dat
2015-02-24 23:29 - 2015-02-24 23:29 - 00000000 ____D () C:\windows\SysWOW64\XPSViewer
2015-02-24 23:29 - 2015-02-24 23:29 - 00000000 ____D () C:\windows\SysWOW64\ja
2015-02-24 23:29 - 2015-02-24 23:29 - 00000000 ____D () C:\windows\system32\ja
2015-02-24 23:19 - 2013-08-22 06:30 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\lzhfldr2.dll
2015-02-24 23:19 - 2013-08-21 23:15 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\lzhfldr2.dll
2015-02-24 23:06 - 2015-02-25 02:14 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2015-02-24 06:47 - 2015-02-24 06:47 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 06:39 - 2015-02-24 23:07 - 00000000 ____D () C:\Users\Mat\AppData\Local\Torch
2015-02-24 04:19 - 2015-03-14 09:19 - 00000000 ____D () C:\Users\Mat\Downloads\Adobe Premiere Pro Auto-Save
2015-02-24 01:27 - 2015-03-14 09:39 - 03480493 _____ () C:\Users\Mat\Downloads\Genesis Part 2 - A button is for apple - Watch Me Suck.prproj
2015-02-22 23:06 - 2015-03-13 19:22 - 00000000 ____D () C:\Users\Mat\Downloads\Adobe Premiere Pro Preview Files
2015-02-20 00:14 - 2015-02-20 00:14 - 00000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe GIF Format CS5 Prefs
2015-02-17 20:59 - 2015-02-17 20:59 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Adobe Mini Bridge CS5
2015-02-14 15:25 - 2015-02-14 15:25 - 09179164 _____ () C:\Users\Mat\Documents\Pokemon Snap (USA).zip
2015-02-14 15:23 - 2015-02-14 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-02-14 15:23 - 2015-02-14 15:23 - 00000000 ____D () C:\Program Files (x86)\Project64 2.1
2015-02-13 22:23 - 2015-02-13 22:26 - 00000000 ____D () C:\Users\Mat\Documents\Heroes of the Storm
2015-02-13 22:08 - 2015-02-13 22:08 - 00001208 _____ () C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-02-13 22:08 - 2015-02-13 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-02-13 16:34 - 2015-02-13 22:23 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-15 13:09 - 2014-12-08 12:59 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-15 13:08 - 2014-12-08 13:41 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Skype
2015-03-15 13:00 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru
2015-03-15 12:48 - 2015-01-28 00:58 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 11:03 - 2014-12-08 13:17 - 00000000 ____D () C:\ProgramData\panda_url_filtering
2015-03-15 06:03 - 2015-02-05 07:42 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Raptr
2015-03-14 20:27 - 2014-12-08 12:53 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-995401230-3401810522-3088764369-1001
2015-03-14 20:25 - 2014-12-24 15:14 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-14 20:09 - 2014-12-08 12:59 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 20:05 - 2014-12-08 12:48 - 00003902 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{2B77F7EA-601B-419F-9CE9-442F633EB348}
2015-03-14 13:11 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\AppReadiness
2015-03-14 10:15 - 2014-12-31 07:26 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\Audacity
2015-03-14 09:39 - 2014-12-09 14:07 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\OBS
2015-03-14 09:17 - 2014-04-10 14:16 - 00000000 ____D () C:\Users\Mat\Downloads\yuya sakaki
2015-03-14 09:16 - 2013-03-10 13:00 - 00000000 ____D () C:\Users\Mat\Downloads\Yusei_v_1_3
2015-03-14 09:16 - 2013-03-10 12:55 - 00000000 ____D () C:\Users\Mat\Downloads\jaden
2015-03-14 09:14 - 2014-03-21 07:31 - 00000000 ____D () C:\Users\Mat\Downloads\Satoshi XY 1.1
2015-03-13 20:02 - 2014-12-08 23:14 - 00000000 ____D () C:\Tweaker
2015-03-13 20:02 - 2014-12-08 13:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-13 08:48 - 2014-12-14 18:32 - 00005062 _____ () C:\Users\Mat\Documents\HHH Notes.txt
2015-03-11 19:03 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-03-11 18:29 - 2014-12-08 12:48 - 00000000 ____D () C:\Users\Mat\AppData\Local\VirtualStore
2015-03-11 18:08 - 2013-08-24 14:38 - 01514864 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-11 18:05 - 2014-12-12 12:06 - 00000000 ___DO () C:\Users\Mat\OneDrive
2015-03-11 18:02 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-11 18:01 - 2014-12-08 13:16 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-03-11 17:55 - 2014-12-09 13:22 - 00000334 _____ () C:\windows\Tasks\HPCeeScheduleForMat.job
2015-03-11 17:55 - 2013-08-22 06:25 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-03-11 17:06 - 2014-12-09 13:22 - 00003144 _____ () C:\windows\System32\Tasks\HPCeeScheduleForMat
2015-03-11 16:57 - 2013-08-22 07:44 - 04931080 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-11 16:35 - 2013-12-11 23:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-03-11 16:23 - 2013-08-22 08:20 - 00000000 ____D () C:\windows\CbsTemp
2015-03-11 14:42 - 2014-12-11 17:52 - 00000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-10 23:09 - 2014-12-08 12:59 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 13:00 - 2014-12-09 13:19 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-03-10 02:28 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache
2015-03-09 19:40 - 2015-01-13 14:37 - 00000451 _____ () C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-03-09 19:12 - 2015-02-09 10:49 - 00000000 ____D () C:\Users\Mat\Documents\SART
2015-03-09 19:12 - 2015-01-13 14:20 - 00000000 ____D () C:\Temp
2015-03-09 19:08 - 2014-12-08 12:47 - 00000000 ____D () C:\Users\Mat
2015-03-09 19:07 - 2013-12-11 23:09 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-09 19:07 - 2013-12-11 23:09 - 00000000 ____D () C:\Intel
2015-03-09 18:57 - 2015-02-07 17:25 - 00000000 ____D () C:\windows\Minidump
2015-03-09 16:02 - 2014-12-10 05:53 - 00000000 ____D () C:\windows\system32\MRT
2015-03-09 11:34 - 2014-12-08 13:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-09 11:34 - 2014-12-08 13:41 - 00000000 ____D () C:\ProgramData\Skype
2015-03-09 10:56 - 2013-08-24 14:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-09 10:53 - 2014-12-12 11:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-09 10:53 - 2014-12-12 11:58 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-08 21:00 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\NDF
2015-03-07 20:40 - 2014-12-09 14:06 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-03-07 17:37 - 2014-12-08 22:54 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-07 17:37 - 2014-12-08 22:54 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-06 09:00 - 2015-01-08 14:32 - 00000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-03-04 08:50 - 2013-12-11 23:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-03 19:43 - 2015-02-05 07:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-03-03 17:48 - 2013-09-02 21:57 - 00000000 ____D () C:\SWSETUP
2015-03-01 09:46 - 2014-12-08 14:12 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2015-02-27 08:29 - 2015-01-08 12:00 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\CDisplayEx
2015-02-26 21:14 - 2014-12-10 05:53 - 122905848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-25 01:44 - 2014-12-08 23:18 - 00000000 ____D () C:\Users\Mat\AppData\Roaming\WinRAR
2015-02-24 23:29 - 2013-08-22 12:12 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\SysWOW64\winrm
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\SysWOW64\WCN
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\SysWOW64\slmgr
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\SysWOW64\Printing_Admin_Scripts
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\system32\winrm
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\system32\WCN
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\system32\slmgr
2015-02-24 23:29 - 2013-08-22 12:10 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ___SD () C:\windows\system32\dsc
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\MUI
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\inetsrv
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\SysWOW64\Com
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\SystemResetPlatform
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\MUI
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\migwiz
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\inetsrv
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\Com
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\IME
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\Help
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\FileManager
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-02-24 23:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\SysWOW64\oobe
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\SysWOW64\Dism
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\Sysprep
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\oobe
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\system32\Dism
2015-02-24 23:29 - 2013-08-22 06:36 - 00000000 ____D () C:\windows\servicing
2015-02-24 06:42 - 2015-02-04 16:21 - 00000000 ____D () C:\Users\Mat\Downloads\Fusion364
2015-02-20 19:04 - 2014-12-08 12:47 - 00000000 ____D () C:\Users\Mat\AppData\Local\Packages
2015-02-20 17:25 - 2015-01-07 12:25 - 00000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-02-20 17:21 - 2015-01-29 12:27 - 315576503 _____ () C:\Users\Mat\Downloads\My Little Pony Friendship is Magic  Season 1 Episode 1 - Friendship Is Magic, part 1.mp4
2015-02-20 17:21 - 2015-01-26 22:53 - 05755059 _____ () C:\Users\Mat\Downloads\Nine seconds flat.mp4
2015-02-20 17:21 - 2015-01-19 17:15 - 00425441 _____ () C:\Users\Mat\Downloads\The City Of Townsville.mp4
2015-02-17 04:24 - 2015-01-20 02:14 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-02-14 13:30 - 2015-02-07 14:52 - 00000000 ____D () C:\Users\Mat\AppData\Local\Battle.net
2015-02-13 22:23 - 2015-02-07 14:52 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-02-13 16:33 - 2015-02-07 17:22 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
 
==================== Files in the root of some directories =======
 
2015-01-08 14:32 - 2015-03-06 09:00 - 0000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe BMP Format CS5 Prefs
2015-02-20 00:14 - 2015-02-20 00:14 - 0000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-12-11 17:52 - 2015-03-11 14:42 - 0000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-07 12:25 - 2015-02-20 17:25 - 0000132 _____ () C:\Users\Mat\AppData\Roaming\Adobe Targa Format CS5 Prefs
2014-12-22 09:20 - 2015-01-29 05:00 - 0001456 _____ () C:\Users\Mat\AppData\Local\Adobe Save for Web 12.0 Prefs
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-11 03:58
 
==================== End Of Log ============================
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 16 March 2015 - 06:53 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

S3 BRSptStub; "C:\ProgramData\BitRaider\BRSptStub.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 mfefire; No ImagePath
U3 MSK80Service; No ImagePath
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ....Z.Z....Z.Z:1
AlternateDataStreams: C:\Users\Mat\Cookies:5ENRW7rfdwgWchLGZTO
AlternateDataStreams: C:\Users\Mat\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Mat\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mat\AppData\Local\Temp:ilLr9ZqJ78rgkpLZiffd6g
AlternateDataStreams: C:\Users\Mat\AppData\Local\Temporary Internet Files:TODwkiNKDaa8ftEA04

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

How is the computer running now?

Edited by nasdaq, 16 March 2015 - 06:53 AM.


#5 Mattwo

Mattwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 16 March 2015 - 12:21 PM

Still won't let me install Panda Antivirus. I'd have to get back to you on the youtube issue, but that's lower priority.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Mat at 2015-03-16 10:12:39 Run:1
Running from C:\Users\Mat\Downloads
Loaded Profiles: Mat (Available profiles: Mat)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
S3 BRSptStub; "C:\ProgramData\BitRaider\BRSptStub.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 GENERICDRV; \??\c:\SWSetup\SP70148\samifldrv64.sys [X]
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 mfefire; No ImagePath
U3 MSK80Service; No ImagePath
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZ....Z.Z....Z.Z:1
AlternateDataStreams: C:\Users\Mat\Cookies:5ENRW7rfdwgWchLGZTO
AlternateDataStreams: C:\Users\Mat\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Mat\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mat\AppData\Local\Temp:ilLr9ZqJ78rgkpLZiffd6g
AlternateDataStreams: C:\Users\Mat\AppData\Local\Temporary Internet Files:TODwkiNKDaa8ftEA04
 
End
*****************
 
Processes closed successfully.
BRSptStub => Service deleted successfully.
BRDriver64_1_3_3_E02B25FC => Service deleted successfully.
GENERICDRV => Service deleted successfully.
McMPFSvc => Service deleted successfully.
McNaiAnn => Service deleted successfully.
mcpltsvc => Service deleted successfully.
McProxy => Service deleted successfully.
mfecore => Service deleted successfully.
mfefire => Service deleted successfully.
MSK80Service => Service deleted successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZ....Z.Z....Z.Z => ":1" ADS removed successfully.
"C:\Users\Mat\Cookies" => ":5ENRW7rfdwgWchLGZTO" ADS not found.
C:\Users\Mat\OneDrive => ":ms-properties" ADS removed successfully.
"C:\Users\Mat\SkyDrive" => ":ms-properties" ADS not found.
C:\Users\Mat\AppData\Local\Temp => ":ilLr9ZqJ78rgkpLZiffd6g" ADS removed successfully.
"C:\Users\Mat\AppData\Local\Temporary Internet Files" => ":TODwkiNKDaa8ftEA04" ADS not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:12:40 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 16 March 2015 - 01:11 PM

Download their removal tool for your version you installed.
http://www.techsupportall.com/panda-uninstall-tool/

Run it and when completed restart the computer normally.

Install the version you have a license for.

If still no joy post the error messages that you get when trying to install the application.

#7 Mattwo

Mattwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 16 March 2015 - 05:34 PM

b4ca76960587f723f843a7edc0efbf96.png

 

I did that and got this:

43c9dba0965f0d63b4f2925aaf098215.png

 

It also gave me a log in the form of a Zip file, should I attach it? There's too many files in there to paste the whole thing.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 17 March 2015 - 07:47 AM

Error 1722
As in this post you may be using the wrong installer for your license.
http://support.pandasecurity.com/forum/viewtopic.php?t=3420&p=13973

I suggest you start a new topic in their forum.

http://support.pandasecurity.com/forum/

#9 Mattwo

Mattwo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:05 PM

Posted 17 March 2015 - 10:17 AM

No, that can't be right, Panda Cloud Antivirus does the same thing and I can't even validate my licence before it's installed.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 PM

Posted 17 March 2015 - 12:50 PM

Panda cloud antivirus crashed and refused to load, so I tried to install panda pro
antivirus(and while I was uninstalling the cloud antivirus, it froze partway


One move reason to check with Panda.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users