Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looking for Snap.Do, coupon programs, and proxy server help


  • This topic is locked This topic is locked
17 replies to this topic

#1 ChefZilla

ChefZilla

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 04 May 2015 - 11:05 AM

My boss brought in her kid's computer and it had all kinds of coupoon programs and Snap.Do browser and browser tool bars. Also we're getting weird reg entries that keep getting replaced every time we restart.

 

I've gotten rid of some of the stuff but things keep happening and I was hoping someone could help me out.

I've attached the Farbar logs below.

 

Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 04 May 2015 - 04:25 PM

Should probably mention that these are the reg keys that ADWCleaner keeps finding:

 

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51568;hxxps=127.0.0.1:51568
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 



#3 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 04 May 2015 - 04:43 PM

Hello ChefZilla and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

AdwCleaner log
RKreport.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 May 2015 - 11:50 AM

Hey thanks for helping me out!

 

Is attaching better or inline better?

 

Attached Files



#5 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 05 May 2015 - 02:38 PM

This OK but I'd prefer them in the post rather than attached in future please.

 

I'm busy now but will check and reply as soon as I can.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 05 May 2015 - 04:10 PM

Dang, I had a 50/50 shot. Once again, thank you so much.



#7 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 05 May 2015 - 04:16 PM

You don’t appear to have an antivirus installed so please don’t use the Internet at the moment except to download the programs I request. We’ll deal with that when we are finished her.


Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registry” tab
  • make sure the following entries there are checked:


    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer :   -> Found
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> Found
     

  • then press the Delete button and post the log it produces.
     

When you’ve done this, please run FRST again and post the new log.

Logs to include with next post:

RogueKiller fix log
FRST.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 06 May 2015 - 10:02 AM

Oh damn, I saw they had put on the malwarebytes home premium and I never thought that wasn't goood enough.

 

Rougekillter fix log:

RogueKiller V10.6.2.0 (x64) [May  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Will [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 05/06/2015  08:13:00

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:51568;https=127.0.0.1:51568  -> ERROR [2]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EZEX-00BN5A0 SATA Disk Device +++++
--- User ---
[MBR] c557f8da09333258954aaf648e135733
[BSP] bca8132ed39e1fb4bbbfcbf10da127e4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 206848 | Size: 8000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 16590848 | Size: 945767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04242015_135519.log - RKreport_DEL_04242015_135709.log - RKreport_SCN_04242015_140159.log - RKreport_SCN_05052015_113651.log
RKreport_SCN_05062015_081016.log

 

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Will (administrator) on AVATAR on 06-05-2015 08:22:13
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\...\MountPoints2: {b6f1daab-a3be-11e3-a338-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: c:\program files => c:\program files [0 2015-05-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.110.37 192.168.110.38
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg [2014-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-03-05] (Futuremark)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-03-04] (Realtek Semiconductor.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz138; C:\windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2015-04-22] (CPUID)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:21 - 2015-05-06 08:21 - 00000000 ____D () C:\Users\Will\Documents\FRST-OlderVersion
2015-05-06 08:17 - 2015-05-06 08:17 - 00002764 _____ () C:\Users\Will\Desktop\RKreport_DEL_05062015_081300.log
2015-05-05 11:38 - 2015-05-05 11:38 - 00852630 _____ () C:\Users\Will\Documents\SecurityCheck.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 18944312 _____ (Adlice Software ) C:\Users\Will\Documents\setup.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 00000863 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-04 10:55 - 2015-05-04 10:55 - 00028661 _____ () C:\Users\Will\Documents\Addition.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00010081 _____ () C:\Users\Will\Documents\FRST.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00000000 ____D () C:\FRST
2015-05-04 10:53 - 2015-05-06 08:21 - 02101760 _____ (Farbar) C:\Users\Will\Documents\FRST64.exe
2015-05-04 10:17 - 2015-05-04 10:17 - 02204160 _____ () C:\Users\Will\Documents\adwcleaner_4.203.exe
2015-04-24 13:49 - 2015-05-06 08:05 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-04-24 13:48 - 2015-04-24 14:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-24 13:44 - 2015-04-24 13:44 - 00000212 _____ () C:\Users\Will\Documents\fixit.reg
2015-04-24 13:42 - 2015-04-24 13:42 - 16884312 _____ () C:\Users\Will\Documents\RogueKiller.exe
2015-04-23 16:54 - 2015-04-23 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 13:04 - 2015-04-22 13:04 - 00000022 _____ () C:\windows\GPU-Z.INI
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\Documents\PCMark 7
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\AppData\Local\Futuremark_Corporation
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Temp
2015-04-22 12:59 - 2015-04-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-04-22 12:59 - 2015-04-22 12:59 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Will\Documents\rkill.exe
2015-04-22 12:48 - 2015-04-22 12:50 - 321391880 _____ (Futuremark) C:\Users\Will\Documents\PCMark_7_v140_installer.exe
2015-04-21 17:57 - 2015-04-21 17:57 - 00000000 ____D () C:\Users\Will\Desktop\Pantheon Epsilon v1.0
2015-04-21 17:43 - 2015-04-21 21:33 - 00000000 ____D () C:\Program Files (x86)\Linksys WUSB6300
2015-04-21 14:38 - 2015-04-21 14:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-21 14:33 - 2015-04-21 14:33 - 00000000 ____D () C:\MATS
2015-04-21 14:24 - 2015-04-21 14:24 - 00051682 _____ () C:\Users\Will\Documents\S-1-5-21-263268922-1114649383-1448550631-1002.reg
2015-04-21 14:06 - 2015-04-21 14:06 - 00000000 ____D () C:\Users\Will\AppData\Roaming\java
2015-04-21 14:01 - 2015-04-21 14:01 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Sun
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieUserList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieSiteList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieBrowserModeList
2015-04-21 12:09 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-04-21 12:09 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-21 12:09 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-04-19 10:52 - 2015-04-19 16:11 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-19 10:52 - 2015-04-19 10:52 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-18 12:01 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-18 12:01 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-18 12:01 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-18 12:01 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-18 12:01 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-18 12:01 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-18 12:01 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-18 12:01 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-18 12:01 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-18 12:01 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-18 12:01 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-18 12:01 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-18 12:01 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-18 12:01 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-18 12:01 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-18 12:01 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-18 12:01 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-18 12:01 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-18 12:01 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-18 12:01 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-18 12:01 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-18 12:01 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-18 12:01 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-18 12:01 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-18 12:01 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-18 12:01 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-18 12:01 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-18 12:01 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-18 12:01 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-18 12:01 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-18 12:01 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-18 11:59 - 2015-04-18 11:59 - 00000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2015-04-18 11:58 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-18 11:58 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-18 11:58 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:16 - 2014-03-18 05:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 08:04 - 2014-11-24 11:11 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 08:03 - 2014-11-24 11:11 - 00001135 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 06:21 - 2014-03-04 09:33 - 01797244 _____ () C:\windows\WindowsUpdate.log
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 11:28 - 2009-07-14 00:13 - 00781318 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-05 11:22 - 2014-03-04 09:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-05 11:22 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-05 11:22 - 2009-07-13 23:51 - 00059856 _____ () C:\windows\setupact.log
2015-05-05 11:21 - 2014-11-24 14:42 - 00000000 ____D () C:\AdwCleaner
2015-05-04 10:38 - 2014-03-04 09:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-04 10:16 - 2014-03-17 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 14:07 - 2010-11-20 22:47 - 00967630 _____ () C:\windows\PFRO.log
2015-04-22 12:58 - 2014-06-10 14:21 - 00010330 _____ () C:\windows\DirectX.log
2015-04-21 21:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-21 18:38 - 2014-03-17 19:05 - 00000000 ____D () C:\Users\Will\AppData\Roaming\.minecraft
2015-04-21 18:35 - 2014-03-17 03:23 - 00000000 ____D () C:\Users\Will
2015-04-21 17:43 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\restore
2015-04-21 14:43 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Configs
2015-04-21 14:42 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Instances
2015-04-21 14:38 - 2014-03-17 04:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-21 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-21 11:16 - 2014-03-18 05:55 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 11:16 - 2014-03-18 05:55 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-21 11:16 - 2014-03-18 05:55 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-21 10:57 - 2014-07-18 16:43 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-04-21 10:48 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-21 09:32 - 2014-03-17 09:30 - 00773536 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-20 14:53 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Branding
2015-04-20 14:26 - 2014-11-24 16:54 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ENUEDDR
2015-04-20 14:26 - 2014-11-21 18:10 - 00000000 ____D () C:\Users\Will\AppData\Roaming\jGcUJ27
2015-04-20 14:26 - 2014-11-21 18:09 - 00000000 ____D () C:\Users\Will\AppData\Roaming\JEiurJc
2015-04-20 14:04 - 2014-06-17 15:59 - 00000000 ____D () C:\ProgramData\79832126431312d
2015-04-19 21:59 - 2015-03-30 20:46 - 00000000 ____D () C:\Users\Will\Desktop\Will's Map Folder (Do not delete)
2015-04-19 11:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-04-19 11:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-19 10:52 - 2014-12-10 04:18 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-19 10:52 - 2014-04-30 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-19 09:50 - 2014-03-17 08:44 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 09:44 - 2014-03-17 08:44 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-19 09:34 - 2014-06-03 07:57 - 00000000 ____D () C:\Users\Will\AppData\Local\ftblauncher
2015-04-18 11:51 - 2014-11-25 18:48 - 06596393 _____ () C:\Users\Will\Downloads\FTB_Launcher.jar
2015-04-18 11:51 - 2014-04-06 11:37 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ftblauncher
2015-04-14 09:37 - 2014-11-24 11:11 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-03-03 04:52 - 2015-03-03 04:52 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-11-30 15:48 - 2014-12-02 20:49 - 0002344 _____ () C:\Users\Will\AppData\Roaming\SpeedRunnersLog.txt
2014-06-18 00:44 - 2014-11-17 09:12 - 0000128 _____ () C:\Users\Will\AppData\Roaming\WB.CFG
2015-04-18 11:59 - 2015-04-18 11:59 - 0000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2014-06-17 17:09 - 2014-06-17 17:09 - 0623576 _____ (Click Me In Limited) C:\Users\Will\AppData\Local\nsp6239.tmp
2014-03-04 09:20 - 2014-03-04 09:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 08:26

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Will (administrator) on AVATAR on 06-05-2015 08:22:13
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\...\MountPoints2: {b6f1daab-a3be-11e3-a338-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: c:\program files => c:\program files [0 2015-05-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.110.37 192.168.110.38
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg [2014-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-03-05] (Futuremark)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-03-04] (Realtek Semiconductor.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz138; C:\windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2015-04-22] (CPUID)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:21 - 2015-05-06 08:21 - 00000000 ____D () C:\Users\Will\Documents\FRST-OlderVersion
2015-05-06 08:17 - 2015-05-06 08:17 - 00002764 _____ () C:\Users\Will\Desktop\RKreport_DEL_05062015_081300.log
2015-05-05 11:38 - 2015-05-05 11:38 - 00852630 _____ () C:\Users\Will\Documents\SecurityCheck.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 18944312 _____ (Adlice Software ) C:\Users\Will\Documents\setup.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 00000863 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-04 10:55 - 2015-05-04 10:55 - 00028661 _____ () C:\Users\Will\Documents\Addition.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00010081 _____ () C:\Users\Will\Documents\FRST.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00000000 ____D () C:\FRST
2015-05-04 10:53 - 2015-05-06 08:21 - 02101760 _____ (Farbar) C:\Users\Will\Documents\FRST64.exe
2015-05-04 10:17 - 2015-05-04 10:17 - 02204160 _____ () C:\Users\Will\Documents\adwcleaner_4.203.exe
2015-04-24 13:49 - 2015-05-06 08:05 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-04-24 13:48 - 2015-04-24 14:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-24 13:44 - 2015-04-24 13:44 - 00000212 _____ () C:\Users\Will\Documents\fixit.reg
2015-04-24 13:42 - 2015-04-24 13:42 - 16884312 _____ () C:\Users\Will\Documents\RogueKiller.exe
2015-04-23 16:54 - 2015-04-23 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 13:04 - 2015-04-22 13:04 - 00000022 _____ () C:\windows\GPU-Z.INI
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\Documents\PCMark 7
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\AppData\Local\Futuremark_Corporation
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Temp
2015-04-22 12:59 - 2015-04-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-04-22 12:59 - 2015-04-22 12:59 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Will\Documents\rkill.exe
2015-04-22 12:48 - 2015-04-22 12:50 - 321391880 _____ (Futuremark) C:\Users\Will\Documents\PCMark_7_v140_installer.exe
2015-04-21 17:57 - 2015-04-21 17:57 - 00000000 ____D () C:\Users\Will\Desktop\Pantheon Epsilon v1.0
2015-04-21 17:43 - 2015-04-21 21:33 - 00000000 ____D () C:\Program Files (x86)\Linksys WUSB6300
2015-04-21 14:38 - 2015-04-21 14:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-21 14:33 - 2015-04-21 14:33 - 00000000 ____D () C:\MATS
2015-04-21 14:24 - 2015-04-21 14:24 - 00051682 _____ () C:\Users\Will\Documents\S-1-5-21-263268922-1114649383-1448550631-1002.reg
2015-04-21 14:06 - 2015-04-21 14:06 - 00000000 ____D () C:\Users\Will\AppData\Roaming\java
2015-04-21 14:01 - 2015-04-21 14:01 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Sun
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieUserList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieSiteList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieBrowserModeList
2015-04-21 12:09 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-04-21 12:09 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-21 12:09 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-04-19 10:52 - 2015-04-19 16:11 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-19 10:52 - 2015-04-19 10:52 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-18 12:01 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-18 12:01 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-18 12:01 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-18 12:01 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-18 12:01 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-18 12:01 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-18 12:01 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-18 12:01 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-18 12:01 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-18 12:01 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-18 12:01 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-18 12:01 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-18 12:01 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-18 12:01 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-18 12:01 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-18 12:01 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-18 12:01 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-18 12:01 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-18 12:01 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-18 12:01 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-18 12:01 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-18 12:01 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-18 12:01 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-18 12:01 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-18 12:01 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-18 12:01 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-18 12:01 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-18 12:01 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-18 12:01 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-18 12:01 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-18 12:01 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-18 11:59 - 2015-04-18 11:59 - 00000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2015-04-18 11:58 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-18 11:58 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-18 11:58 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:16 - 2014-03-18 05:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 08:04 - 2014-11-24 11:11 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 08:03 - 2014-11-24 11:11 - 00001135 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 06:21 - 2014-03-04 09:33 - 01797244 _____ () C:\windows\WindowsUpdate.log
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 11:28 - 2009-07-14 00:13 - 00781318 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-05 11:22 - 2014-03-04 09:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-05 11:22 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-05 11:22 - 2009-07-13 23:51 - 00059856 _____ () C:\windows\setupact.log
2015-05-05 11:21 - 2014-11-24 14:42 - 00000000 ____D () C:\AdwCleaner
2015-05-04 10:38 - 2014-03-04 09:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-04 10:16 - 2014-03-17 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 14:07 - 2010-11-20 22:47 - 00967630 _____ () C:\windows\PFRO.log
2015-04-22 12:58 - 2014-06-10 14:21 - 00010330 _____ () C:\windows\DirectX.log
2015-04-21 21:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-21 18:38 - 2014-03-17 19:05 - 00000000 ____D () C:\Users\Will\AppData\Roaming\.minecraft
2015-04-21 18:35 - 2014-03-17 03:23 - 00000000 ____D () C:\Users\Will
2015-04-21 17:43 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\restore
2015-04-21 14:43 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Configs
2015-04-21 14:42 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Instances
2015-04-21 14:38 - 2014-03-17 04:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-21 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-21 11:16 - 2014-03-18 05:55 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 11:16 - 2014-03-18 05:55 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-21 11:16 - 2014-03-18 05:55 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-21 10:57 - 2014-07-18 16:43 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-04-21 10:48 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-21 09:32 - 2014-03-17 09:30 - 00773536 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-20 14:53 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Branding
2015-04-20 14:26 - 2014-11-24 16:54 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ENUEDDR
2015-04-20 14:26 - 2014-11-21 18:10 - 00000000 ____D () C:\Users\Will\AppData\Roaming\jGcUJ27
2015-04-20 14:26 - 2014-11-21 18:09 - 00000000 ____D () C:\Users\Will\AppData\Roaming\JEiurJc
2015-04-20 14:04 - 2014-06-17 15:59 - 00000000 ____D () C:\ProgramData\79832126431312d
2015-04-19 21:59 - 2015-03-30 20:46 - 00000000 ____D () C:\Users\Will\Desktop\Will's Map Folder (Do not delete)
2015-04-19 11:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-04-19 11:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-19 10:52 - 2014-12-10 04:18 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-19 10:52 - 2014-04-30 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-19 09:50 - 2014-03-17 08:44 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 09:44 - 2014-03-17 08:44 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-19 09:34 - 2014-06-03 07:57 - 00000000 ____D () C:\Users\Will\AppData\Local\ftblauncher
2015-04-18 11:51 - 2014-11-25 18:48 - 06596393 _____ () C:\Users\Will\Downloads\FTB_Launcher.jar
2015-04-18 11:51 - 2014-04-06 11:37 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ftblauncher
2015-04-14 09:37 - 2014-11-24 11:11 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-03-03 04:52 - 2015-03-03 04:52 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-11-30 15:48 - 2014-12-02 20:49 - 0002344 _____ () C:\Users\Will\AppData\Roaming\SpeedRunnersLog.txt
2014-06-18 00:44 - 2014-11-17 09:12 - 0000128 _____ () C:\Users\Will\AppData\Roaming\WB.CFG
2015-04-18 11:59 - 2015-04-18 11:59 - 0000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2014-06-17 17:09 - 2014-06-17 17:09 - 0623576 _____ (Click Me In Limited) C:\Users\Will\AppData\Local\nsp6239.tmp
2014-03-04 09:20 - 2014-03-04 09:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 08:26

==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015
Ran by Will (administrator) on AVATAR on 06-05-2015 08:22:13
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\...\MountPoints2: {b6f1daab-a3be-11e3-a338-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: c:\program files => c:\program files [0 2015-05-05] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=www.google.com
HKU\S-1-5-21-263268922-1114649383-1448550631-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.110.37 192.168.110.38
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfmagoghlg [2014-06-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2015-03-05] (Futuremark)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-03-04] (Realtek Semiconductor.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cpuz138; C:\windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2015-04-22] (CPUID)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE1200w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:21 - 2015-05-06 08:21 - 00000000 ____D () C:\Users\Will\Documents\FRST-OlderVersion
2015-05-06 08:17 - 2015-05-06 08:17 - 00002764 _____ () C:\Users\Will\Desktop\RKreport_DEL_05062015_081300.log
2015-05-05 11:38 - 2015-05-05 11:38 - 00852630 _____ () C:\Users\Will\Documents\SecurityCheck.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 18944312 _____ (Adlice Software ) C:\Users\Will\Documents\setup.exe
2015-05-05 11:30 - 2015-05-05 11:30 - 00000863 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-05 11:30 - 2015-05-05 11:30 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-04 10:55 - 2015-05-04 10:55 - 00028661 _____ () C:\Users\Will\Documents\Addition.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00010081 _____ () C:\Users\Will\Documents\FRST.txt
2015-05-04 10:54 - 2015-05-06 08:22 - 00000000 ____D () C:\FRST
2015-05-04 10:53 - 2015-05-06 08:21 - 02101760 _____ (Farbar) C:\Users\Will\Documents\FRST64.exe
2015-05-04 10:17 - 2015-05-04 10:17 - 02204160 _____ () C:\Users\Will\Documents\adwcleaner_4.203.exe
2015-04-24 13:49 - 2015-05-06 08:05 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-04-24 13:48 - 2015-04-24 14:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-24 13:44 - 2015-04-24 13:44 - 00000212 _____ () C:\Users\Will\Documents\fixit.reg
2015-04-24 13:42 - 2015-04-24 13:42 - 16884312 _____ () C:\Users\Will\Documents\RogueKiller.exe
2015-04-23 16:54 - 2015-04-23 16:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 13:04 - 2015-04-22 13:04 - 00000022 _____ () C:\windows\GPU-Z.INI
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\Documents\PCMark 7
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Users\Will\AppData\Local\Futuremark_Corporation
2015-04-22 13:04 - 2015-04-22 13:04 - 00000000 ____D () C:\Temp
2015-04-22 12:59 - 2015-04-22 13:01 - 00000000 ____D () C:\Program Files (x86)\Futuremark
2015-04-22 12:59 - 2015-04-22 12:59 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Will\Documents\rkill.exe
2015-04-22 12:48 - 2015-04-22 12:50 - 321391880 _____ (Futuremark) C:\Users\Will\Documents\PCMark_7_v140_installer.exe
2015-04-21 17:57 - 2015-04-21 17:57 - 00000000 ____D () C:\Users\Will\Desktop\Pantheon Epsilon v1.0
2015-04-21 17:43 - 2015-04-21 21:33 - 00000000 ____D () C:\Program Files (x86)\Linksys WUSB6300
2015-04-21 14:38 - 2015-04-21 14:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-21 14:37 - 2015-04-21 14:37 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-21 14:33 - 2015-04-21 14:33 - 00000000 ____D () C:\MATS
2015-04-21 14:24 - 2015-04-21 14:24 - 00051682 _____ () C:\Users\Will\Documents\S-1-5-21-263268922-1114649383-1448550631-1002.reg
2015-04-21 14:06 - 2015-04-21 14:06 - 00000000 ____D () C:\Users\Will\AppData\Roaming\java
2015-04-21 14:01 - 2015-04-21 14:01 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Sun
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieUserList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieSiteList
2015-04-21 12:11 - 2015-04-21 12:11 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieBrowserModeList
2015-04-21 12:09 - 2015-03-13 22:21 - 01632768 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:21 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-04-21 12:09 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-04-21 12:09 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-21 12:09 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-04-19 10:52 - 2015-04-19 16:11 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-19 10:52 - 2015-04-19 10:52 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-04-18 12:01 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-04-18 12:01 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-04-18 12:01 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-04-18 12:01 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-04-18 12:01 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-04-18 12:01 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-04-18 12:01 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-04-18 12:01 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-04-18 12:01 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-04-18 12:01 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-04-18 12:01 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-04-18 12:01 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-04-18 12:01 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-04-18 12:01 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-04-18 12:01 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-04-18 12:01 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-04-18 12:01 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-04-18 12:01 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-04-18 12:01 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-04-18 12:01 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-04-18 12:01 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-04-18 12:01 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-04-18 12:01 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-04-18 12:01 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-04-18 12:01 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-04-18 12:01 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-04-18 12:01 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-18 12:01 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-18 12:01 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-04-18 12:01 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-04-18 12:01 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-04-18 12:01 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-04-18 12:01 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-04-18 12:01 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-04-18 12:01 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-04-18 12:01 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-04-18 12:01 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-04-18 12:01 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-04-18 12:01 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-04-18 12:01 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-04-18 12:01 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-04-18 12:01 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-04-18 12:01 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-04-18 12:01 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-04-18 12:01 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-04-18 12:01 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-04-18 12:01 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-04-18 12:01 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-04-18 12:01 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-04-18 12:01 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-18 12:01 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-04-18 12:01 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-04-18 12:01 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-04-18 12:01 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-04-18 12:01 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-04-18 12:01 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-04-18 12:01 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-04-18 12:01 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-04-18 12:01 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-04-18 12:01 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-04-18 12:01 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-04-18 12:01 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-04-18 12:01 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-04-18 12:01 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-04-18 12:01 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-04-18 12:01 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-04-18 12:01 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-04-18 12:01 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-04-18 11:59 - 2015-04-18 11:59 - 00000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2015-04-18 11:58 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-04-18 11:58 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-04-18 11:58 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 08:16 - 2014-03-18 05:55 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 08:04 - 2014-11-24 11:11 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 08:03 - 2014-11-24 11:11 - 00001135 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-06 08:03 - 2014-11-24 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 06:21 - 2014-03-04 09:33 - 01797244 _____ () C:\windows\WindowsUpdate.log
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 03:47 - 2009-07-13 23:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 11:28 - 2009-07-14 00:13 - 00781318 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-05 11:22 - 2014-03-04 09:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-05 11:22 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-05 11:22 - 2009-07-13 23:51 - 00059856 _____ () C:\windows\setupact.log
2015-05-05 11:21 - 2014-11-24 14:42 - 00000000 ____D () C:\AdwCleaner
2015-05-04 10:38 - 2014-03-04 09:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-04 10:16 - 2014-03-17 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-24 14:07 - 2010-11-20 22:47 - 00967630 _____ () C:\windows\PFRO.log
2015-04-22 12:58 - 2014-06-10 14:21 - 00010330 _____ () C:\windows\DirectX.log
2015-04-21 21:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2015-04-21 18:38 - 2014-03-17 19:05 - 00000000 ____D () C:\Users\Will\AppData\Roaming\.minecraft
2015-04-21 18:35 - 2014-03-17 03:23 - 00000000 ____D () C:\Users\Will
2015-04-21 17:43 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\restore
2015-04-21 14:43 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Configs
2015-04-21 14:42 - 2014-05-16 07:42 - 00000000 ____D () C:\Users\Will\Downloads\Instances
2015-04-21 14:38 - 2014-03-17 04:00 - 00000000 ____D () C:\ProgramData\Oracle
2015-04-21 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-21 11:16 - 2014-03-18 05:55 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-21 11:16 - 2014-03-18 05:55 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-21 11:16 - 2014-03-18 05:55 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-21 10:57 - 2014-07-18 16:43 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2015-04-21 10:48 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-04-21 09:32 - 2014-03-17 09:30 - 00773536 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-04-20 14:53 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Branding
2015-04-20 14:26 - 2014-11-24 16:54 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ENUEDDR
2015-04-20 14:26 - 2014-11-21 18:10 - 00000000 ____D () C:\Users\Will\AppData\Roaming\jGcUJ27
2015-04-20 14:26 - 2014-11-21 18:09 - 00000000 ____D () C:\Users\Will\AppData\Roaming\JEiurJc
2015-04-20 14:04 - 2014-06-17 15:59 - 00000000 ____D () C:\ProgramData\79832126431312d
2015-04-19 21:59 - 2015-03-30 20:46 - 00000000 ____D () C:\Users\Will\Desktop\Will's Map Folder (Do not delete)
2015-04-19 11:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-04-19 11:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2015-04-19 10:52 - 2014-12-10 04:18 - 00000000 ____D () C:\windows\system32\appraiser
2015-04-19 10:52 - 2014-04-30 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-04-19 09:50 - 2014-03-17 08:44 - 00000000 ____D () C:\windows\system32\MRT
2015-04-19 09:44 - 2014-03-17 08:44 - 128913832 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-04-19 09:34 - 2014-06-03 07:57 - 00000000 ____D () C:\Users\Will\AppData\Local\ftblauncher
2015-04-18 11:51 - 2014-11-25 18:48 - 06596393 _____ () C:\Users\Will\Downloads\FTB_Launcher.jar
2015-04-18 11:51 - 2014-04-06 11:37 - 00000000 ____D () C:\Users\Will\AppData\Roaming\ftblauncher
2015-04-14 09:37 - 2014-11-24 11:11 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-11-24 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-03-03 04:52 - 2015-03-03 04:52 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2014-11-30 15:48 - 2014-12-02 20:49 - 0002344 _____ () C:\Users\Will\AppData\Roaming\SpeedRunnersLog.txt
2014-06-18 00:44 - 2014-11-17 09:12 - 0000128 _____ () C:\Users\Will\AppData\Roaming\WB.CFG
2015-04-18 11:59 - 2015-04-18 11:59 - 0000000 _____ () C:\Users\Will\AppData\Local\.w852.db
2014-06-17 17:09 - 2014-06-17 17:09 - 0623576 _____ (Click Me In Limited) C:\Users\Will\AppData\Local\nsp6239.tmp
2014-03-04 09:20 - 2014-03-04 09:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Will\AppData\Local\Temp\Quarantine.exe
C:\Users\Will\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 08:26

==================== End Of Log ============================



#9 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 06 May 2015 - 04:27 PM

Doesn’t seem too bad.


Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me what the outstanding problems are.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 May 2015 - 09:09 AM

Hopefully I did this correctly...

Symptoms he complained of were interenet disconnects, "black screens", and slow load times.

I haven't noticed any of these myself, but then again I've only been on this page since we've started.

He's big into Minecraft and I know he downloads quite a few "free" mods and those pages can be a bit tricky when it comes to accidentally installing malware.

Would you suggest another program, in addition to, Malwarebyts Anti-Malware Home (Premium) for protection?

 

Thanks again for all of your help on this. My boss is already asking for your donation link.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Will at 2015-05-06 16:48:27 Run:1
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKCR\CLSID\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKCR\CLSID\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
"HKCR\CLSID\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EagleX64 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 16:48:27 ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Will at 2015-05-06 16:48:27 Run:1
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKCR\CLSID\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKCR\CLSID\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
"HKCR\CLSID\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EagleX64 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 16:48:27 ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Will at 2015-05-06 16:48:27 Run:1
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKCR\CLSID\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKCR\CLSID\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
"HKCR\CLSID\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EagleX64 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 16:48:27 ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Will at 2015-05-06 16:48:27 Run:1
Running from C:\Users\Will\Documents
Loaded Profiles: UpdatusUser & Will (Available profiles: UpdatusUser & Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: QuueennCoupon -> {6a686bf8-5596-4f25-9c13-df79a83ac3bb} -> C:\Program Files (x86)\QuueennCoupon\SEoDMxJxNXIE4D.x64.dll No File
BHO: KinuGCouoponn -> {8527f4f9-c173-4c90-b65b-150ea8257731} -> C:\Program Files (x86)\KinuGCouoponn\I5TLP2Tzc6biZG.x64.dll No File
BHO: LLuckYeCoUpoN -> {efac16ba-bc21-4e78-9502-2740ba404204} -> C:\Program Files (x86)\LLuckYeCoUpoN\YW9Ctl10EXxyYz.x64.dll No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys
*****************

C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKCR\CLSID\{6a686bf8-5596-4f25-9c13-df79a83ac3bb}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKCR\CLSID\{8527f4f9-c173-4c90-b65b-150ea8257731}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
"HKCR\CLSID\{efac16ba-bc21-4e78-9502-2740ba404204}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EagleX64 => Service deleted successfully.
IntcAzAudAddService => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.


The system needed a reboot.

==== End of Fixlog 16:48:27 ====

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/6/2015
Scan Time: 5:01:09 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.06.05
Rootkit Database: v2015.04.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Will

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420895
Time Elapsed: 31 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


MBAM didn't prompt for a restart.


Edited by ChefZilla, 07 May 2015 - 09:15 AM.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 07 May 2015 - 09:42 AM

You posted the same log 4 times but apart from that you did OK. :thumbup2:

 

Malwarebytes didn't find anything so there was no need for a reboot.

 

The "fix" seemed to get rid of what was found but I'd like you to do an online scan to be sure there is nothing left.

 

When we tidy up I'll give antivirus/other protection recommendations.

 

 

Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats

     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan


Edited by satchfan, 07 May 2015 - 09:45 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 May 2015 - 01:06 PM

Whooops, sorry about that.

 

ESET:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir    Win32/AnyProtect.E potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FoxTab\1.8.12.0\uninstall.exe.vir    a variant of Win32/InstallCore.YX potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\AddonsFramework.dll.vir    Win32/Toolbar.Besttoolbars.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\winservices\BackgroundHost.exe.vir    a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\AllSaver\infnB2VQ3sfSyj.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DigiSaver\UunSwhBF9X6Z0n.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DiscounTLoCatOr\PBrT9yaslBTvva.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js.vir    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\AnyProtectScannerSetup.exe.vir    Win32/VOPackage.BC potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\Microsoft\WinU\~amrqror.exe.vir    a variant of Win32/AdWare.WinuSecu.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\Microsoft\WinU\~lcknmzv.exe.vir    a variant of Win32/AdWare.WinuSecu.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\Microsoft\WinU\~vtncwyl.exe.vir    a variant of Win32/AdWare.WinuSecu.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\albkjjcpjnleafcacecgjoaddehbojko\1.26.14_0\extensionData\plugins\1.js.vir    JS/Toolbar.Crossrider.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\albkjjcpjnleafcacecgjoaddehbojko\1.26.14_0\extensionData\plugins\21.js.vir    JS/Toolbar.Crossrider.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\albkjjcpjnleafcacecgjoaddehbojko\1.26.14_0\extensionData\plugins\28.js.vir    JS/Toolbar.Crossrider.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\albkjjcpjnleafcacecgjoaddehbojko\1.26.14_0\extensionData\plugins\91.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\albkjjcpjnleafcacecgjoaddehbojko\1.26.14_0\js\lib\crossriderAPI.js.vir    JS/Toolbar.Crossrider.F potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\hbebifgiinpdlenohjkojebdgfomdlgn\2.3\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\hbebifgiinpdlenohjkojebdgfomdlgn\2.3\p4vKqD.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\jjbbfjkgenpehcokclfggnfniaiglaai\164\content.js.vir    JS/Chromex.Agent.L trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\jjbbfjkgenpehcokclfggnfniaiglaai\164\K4uuHB.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\lfmmppchelncapanmhdefnmfjplkpchl\212\WlVw5.js.vir    JS/Kryptik.ATP trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.39_0\extensionData\plugins\91.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Local\torch\User Data\Default\Extensions\onhcengeacabehdkdhbdcigfolmmakof\1.26.43_0\extensionData\plugins\91.js.vir    JS/Toolbar.Crossrider.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default\invalidprefs.js.vir    Win32/Adware.MultiPlug.DU application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default\Extensions\D7qX@V.com\content\smuXeeDjpf.js.vir    JS/Kryptik.ATP trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default\Extensions\knUkr@qZUW.org\content\bg.js.vir    JS/Kryptik.ATB trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\uo4254fr.default\Extensions\pWtAGZ7@4Rkb.edu\content\R.js.vir    JS/Kryptik.ATP trojan    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir    a variant of Win64/Systweak.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\ShockingDiscounts\Shopxtreme.dll    a variant of Win32/SProtector.Q potentially unwanted application    deleted - quarantined
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\Users\Will\AppData\Local\nsp6239.tmp    Win32/AnyProtect.E potentially unwanted application    deleted - quarantined
C:\Users\Will\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhdcabdaeibpgmopekonghcoenegdbkp\2.2\gjUukN0.js    Win32/Adware.MultiPlug.EB application    cleaned by deleting - quarantined
C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KUNCMN11\ping_iss[1].exe    MSIL/Adware.WinuSecu.B application    cleaned by deleting - quarantined
C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S4NM5H4K\mypcbackup[1].exe    MSIL/MyPCBackup.B potentially unwanted application    deleted - quarantined
C:\Users\Will\Downloads\Downloads\balkonweapons_installer.exe    a variant of Win32/InstallCore.OL potentially unwanted application    deleted - quarantined
 



#13 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 07 May 2015 - 03:43 PM

That is perfect.

 

Most of what was found was already dealt with and will be cleared when we clean up. Eset dealt with the remnants.

 

Any remaining problems?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 ChefZilla

ChefZilla
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 May 2015 - 04:02 PM

Not that I'm aware of, I can give the kid back his PC and have him let me know if anything crops back up.



#15 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:07:28 AM

Posted 08 May 2015 - 01:49 AM

The computer appears to be clean.


Now that it’s free from malware, as long as the computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Antivirus

You have no active antivirus on your computer. If you use the Internet without an antivirus your computer will certainly become infected again. It is also imperative that you update your Antivirus software at least once a week, (even more if you wish). If you do not update it, it will not be able to catch any of the new variants of malware that come out on a daily basis.

Do NOT install more than one or they will fight against each other and render both ineffective.

Here are some of the better free AV products.

Download and install one of these free antivirus programs:


Free Avast Home Edition
Avira AntiVir® Personal Edition Classic
Microsoft Security Essentials

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

Keeping your kids safer on the PC.

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users