Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Never ending malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 Mr Jeremy Fisher

Mr Jeremy Fisher

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 11 May 2015 - 12:36 PM

Hi, 

I've got a laptop with XP on it. It is certainly infected, there is no doubt. Since last Thursday I've removed, among other malware, trojan.agent/gen-nofear, trojan.agent/gen-downloader, virus.bat/startmuch, virus.bat/evilbat and virus.bat/echosysdll. I've run numerous scans in with normal bootup, in safe mode and some boot time scans. I remove these things and it seems other things come back, possibly the same malware, it's hard to tell.

 

Anyway, I read the rules and conditions and am ready to do what is needed to get this PC sorted out once and for all.

 

Thank You



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 12 May 2015 - 03:12 PM

Hello and welcome to Bleeping Computer.

 

Please run the following:

 

Please download the appropriate version of Farbar Recovery Scan Tool  (FRST.exe) from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/  (for 32bit systems)

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/  (for 64bit systems)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 12 May 2015 - 04:41 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Caleb DeBetta (administrator) on CALEB on 12-05-2015 17:18:59
Running from C:\Documents and Settings\Caleb DeBetta\Desktop
Loaded Profiles: Caleb DeBetta (Available profiles: Caleb DeBetta & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1262704 2015-04-25] ()
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-09] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-507921405-884357618-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-507921405-884357618-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> {DB2D1B4A-0819-4276-9421-884E02B1F3F5} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-25]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 1713784\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-09]
CHR Extension: (YouTube) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (AdBlock) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-09]
CHR Extension: (360 Internet Protection) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-05-08]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-07]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njkbdonheknmfmcccgggkcbedkhdbacf [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-08] (Oracle Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-05-07] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [825456 2015-04-25] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker.sys [88136 2015-04-02] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [65608 2015-04-25] (360.cn)
R1 360Box; C:\WINDOWS\System32\DRIVERS\360Box.sys [202312 2015-04-25] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera.sys [34888 2015-04-02] (360.cn)
R1 360SelfProtection; C:\WINDOWS\System32\drivers\360SelfProtection.sys [174536 2015-04-02] (360安全中心)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-09] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-09] ()
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [169040 2015-04-02] (Qihu 360 Software Co., Ltd.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
R1 EfiMon; C:\WINDOWS\System32\Drivers\Efimon.sys [23752 2015-04-02] (360安全中心)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R0 HookPort; C:\WINDOWS\System32\Drivers\Hookport.sys [58440 2015-04-02] (360安全中心)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2006-11-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-02] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
R1 qutmdserv; C:\WINDOWS\System32\DRIVERS\qutmdrv.sys [257352 2015-04-02] (360.cn)
R1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [45896 2015-04-02] (360.cn)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-06] (SigmaTel, Inc.)
S3 bcm4sbxp; system32\DRIVERS\bcm4sbxp.sys [X]
S3 catchme; \??\C:\DOCUME~1\CALEBD~1\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U4 TlntSvr; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 17:18 - 2015-05-12 17:19 - 00016104 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.txt
2015-05-12 17:15 - 2015-05-12 17:15 - 00028145 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Addition.txt
2015-05-12 17:07 - 2015-05-12 17:19 - 00000000 ____D () C:\FRST
2015-05-12 17:06 - 2015-05-12 17:06 - 01141248 _____ (Farbar) C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.exe
2015-05-12 17:05 - 2015-05-12 17:05 - 00017569 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\download.htm
2015-05-12 00:43 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360SD
2015-05-12 00:43 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360SD
2015-05-11 00:41 - 2015-05-11 00:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\360safe
2015-05-11 00:40 - 2015-05-11 00:40 - 00012328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-11 00:40 - 2015-05-11 00:40 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-05-11 00:40 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\360WD
2015-05-10 22:44 - 2015-05-10 22:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-05-10 22:43 - 2015-05-12 00:44 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-10 22:43 - 2015-05-11 20:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-10 22:43 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-10 22:43 - 2014-01-06 19:47 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-05-10 22:37 - 2015-05-10 22:38 - 12849824 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\tweaking.com_windows_repair_aio_setup (2).exe
2015-05-10 22:06 - 2015-05-10 22:20 - 00000000 _____ () C:\WINDOWS\system32\w32apiw.dll
2015-05-10 22:06 - 2015-05-10 22:06 - 00000798 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\nCleaner.lnk
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Program Files\NKProds
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\nCleaner
2015-05-10 22:02 - 2015-05-10 22:02 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-05-10 13:49 - 2015-05-10 14:17 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NPE
2015-05-10 13:49 - 2015-05-10 13:49 - 00012736 ____H () C:\WINDOWS\system32\mlfcache.dat
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 00:25 - 2015-05-08 19:37 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150510-002541.backup
2015-05-09 23:32 - 2015-05-09 23:32 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Temp
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00000000 ____H () C:\asc_rdflag
2015-05-09 21:10 - 2015-05-09 21:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2015-05-09 21:10 - 2013-03-26 18:53 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-05-09 21:09 - 2011-10-28 12:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2015-05-09 21:08 - 2011-08-16 06:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-09 21:07 - 2011-03-11 10:10 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-05-09 21:06 - 2015-05-09 21:07 - 00000000 ___DC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2015-05-09 21:03 - 2014-10-16 10:27 - 00023840 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2015-05-09 20:59 - 2015-05-09 20:59 - 20987904 _____ () C:\WINDOWS\system32\config\software.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 04984832 _____ () C:\WINDOWS\system32\config\default.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-05-09 20:53 - 2015-05-12 00:45 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-05-09 20:36 - 2015-05-12 00:46 - 00001822 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 8.lnk
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\Apple Computer
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 04:54 - 2015-05-09 04:54 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-05-09 00:58 - 2015-05-12 12:57 - 00000378 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-09 00:58 - 2015-05-09 00:58 - 00001689 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:57 - 2015-05-09 00:57 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-09 00:57 - 2015-05-09 00:57 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-09 00:57 - 2015-05-09 00:57 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-09 00:52 - 2015-05-09 00:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-08 19:46 - 2015-05-08 19:53 - 00000000 ____D () C:\KVRT_Data
2015-05-08 19:40 - 2015-05-12 17:19 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00012335 _____ () C:\ComboFix.txt
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\Caleb\Local Settings\temp
2015-05-08 19:25 - 2015-05-11 12:13 - 00000000 ____D () C:\ComboFix
2015-05-08 18:51 - 2015-05-08 18:51 - 00000000 _RSHD () C:\cmdcons
2015-05-08 18:51 - 2014-01-06 19:38 - 00000211 _____ () C:\Boot.bak
2015-05-08 18:51 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-08 18:47 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-08 18:47 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-08 18:47 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-08 18:46 - 2015-05-08 19:40 - 00000000 ____D () C:\Qoobox
2015-05-08 18:46 - 2015-05-08 18:46 - 00012328 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-08 18:45 - 2015-05-08 19:38 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-08 18:42 - 2015-05-08 19:44 - 00003606 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Rkill.txt
2015-05-08 18:29 - 2015-05-08 18:36 - 00000000 ____D () C:\AdwCleaner
2015-05-08 16:20 - 2015-05-08 16:20 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-08 15:44 - 2015-05-12 06:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-12 06:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 11:17 - 2015-05-08 11:17 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000\IETldCache
2015-05-08 01:31 - 2015-05-11 00:26 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:28 - 2015-05-08 01:28 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-08 01:27 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-08 00:40 - 2008-04-14 03:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150508-004058.backup
2015-05-08 00:28 - 2015-05-11 12:13 - 00000000 ____D () C:\$360Section
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 22:55 - 2015-05-08 01:24 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\360safe
2015-05-07 22:55 - 2015-05-08 00:28 - 00000000 ____D () C:\WINDOWS\Tasks\360Disabled
2015-05-07 22:39 - 2015-05-12 17:18 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\360WD
2015-05-07 22:39 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360TotalSecurity
2015-05-07 22:39 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360TotalSecurity
2015-05-07 22:38 - 2015-05-09 21:39 - 00000000 _RSHD () C:\360SANDBOX
2015-05-07 22:38 - 2015-05-07 22:56 - 00000802 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\360 Total Security.lnk
2015-05-07 22:38 - 2015-05-07 22:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\360 Security Center
2015-05-07 22:38 - 2015-05-07 22:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\360 Security Center
2015-05-07 22:38 - 2015-05-07 22:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360safe
2015-05-07 22:38 - 2015-05-07 22:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360safe
2015-05-07 22:38 - 2015-05-07 22:38 - 00000000 ____D () C:\Program Files\360
2015-05-07 22:38 - 2015-04-25 01:05 - 00202312 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box.sys
2015-05-07 22:38 - 2015-04-25 01:05 - 00065608 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00257352 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmdrv.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00174536 _____ (360安全中心) C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00169040 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2015-05-07 22:38 - 2015-04-02 09:43 - 00088136 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00058440 _____ (360安全中心) C:\WINDOWS\system32\Drivers\hookport.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00045896 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmipc.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00034888 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00023752 _____ (360安全中心) C:\WINDOWS\system32\Drivers\efimon.sys
2015-05-07 21:45 - 2015-05-07 21:45 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 18:12 - 2015-05-12 12:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00001678 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 15:30 - 2015-05-10 22:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-07 18:59 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001836 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:26 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\IObit
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\Caleb DeBetta\Start Menu\Uninstall Programs.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Uninstaller.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\ProductData
2015-05-07 14:55 - 2015-05-07 14:55 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 17:01 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.dat
2015-05-12 17:01 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.001
2015-05-12 16:56 - 2014-02-02 16:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-12 16:54 - 2014-02-02 16:52 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 14:54 - 2014-02-02 16:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 09:59 - 2014-01-06 19:45 - 01479760 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-12 00:50 - 2014-01-06 11:33 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-12 00:45 - 2014-01-06 19:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-11 15:51 - 2014-01-06 19:55 - 00032632 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-11 13:37 - 2014-01-06 19:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta
2015-05-10 22:10 - 2011-07-19 18:33 - 00000000 ____D () C:\Program Files\Safari
2015-05-10 14:12 - 2011-05-31 18:25 - 00000327 __RSH () C:\boot.ini
2015-05-09 21:39 - 2014-01-06 19:55 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000
2015-05-09 21:39 - 2014-01-06 19:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY.000
2015-05-09 21:11 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\security
2015-05-09 21:09 - 2011-06-01 18:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-09 21:09 - 2011-05-31 22:37 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-05-09 21:07 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\Help
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-08 19:38 - 2008-04-14 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-08 19:31 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta
2015-05-08 11:16 - 2011-06-01 19:13 - 00000000 ____D () C:\Program Files\Google
2015-05-08 11:13 - 2014-09-12 20:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NSManager
2015-05-08 11:13 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta\Local Settings\Temp
2015-05-08 01:52 - 2011-06-01 18:33 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 01:39 - 2013-12-01 13:07 - 00021828 _____ () C:\Documents and Settings\debetta\Desktop\tmp.zip
2015-05-07 19:07 - 2014-02-01 22:24 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\RobloxVersions
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 18:13 - 2012-06-14 09:43 - 00000000 ____D () C:\Program Files\AWS
2015-05-07 15:19 - 2014-08-01 19:19 - 00000094 _____ () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\WB.CFG
2015-05-07 14:56 - 2014-02-02 16:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-07 14:56 - 2014-02-02 16:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-07 14:42 - 2008-04-14 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
 
==================== Files in the root of some directories =======
 
2014-02-01 22:24 - 2014-04-11 15:18 - 0000191 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\rbxcsettings.rbx
 
ZeroAccess:
C:\Windows\Installer\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
 
ZeroAccess:
C:\Documents and Settings\LocalService\Local Settings\Application Data\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
 
Some content of TEMP:
====================
C:\Documents and Settings\debetta\Local Settings\temp\20_jre-7-windows-i586.exe
C:\Documents and Settings\debetta\Local Settings\temp\7z.dll
C:\Documents and Settings\debetta\Local Settings\temp\air2E.exe
C:\Documents and Settings\debetta\Local Settings\temp\aol_toolbar.exe
C:\Documents and Settings\debetta\Local Settings\temp\APNStub.exe
C:\Documents and Settings\debetta\Local Settings\temp\avguidx.dll
C:\Documents and Settings\debetta\Local Settings\temp\CommonInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\debetta\Local Settings\temp\D2M-Precheck.exe
C:\Documents and Settings\debetta\Local Settings\temp\iGearedHelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Documents and Settings\debetta\Local Settings\temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\debetta\Local Settings\temp\KUIU.EXE
C:\Documents and Settings\debetta\Local Settings\temp\lowproc.exe
C:\Documents and Settings\debetta\Local Settings\temp\MachineIdCreator.exe
C:\Documents and Settings\debetta\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\NEW1.tmp.exe
C:\Documents and Settings\debetta\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\debetta\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\The_Weather_Channel_Application.exe
C:\Documents and Settings\debetta\Local Settings\temp\ToolbarInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\uninst1.exe
C:\Documents and Settings\debetta\Local Settings\temp\UNINSTALL.EXE
C:\Documents and Settings\debetta\Local Settings\temp\vcredist_x86.exe
C:\Documents and Settings\debetta\Local Settings\temp\wget.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\w32apiw.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by Caleb DeBetta (administrator) on CALEB on 12-05-2015 17:18:59
Running from C:\Documents and Settings\Caleb DeBetta\Desktop
Loaded Profiles: Caleb DeBetta (Available profiles: Caleb DeBetta & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
() C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Qihu 360 Software Co., Ltd.) C:\Program Files\360\Total Security\safemon\chrome\360webshield.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1262704 2015-04-25] ()
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-09] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-507921405-884357618-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-507921405-884357618-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> {DB2D1B4A-0819-4276-9421-884E02B1F3F5} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-25]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 1713784\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-09]
CHR Extension: (YouTube) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (AdBlock) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-09]
CHR Extension: (360 Internet Protection) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-05-08]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-07]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njkbdonheknmfmcccgggkcbedkhdbacf [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-08] (Oracle Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-05-07] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [825456 2015-04-25] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker.sys [88136 2015-04-02] (360.cn)
R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [65608 2015-04-25] (360.cn)
R1 360Box; C:\WINDOWS\System32\DRIVERS\360Box.sys [202312 2015-04-25] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera.sys [34888 2015-04-02] (360.cn)
R1 360SelfProtection; C:\WINDOWS\System32\drivers\360SelfProtection.sys [174536 2015-04-02] (360安全中心)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-09] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-09] ()
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [169040 2015-04-02] (Qihu 360 Software Co., Ltd.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
R1 EfiMon; C:\WINDOWS\System32\Drivers\Efimon.sys [23752 2015-04-02] (360安全中心)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R0 HookPort; C:\WINDOWS\System32\Drivers\Hookport.sys [58440 2015-04-02] (360安全中心)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2006-11-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-02] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
R1 qutmdserv; C:\WINDOWS\System32\DRIVERS\qutmdrv.sys [257352 2015-04-02] (360.cn)
R1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [45896 2015-04-02] (360.cn)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-06] (SigmaTel, Inc.)
S3 bcm4sbxp; system32\DRIVERS\bcm4sbxp.sys [X]
S3 catchme; \??\C:\DOCUME~1\CALEBD~1\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U4 TlntSvr; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 17:18 - 2015-05-12 17:19 - 00016104 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.txt
2015-05-12 17:15 - 2015-05-12 17:15 - 00028145 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Addition.txt
2015-05-12 17:07 - 2015-05-12 17:19 - 00000000 ____D () C:\FRST
2015-05-12 17:06 - 2015-05-12 17:06 - 01141248 _____ (Farbar) C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.exe
2015-05-12 17:05 - 2015-05-12 17:05 - 00017569 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\download.htm
2015-05-12 00:43 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360SD
2015-05-12 00:43 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360SD
2015-05-11 00:41 - 2015-05-11 00:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\360safe
2015-05-11 00:40 - 2015-05-11 00:40 - 00012328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-11 00:40 - 2015-05-11 00:40 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-05-11 00:40 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\360WD
2015-05-10 22:44 - 2015-05-10 22:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-05-10 22:43 - 2015-05-12 00:44 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-10 22:43 - 2015-05-11 20:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-10 22:43 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-10 22:43 - 2014-01-06 19:47 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-05-10 22:37 - 2015-05-10 22:38 - 12849824 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\tweaking.com_windows_repair_aio_setup (2).exe
2015-05-10 22:06 - 2015-05-10 22:20 - 00000000 _____ () C:\WINDOWS\system32\w32apiw.dll
2015-05-10 22:06 - 2015-05-10 22:06 - 00000798 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\nCleaner.lnk
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Program Files\NKProds
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\nCleaner
2015-05-10 22:02 - 2015-05-10 22:02 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-05-10 13:49 - 2015-05-10 14:17 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NPE
2015-05-10 13:49 - 2015-05-10 13:49 - 00012736 ____H () C:\WINDOWS\system32\mlfcache.dat
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 00:25 - 2015-05-08 19:37 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150510-002541.backup
2015-05-09 23:32 - 2015-05-09 23:32 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Temp
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00000000 ____H () C:\asc_rdflag
2015-05-09 21:10 - 2015-05-09 21:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2808679$
2015-05-09 21:10 - 2013-03-26 18:53 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-05-09 21:09 - 2011-10-28 12:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2492386$
2015-05-09 21:08 - 2011-08-16 06:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-09 21:07 - 2011-03-11 10:10 - 00471552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-05-09 21:06 - 2015-05-09 21:07 - 00000000 ___DC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallbasecsp$
2015-05-09 21:03 - 2014-10-16 10:27 - 00023840 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2015-05-09 20:59 - 2015-05-09 20:59 - 20987904 _____ () C:\WINDOWS\system32\config\software.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 04984832 _____ () C:\WINDOWS\system32\config\default.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-05-09 20:53 - 2015-05-12 00:45 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-05-09 20:36 - 2015-05-12 00:46 - 00001822 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 8.lnk
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\Apple Computer
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 04:54 - 2015-05-09 04:54 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-05-09 00:58 - 2015-05-12 12:57 - 00000378 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-09 00:58 - 2015-05-09 00:58 - 00001689 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:57 - 2015-05-09 00:57 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-09 00:57 - 2015-05-09 00:57 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-09 00:57 - 2015-05-09 00:57 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-09 00:52 - 2015-05-09 00:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-08 19:46 - 2015-05-08 19:53 - 00000000 ____D () C:\KVRT_Data
2015-05-08 19:40 - 2015-05-12 17:19 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00012335 _____ () C:\ComboFix.txt
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-08 19:40 - 2015-05-08 19:40 - 00000000 ____D () C:\Documents and Settings\Caleb\Local Settings\temp
2015-05-08 19:25 - 2015-05-11 12:13 - 00000000 ____D () C:\ComboFix
2015-05-08 18:51 - 2015-05-08 18:51 - 00000000 _RSHD () C:\cmdcons
2015-05-08 18:51 - 2014-01-06 19:38 - 00000211 _____ () C:\Boot.bak
2015-05-08 18:51 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-08 18:47 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-08 18:47 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-08 18:47 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-08 18:46 - 2015-05-08 19:40 - 00000000 ____D () C:\Qoobox
2015-05-08 18:46 - 2015-05-08 18:46 - 00012328 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-08 18:45 - 2015-05-08 19:38 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-08 18:42 - 2015-05-08 19:44 - 00003606 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Rkill.txt
2015-05-08 18:29 - 2015-05-08 18:36 - 00000000 ____D () C:\AdwCleaner
2015-05-08 16:20 - 2015-05-08 16:20 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-08 15:44 - 2015-05-12 06:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-12 06:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 11:17 - 2015-05-08 11:17 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000\IETldCache
2015-05-08 01:31 - 2015-05-11 00:26 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:28 - 2015-05-08 01:28 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-08 01:27 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-08 00:40 - 2008-04-14 03:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150508-004058.backup
2015-05-08 00:28 - 2015-05-11 12:13 - 00000000 ____D () C:\$360Section
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 22:55 - 2015-05-08 01:24 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\360safe
2015-05-07 22:55 - 2015-05-08 00:28 - 00000000 ____D () C:\WINDOWS\Tasks\360Disabled
2015-05-07 22:39 - 2015-05-12 17:18 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\360WD
2015-05-07 22:39 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360TotalSecurity
2015-05-07 22:39 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360TotalSecurity
2015-05-07 22:38 - 2015-05-09 21:39 - 00000000 _RSHD () C:\360SANDBOX
2015-05-07 22:38 - 2015-05-07 22:56 - 00000802 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\360 Total Security.lnk
2015-05-07 22:38 - 2015-05-07 22:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\360 Security Center
2015-05-07 22:38 - 2015-05-07 22:56 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\360 Security Center
2015-05-07 22:38 - 2015-05-07 22:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360safe
2015-05-07 22:38 - 2015-05-07 22:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360safe
2015-05-07 22:38 - 2015-05-07 22:38 - 00000000 ____D () C:\Program Files\360
2015-05-07 22:38 - 2015-04-25 01:05 - 00202312 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box.sys
2015-05-07 22:38 - 2015-04-25 01:05 - 00065608 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00257352 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmdrv.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00174536 _____ (360安全中心) C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00169040 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2015-05-07 22:38 - 2015-04-02 09:43 - 00088136 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00058440 _____ (360安全中心) C:\WINDOWS\system32\Drivers\hookport.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00045896 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmipc.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00034888 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera.sys
2015-05-07 22:38 - 2015-04-02 09:43 - 00023752 _____ (360安全中心) C:\WINDOWS\system32\Drivers\efimon.sys
2015-05-07 21:45 - 2015-05-07 21:45 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 18:12 - 2015-05-12 12:47 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00001678 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 15:30 - 2015-05-10 22:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-07 18:59 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001836 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:26 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\IObit
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\Caleb DeBetta\Start Menu\Uninstall Programs.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Uninstaller.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\ProductData
2015-05-07 14:55 - 2015-05-07 14:55 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-12 17:01 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.dat
2015-05-12 17:01 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.001
2015-05-12 16:56 - 2014-02-02 16:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-12 16:54 - 2014-02-02 16:52 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-12 14:54 - 2014-02-02 16:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-12 09:59 - 2014-01-06 19:45 - 01479760 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-12 00:50 - 2014-01-06 11:33 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-12 00:45 - 2014-01-06 19:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-11 15:51 - 2014-01-06 19:55 - 00032632 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-11 13:37 - 2014-01-06 19:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta
2015-05-10 22:10 - 2011-07-19 18:33 - 00000000 ____D () C:\Program Files\Safari
2015-05-10 14:12 - 2011-05-31 18:25 - 00000327 __RSH () C:\boot.ini
2015-05-09 21:39 - 2014-01-06 19:55 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000
2015-05-09 21:39 - 2014-01-06 19:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY.000
2015-05-09 21:11 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\security
2015-05-09 21:09 - 2011-06-01 18:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-09 21:09 - 2011-05-31 22:37 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-05-09 21:07 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\Help
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-08 19:38 - 2008-04-14 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-08 19:31 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta
2015-05-08 11:16 - 2011-06-01 19:13 - 00000000 ____D () C:\Program Files\Google
2015-05-08 11:13 - 2014-09-12 20:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NSManager
2015-05-08 11:13 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta\Local Settings\Temp
2015-05-08 01:52 - 2011-06-01 18:33 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 01:39 - 2013-12-01 13:07 - 00021828 _____ () C:\Documents and Settings\debetta\Desktop\tmp.zip
2015-05-07 19:07 - 2014-02-01 22:24 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\RobloxVersions
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 18:13 - 2012-06-14 09:43 - 00000000 ____D () C:\Program Files\AWS
2015-05-07 15:19 - 2014-08-01 19:19 - 00000094 _____ () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\WB.CFG
2015-05-07 14:56 - 2014-02-02 16:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-07 14:56 - 2014-02-02 16:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-07 14:42 - 2008-04-14 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
 
==================== Files in the root of some directories =======
 
2014-02-01 22:24 - 2014-04-11 15:18 - 0000191 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\rbxcsettings.rbx
 
ZeroAccess:
C:\Windows\Installer\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
 
ZeroAccess:
C:\Documents and Settings\LocalService\Local Settings\Application Data\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
 
Some content of TEMP:
====================
C:\Documents and Settings\debetta\Local Settings\temp\20_jre-7-windows-i586.exe
C:\Documents and Settings\debetta\Local Settings\temp\7z.dll
C:\Documents and Settings\debetta\Local Settings\temp\air2E.exe
C:\Documents and Settings\debetta\Local Settings\temp\aol_toolbar.exe
C:\Documents and Settings\debetta\Local Settings\temp\APNStub.exe
C:\Documents and Settings\debetta\Local Settings\temp\avguidx.dll
C:\Documents and Settings\debetta\Local Settings\temp\CommonInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\debetta\Local Settings\temp\D2M-Precheck.exe
C:\Documents and Settings\debetta\Local Settings\temp\iGearedHelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Documents and Settings\debetta\Local Settings\temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\debetta\Local Settings\temp\KUIU.EXE
C:\Documents and Settings\debetta\Local Settings\temp\lowproc.exe
C:\Documents and Settings\debetta\Local Settings\temp\MachineIdCreator.exe
C:\Documents and Settings\debetta\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\NEW1.tmp.exe
C:\Documents and Settings\debetta\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\debetta\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\The_Weather_Channel_Application.exe
C:\Documents and Settings\debetta\Local Settings\temp\ToolbarInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\uninst1.exe
C:\Documents and Settings\debetta\Local Settings\temp\UNINSTALL.EXE
C:\Documents and Settings\debetta\Local Settings\temp\vcredist_x86.exe
C:\Documents and Settings\debetta\Local Settings\temp\wget.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\w32apiw.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 12 May 2015 - 05:50 PM

It appears there are two AV products installed.

AV: 360 Total Security (Enabled - Up to date) {5EEE8B0C-BEB2-4f05-BA7E-5EF3A65B8ECC}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

It's only recommended to have one AV as more than one can cause system slowdowns, conflicts, false detections and crashes.

When we are finished fixing, then I recommend uninstalling one of them (I recommend keeping Avast)


NEXT

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   194bytes   1 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 12 May 2015 - 07:36 PM

Removed 360 antivirus
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by Caleb DeBetta at 2015-05-12 20:06:07 Run:1
Running from C:\Documents and Settings\Caleb DeBetta\Desktop
Loaded Profiles: Caleb DeBetta (Available profiles: Caleb DeBetta & Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
C:\Windows\Installer\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
C:\Documents and Settings\LocalService\Local Settings\Application Data\{0ad8e46f-86e7-4871-5a75-999f1d535c89}
EmptyTemp:
end
*****************
 
C:\Windows\Installer\{0ad8e46f-86e7-4871-5a75-999f1d535c89} => Moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\{0ad8e46f-86e7-4871-5a75-999f1d535c89} => Moved successfully.
EmptyTemp: => Removed 24.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:06:59 ====


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 12 May 2015 - 09:18 PM

Please run the following:

Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

CF_RC_notice.png
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
cfRC_screen_2.png
  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 12 May 2015 - 11:46 PM

ComboFix 15-05-09.01 - Caleb DeBetta 05/13/2015   0:03.3.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.892 [GMT -4:00]
Running from: c:\documents and settings\Caleb DeBetta\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\w32apiw.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-13 to 2015-05-13  )))))))))))))))))))))))))))))))
.
.
2015-05-12 21:07 . 2015-05-13 00:13 -------- d-----w- C:\FRST
2015-05-11 02:43 . 2015-05-11 04:40 -------- d-----w- c:\documents and settings\Administrator
2015-05-11 02:06 . 2015-05-11 02:06 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\nCleaner
2015-05-11 02:06 . 2015-05-11 02:06 -------- d-----w- c:\program files\NKProds
2015-05-11 02:02 . 2015-05-11 02:02 -------- d-----w- c:\program files\Tweaking.com
2015-05-10 17:49 . 2015-05-10 18:17 -------- d-----w- c:\documents and settings\Caleb DeBetta\Local Settings\Application Data\NPE
2015-05-10 17:49 . 2015-05-10 17:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 03:32 . 2015-05-10 03:32 -------- d-----w- c:\documents and settings\Caleb DeBetta\Local Settings\Application Data\Temp
2015-05-10 01:40 . 2015-05-10 01:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2015-05-10 01:10 . 2013-03-26 22:53 74752 ----a-w- c:\windows\system32\cryptdlg.dll
2015-05-10 01:08 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2015-05-10 01:08 . 2011-08-16 10:45 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2015-05-10 01:07 . 2011-03-11 14:10 471552 -c--a-w- c:\windows\system32\dllcache\aclayers.dll
2015-05-10 01:06 . 2015-05-10 01:06 -------- d-----w- c:\windows\system32\winrm
2015-05-10 01:06 . 2015-05-10 01:07 -------- dc----w- c:\windows\$968930Uinstall_KB968930$
2015-05-10 01:03 . 2014-10-16 14:27 23840 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2015-05-10 00:36 . 2015-05-10 00:36 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\Apple Computer
2015-05-10 00:36 . 2015-05-10 00:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-10 00:36 . 2015-05-10 00:36 -------- d-----w- c:\documents and settings\Caleb DeBetta\AppData
2015-05-10 00:36 . 2015-05-10 00:36 -------- d-----w- c:\program files\Common Files\IObit
2015-05-09 08:54 . 2015-05-09 08:54 -------- d-----w- c:\windows\jumpshot.com
2015-05-09 04:58 . 2015-05-09 04:58 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\AVAST Software
2015-05-09 04:57 . 2015-05-09 04:57 57888 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-05-09 04:57 . 2015-05-09 04:57 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-05-09 04:57 . 2015-05-09 04:57 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-05-09 04:57 . 2015-05-09 04:57 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-05-09 04:57 . 2015-05-09 04:57 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-05-09 04:57 . 2015-05-09 04:57 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-05-09 04:57 . 2015-05-09 04:57 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-05-09 04:57 . 2015-05-09 04:57 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-05-09 04:57 . 2015-05-09 04:57 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-05-09 04:57 . 2015-05-09 04:57 43112 ----a-w- c:\windows\avastSS.scr
2015-05-09 04:52 . 2015-05-09 04:52 -------- d-----w- c:\program files\AVAST Software
2015-05-09 04:50 . 2015-05-09 04:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-08 23:46 . 2015-05-08 23:53 -------- d-----w- C:\KVRT_Data
2015-05-08 22:29 . 2015-05-08 22:36 -------- d-----w- C:\AdwCleaner
2015-05-08 19:44 . 2015-05-12 22:49 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 19:44 . 2015-05-08 19:44 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2015-05-08 15:17 . 2015-05-08 15:17 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000\IETldCache
2015-05-08 05:31 . 2015-05-11 04:26 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 05:27 . 2015-05-08 05:28 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-05-08 05:27 . 2015-05-08 05:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 05:27 . 2015-04-14 13:37 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-08 05:27 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-08 04:28 . 2015-05-11 16:13 -------- d-----w- C:\$360Section
2015-05-08 03:07 . 2015-05-12 04:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-08 02:39 . 2015-05-13 03:53 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\360WD
2015-05-08 02:38 . 2015-05-08 02:38 -------- d-----w- c:\program files\360
2015-05-08 01:45 . 2015-05-08 01:45 -------- d-----w- c:\program files\CCleaner
2015-05-07 22:12 . 2015-05-07 22:12 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\SUPERAntiSpyware.com
2015-05-07 22:12 . 2015-05-13 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-05-07 22:12 . 2015-05-07 22:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 19:30 . 2013-09-20 14:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2015-05-07 19:30 . 2015-05-08 04:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 19:30 . 2015-05-11 02:24 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-05-07 19:15 . 2015-05-07 19:15 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\ProductData
2015-05-07 19:15 . 2015-05-10 00:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 19:15 . 2015-05-07 19:15 -------- d-----w- c:\documents and settings\Caleb DeBetta\LocalLow
2015-05-07 19:15 . 2015-05-10 00:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 19:15 . 2015-05-10 00:36 -------- d-----w- c:\program files\IObit
2015-05-07 19:15 . 2015-05-10 00:26 -------- d-----w- c:\documents and settings\Caleb DeBetta\Application Data\IObit
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-07 18:56 . 2014-02-02 20:52 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-07 18:56 . 2014-02-02 20:52 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-09 04:57 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 6718744]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-04-23 6278424]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-07 405504]
"nwiz"="nwiz.exe" [2007-05-12 1626112]
"NVHotkey"="nvHotkey.dll" [2007-05-12 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-12 81920]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-12 8429568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDWinLogon]
SDWinLogon.dll [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [5/9/2015 12:57 AM 49904]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [5/9/2015 12:57 AM 209048]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/9/2015 12:57 AM 787760]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/9/2015 12:57 AM 427992]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys --> c:\windows\system32\DRIVERS\BAPIDRV.sys [?]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [5/8/2015 3:44 PM 47928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/22/2014 7:47 PM 142648]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [5/9/2015 8:36 PM 814880]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [5/9/2015 12:57 AM 24144]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [5/9/2015 12:57 AM 74976]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [5/8/2015 3:44 PM 656184]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [5/7/2015 3:30 PM 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [5/7/2015 3:30 PM 2088408]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys --> c:\windows\system32\DRIVERS\360AvFlt.sys [?]
R3 360Box;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box.sys --> c:\windows\system32\DRIVERS\360Box.sys [?]
R4 qutmipc;qutmipc;\??\c:\windows\system32\drivers\qutmipc.sys --> c:\windows\system32\drivers\qutmipc.sys [?]
S0 cerc6;cerc6; [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [5/7/2015 3:30 PM 171928]
S3 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [5/7/2015 3:15 PM 2585376]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [5/8/2015 1:31 AM 119512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-07 18:55 988488 ----a-w- c:\program files\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02 18:57]
.
2015-05-13 c:\windows\Tasks\ASC8_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 8\Monitor.exe [2015-05-10 18:48]
.
2015-05-13 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-09 04:57]
.
2015-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-01 18:49]
.
2015-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-01 18:49]
.
2015-05-07 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2015-05-07 14:41]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
mStart Page = www.google.com
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-360safeuninst_f3e1de0f0228c80791add17e8806663b - c:\docume~1\CALEBD~1\LOCALS~1\Temp\f3e1de0f0228c80791add17e8806663b_remove360.bat
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-25615298.sys
SafeBoot-MBAMSwissArmy
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-05-13 00:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2015-05-13  00:24:55
ComboFix-quarantined-files.txt  2015-05-13 04:24
ComboFix2.txt  2015-05-08 23:40
.
Pre-Run: 46,648,885,248 bytes free
Post-Run: 46,641,885,184 bytes free
.
- - End Of File - - 55EA69A8F0595F591FC608ACB53259F4
8F558EB6672622401DA993E1E865C861
 


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 13 May 2015 - 09:34 AM

Please do the following:

Open your Malwarebytes AntiMalware program:

• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
○ 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, if detections are found - click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Attach the resulting log.


NEXT

Please download AdwCleaner and save it to your desktop.
http://www.bleepingcomputer.com/download/adwcleaner/?rha=1

 

ATTENTION: After you click the Download Now button, another page will open - DO NOT CLICK any additional 'download now' buttons as they are sponsored advertisements. Please wait and look toward the top or bottom of your browser for the option to Run or Save. Click Save to save the file.

Double click on AdwCleaner.exe to run the tool.
Click on the Scan button.
After the scan has finished... click on the Cleaning button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Attach that log file to your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

Please let me know if there are any outstanding issues.

 


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 13 May 2015 - 05:57 PM

Malwarebytes did not find any malware. It did not generate a report.

 

# AdwCleaner v4.203 - Logfile created 13/05/2015 at 18:49:49
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Caleb DeBetta - CALEB
# Running from : C:\Documents and Settings\Caleb DeBetta\My Documents\Downloads\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Documents and Settings\debetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Deleted : C:\Documents and Settings\debetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
File Deleted : C:\Documents and Settings\debetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nohfdhapjjlndfgjnmdlcabloeembdkj_0.localstorage
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v42.0.2311.135
 
 
*************************
 
AdwCleaner[R0].txt - [8362 bytes] - [08/05/2015 18:29:57]
AdwCleaner[R1].txt - [1799 bytes] - [13/05/2015 18:34:52]
AdwCleaner[S0].txt - [8515 bytes] - [08/05/2015 18:35:53]
AdwCleaner[S1].txt - [1736 bytes] - [13/05/2015 18:49:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1795  bytes] ##########
 


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 14 May 2015 - 11:53 AM

how is the computer running now, are there any outstanding issues?


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 14 May 2015 - 06:55 PM

While the computer is improved, it still has very slow load times, and is generally unresponsive. This may be due to a lack of resources. I haven't used XP in so long I can't recall what it was like. I can't imagine it was like this.

 

I ran Tweakingnow and can't say there's been any improvement. 

 

One other odd thing - this person (not my computer) had Minecraft on this machine. I deleted every trace I could find, and thought I'd gotten rid of it. It has now returned, there's even an icon on the desktop. Before I came here for help, one of the pieces of malware I removed seemed to have some sort of association with Minecraft. I don't know if that version was was infected when it was downloaded, or if that's where the trojan happened to hide itself.



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 14 May 2015 - 07:14 PM

odd,

 

please run a fresh scan with FRST

 

please place a check mark in "Addition" before scanning so I get another Addition.txt as well as the FRSt.txt


Edited by CatByte, 14 May 2015 - 07:15 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 15 May 2015 - 12:04 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 02
Ran by Caleb DeBetta (administrator) on CALEB on 14-05-2015 22:16:20
Running from C:\Documents and Settings\Caleb DeBetta\Desktop
Loaded Profiles: Caleb DeBetta (Available profiles: Caleb DeBetta & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2289664 2008-11-26] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [nwiz] => nwiz.exe /installquiet
HKLM\...\Run: [NVHotkey] => rundll32.exe nvHotkey.dll,Start
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6718744 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-507921405-884357618-842925246-1004\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-09] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-507921405-884357618-842925246-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-507921405-884357618-842925246-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> {DB2D1B4A-0819-4276-9421-884E02B1F3F5} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-08] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-507921405-884357618-842925246-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll File Not found
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll File Not found
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-08] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-25]
FF HKLM\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - 1713784\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF HKLM\...\Firefox\Extensions: [{jid1-vS7biDmom8YxhA@jetpack}] - 1\extensions\{jid1-vS7biDmom8YxhA@jetpack}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09]
 
Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (Adguard AdBlocker) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-05-09]
CHR Extension: (YouTube) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Google Search) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (AdBlock) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-09]
CHR Extension: (360 Internet Protection) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2015-05-08]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-07]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-07]
CHR Extension: (Adblock Pro) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\njkbdonheknmfmcccgggkcbedkhdbacf [2015-05-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Gmail) - C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-08] (Oracle Corporation)
S3 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-05-07] (IObit)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2039808 2008-11-26] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-05-09] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-05-09] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-05-09] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-05-09] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-11-26] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209152 2006-11-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989696 2006-11-02] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-13] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-06] (SigmaTel, Inc.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 bcm4sbxp; system32\DRIVERS\bcm4sbxp.sys [X]
S3 catchme; \??\C:\DOCUME~1\CALEBD~1\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 22:16 - 2015-05-14 22:16 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Desktop\FRST-OlderVersion
2015-05-14 20:00 - 2015-05-14 20:04 - 00003407 _____ () C:\WINDOWS\setupapi.log
2015-05-14 18:51 - 2015-05-14 18:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-14 18:51 - 2015-05-14 18:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-14 18:51 - 2015-05-14 18:51 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2015-05-14 17:57 - 2015-05-14 17:57 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY.000\Start Menu\Programs\Accessories
2015-05-14 17:53 - 2015-05-14 18:00 - 00011270 _____ () C:\WINDOWS\bitssetup.log
2015-05-14 17:52 - 2015-05-14 17:53 - 00000558 _____ () C:\WINDOWS\Windows Update.log
2015-05-14 17:27 - 2015-05-14 17:27 - 00000000 ____D () C:\RegBackup
2015-05-13 00:53 - 2015-05-13 00:53 - 12873576 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-05-13 00:49 - 2015-05-13 00:54 - 00001812 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Tweaking.com - Windows Repair.lnk
2015-05-13 00:49 - 2015-05-13 00:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Tweaking.com
2015-05-13 00:49 - 2015-05-13 00:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Tweaking.com
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\temp
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\temp
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\temp
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\temp
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-13 00:25 - 2015-05-13 00:25 - 00000000 ____D () C:\Documents and Settings\Caleb\Local Settings\temp
2015-05-13 00:24 - 2015-05-13 00:24 - 00015837 _____ () C:\ComboFix.txt
2015-05-12 17:18 - 2015-05-14 22:17 - 00015064 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.txt
2015-05-12 17:15 - 2015-05-12 17:15 - 00028145 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Addition.txt
2015-05-12 17:07 - 2015-05-14 22:16 - 00000000 ____D () C:\FRST
2015-05-12 17:06 - 2015-05-14 22:16 - 01145856 _____ (Farbar) C:\Documents and Settings\Caleb DeBetta\Desktop\FRST.exe
2015-05-12 17:05 - 2015-05-12 17:05 - 00017569 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\download.htm
2015-05-11 00:40 - 2015-05-11 00:40 - 00012328 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-11 00:40 - 2015-05-11 00:40 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-05-10 22:44 - 2015-05-10 22:44 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-05-10 22:43 - 2015-05-14 18:49 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-05-10 22:43 - 2015-05-14 18:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-05-10 22:43 - 2015-05-11 00:40 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-05-10 22:43 - 2014-01-06 19:47 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-05-10 22:43 - 2014-01-06 19:47 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-05-10 22:06 - 2015-05-10 22:06 - 00000798 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\nCleaner.lnk
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Program Files\NKProds
2015-05-10 22:06 - 2015-05-10 22:06 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\nCleaner
2015-05-10 22:02 - 2015-05-10 22:02 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-05-10 13:49 - 2015-05-10 14:17 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NPE
2015-05-10 13:49 - 2015-05-10 13:49 - 00012736 _____ () C:\WINDOWS\system32\mlfcache.dat
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 13:49 - 2015-05-10 13:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2015-05-10 00:25 - 2015-05-08 19:37 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150510-002541.backup
2015-05-09 23:32 - 2015-05-09 23:32 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Temp
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 21524480 _____ () C:\WINDOWS\system32\config\software.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 04984832 _____ () C:\WINDOWS\system32\config\default.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-05-09 21:39 - 2015-05-09 21:39 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iodefrag
2015-05-09 21:39 - 2015-05-09 21:39 - 00000000 _____ () C:\asc_rdflag
2015-05-09 21:10 - 2015-05-09 21:10 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2808679$
2015-05-09 21:10 - 2013-03-26 18:53 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-05-09 21:09 - 2011-10-28 12:07 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-09 21:08 - 2015-05-09 21:08 - 00000000 ___DC () C:\WINDOWS\$NtUninstallKB2492386$
2015-05-09 21:08 - 2011-08-16 06:45 - 00006144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-05-09 21:06 - 2015-05-09 21:39 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2015-05-09 21:06 - 2015-05-09 21:07 - 00000000 ___DC () C:\WINDOWS\$968930Uinstall_KB968930$
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-05-09 21:06 - 2015-05-09 21:06 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 ___DC () C:\WINDOWS\$NtUninstallbasecsp$
2015-05-09 21:03 - 2014-10-16 10:27 - 00023840 _____ (IObit) C:\WINDOWS\system32\RegistryDefragBootTime.exe
2015-05-09 20:59 - 2015-05-09 20:59 - 20987904 _____ () C:\WINDOWS\system32\config\software.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 04984832 _____ () C:\WINDOWS\system32\config\default.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00045056 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-05-09 20:59 - 2015-05-09 20:59 - 00020480 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-05-09 20:53 - 2015-05-14 18:50 - 00000296 _____ () C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2015-05-09 20:36 - 2015-05-12 00:46 - 00001822 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Advanced SystemCare 8.lnk
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\Common Files\IObit
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\Apple Computer
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Advanced SystemCare 8
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 20:36 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-05-09 04:54 - 2015-05-09 04:54 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2015-05-09 00:58 - 2015-05-14 18:57 - 00000378 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-09 00:58 - 2015-05-09 00:58 - 00001689 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Avast Free Antivirus.lnk
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:58 - 2015-05-09 00:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVAST Software
2015-05-09 00:57 - 2015-05-09 00:57 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00427992 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-05-09 00:57 - 2015-05-09 00:57 - 00209048 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00049904 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-05-09 00:57 - 2015-05-09 00:57 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-05-09 00:57 - 2015-05-09 00:57 - 00024144 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-05-09 00:52 - 2015-05-09 00:52 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-09 00:50 - 2015-05-09 00:51 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVAST Software
2015-05-08 19:46 - 2015-05-08 19:53 - 00000000 ____D () C:\KVRT_Data
2015-05-08 19:40 - 2015-05-14 22:17 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\temp
2015-05-08 18:51 - 2015-05-08 18:51 - 00000000 _RSHD () C:\cmdcons
2015-05-08 18:51 - 2014-01-06 19:38 - 00000211 _____ () C:\Boot.bak
2015-05-08 18:51 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-08 18:47 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-08 18:47 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-08 18:47 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-08 18:47 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-08 18:46 - 2015-05-14 18:50 - 00012328 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-08 18:46 - 2015-05-13 00:26 - 00000000 ____D () C:\Qoobox
2015-05-08 18:45 - 2015-05-08 19:38 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-08 18:42 - 2015-05-08 19:44 - 00003606 _____ () C:\Documents and Settings\Caleb DeBetta\Desktop\Rkill.txt
2015-05-08 18:29 - 2015-05-13 18:49 - 00000000 ____D () C:\AdwCleaner
2015-05-08 16:20 - 2015-05-14 18:50 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-08 15:44 - 2015-05-12 18:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-12 18:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 15:44 - 2015-05-08 15:44 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-08 11:17 - 2015-05-08 11:17 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000\IETldCache
2015-05-08 01:31 - 2015-05-13 14:41 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-08 01:28 - 2015-05-08 01:28 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:28 - 2015-05-08 01:28 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-05-08 01:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2015-05-08 01:27 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-08 01:27 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-08 00:40 - 2008-04-14 03:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150508-004058.backup
2015-05-08 00:28 - 2015-05-11 12:13 - 00000000 ____D () C:\$360Section
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 23:07 - 2015-05-12 00:43 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\360Quarant
2015-05-07 22:55 - 2015-05-08 00:28 - 00000000 ____D () C:\WINDOWS\Tasks\360Disabled
2015-05-07 22:38 - 2015-05-13 18:50 - 00000000 ____D () C:\Program Files\360
2015-05-07 21:45 - 2015-05-07 21:45 - 00000682 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 21:45 - 2015-05-07 21:45 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
2015-05-07 18:12 - 2015-05-14 18:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00001678 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\SUPERAntiSpyware
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 18:12 - 2015-05-07 18:12 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2015-05-07 15:30 - 2015-05-13 00:31 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-05-07 15:30 - 2015-05-10 22:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-08 00:31 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2015-05-07 15:30 - 2015-05-07 18:59 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001842 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00001836 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Spybot-S&D Start Center.lnk
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2015-05-07 15:30 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-07 15:30 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Program Files\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:36 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2015-05-07 15:15 - 2015-05-09 20:26 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\IObit
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\Caleb DeBetta\Start Menu\Uninstall Programs.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000881 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\IObit Uninstaller.lnk
2015-05-07 15:15 - 2015-05-07 15:15 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Application Data\ProductData
2015-05-07 14:55 - 2015-05-07 14:55 - 00001813 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
2015-05-07 14:55 - 2015-05-07 14:55 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-14 21:56 - 2014-02-02 16:52 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-14 21:54 - 2014-02-02 16:52 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 20:10 - 2014-01-06 19:45 - 01539933 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-14 19:54 - 2014-01-06 19:55 - 00032424 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-14 18:55 - 2014-01-06 11:33 - 00509828 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-14 18:51 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.001
2015-05-14 18:50 - 2014-02-02 16:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 18:50 - 2014-01-06 19:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-14 17:57 - 2014-01-06 19:47 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2015-05-14 17:57 - 2014-01-06 19:47 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2015-05-13 00:26 - 2011-05-31 22:41 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-13 00:19 - 2008-04-14 03:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-13 00:19 - 2008-04-14 03:00 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts_bak_626
2015-05-12 17:01 - 2014-01-06 18:54 - 00067155 _____ () C:\WINDOWS\system32\nvModes.dat
2015-05-11 13:37 - 2014-01-06 19:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta
2015-05-10 22:10 - 2011-07-19 18:33 - 00000000 ____D () C:\Program Files\Safari
2015-05-10 14:12 - 2011-05-31 18:25 - 00000327 __RSH () C:\boot.ini
2015-05-09 21:39 - 2014-01-06 19:55 - 00000000 __SHD () C:\Documents and Settings\LocalService.NT AUTHORITY.000
2015-05-09 21:39 - 2014-01-06 19:54 - 00000000 __SHD () C:\Documents and Settings\NetworkService.NT AUTHORITY.000
2015-05-09 21:11 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\security
2015-05-09 21:09 - 2011-06-01 18:08 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-05-09 21:09 - 2011-05-31 22:37 - 00000000 ____D () C:\WINDOWS\$hf_mig$
2015-05-09 21:07 - 2011-05-31 18:18 - 00000000 ____D () C:\WINDOWS\Help
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-09 21:03 - 2014-01-18 10:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstallConverter
2015-05-08 19:31 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta
2015-05-08 11:16 - 2011-06-01 19:13 - 00000000 ____D () C:\Program Files\Google
2015-05-08 11:13 - 2014-09-12 20:57 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\NSManager
2015-05-08 11:13 - 2011-05-31 22:42 - 00000000 ____D () C:\Documents and Settings\debetta\Local Settings\Temp
2015-05-08 01:52 - 2011-06-01 18:33 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-05-08 01:39 - 2013-12-01 13:07 - 00021828 _____ () C:\Documents and Settings\debetta\Desktop\tmp.zip
2015-05-07 19:07 - 2014-02-01 22:24 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\RobloxVersions
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 19:06 - 2014-02-02 16:52 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2015-05-07 18:13 - 2012-06-14 09:43 - 00000000 ____D () C:\Program Files\AWS
2015-05-07 15:19 - 2014-08-01 19:19 - 00000094 _____ () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\WB.CFG
2015-05-07 14:56 - 2014-02-02 16:52 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-05-07 14:56 - 2014-02-02 16:52 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-05-07 14:42 - 2008-04-14 03:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
 
==================== Files in the root of some directories =======
 
2014-02-01 22:24 - 2014-04-11 15:18 - 0000191 _____ () C:\Documents and Settings\Caleb DeBetta\Local Settings\Application Data\rbxcsettings.rbx
 
Some content of TEMP:
====================
C:\Documents and Settings\Caleb DeBetta\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Caleb DeBetta\Local Settings\temp\sqlite3.dll
C:\Documents and Settings\debetta\Local Settings\temp\20_jre-7-windows-i586.exe
C:\Documents and Settings\debetta\Local Settings\temp\7z.dll
C:\Documents and Settings\debetta\Local Settings\temp\air2E.exe
C:\Documents and Settings\debetta\Local Settings\temp\aol_toolbar.exe
C:\Documents and Settings\debetta\Local Settings\temp\APNStub.exe
C:\Documents and Settings\debetta\Local Settings\temp\avguidx.dll
C:\Documents and Settings\debetta\Local Settings\temp\CommonInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\contentDATs.exe
C:\Documents and Settings\debetta\Local Settings\temp\D2M-Precheck.exe
C:\Documents and Settings\debetta\Local Settings\temp\iGearedHelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\install_flashplayer11x32ax_gtbp_chra_aih[1].exe
C:\Documents and Settings\debetta\Local Settings\temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\debetta\Local Settings\temp\KUIU.EXE
C:\Documents and Settings\debetta\Local Settings\temp\lowproc.exe
C:\Documents and Settings\debetta\Local Settings\temp\MachineIdCreator.exe
C:\Documents and Settings\debetta\Local Settings\temp\mssinstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\NEW1.tmp.exe
C:\Documents and Settings\debetta\Local Settings\temp\SecurityScan_Release.exe
C:\Documents and Settings\debetta\Local Settings\temp\stubhelper.dll
C:\Documents and Settings\debetta\Local Settings\temp\The_Weather_Channel_Application.exe
C:\Documents and Settings\debetta\Local Settings\temp\ToolbarInstaller.exe
C:\Documents and Settings\debetta\Local Settings\temp\uninst1.exe
C:\Documents and Settings\debetta\Local Settings\temp\UNINSTALL.EXE
C:\Documents and Settings\debetta\Local Settings\temp\vcredist_x86.exe
C:\Documents and Settings\debetta\Local Settings\temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:54 AM

Posted 15 May 2015 - 10:44 AM

There is no reference to "minecraft" in either log, so let's do a search for it

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *minecraft*
    :folderfind
    *minecraft*
    :regfind
    minecraft
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


NEXT


Please be sure to disable Iobit when fixing, it has a protection feature that doesn't allow changes.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Attached File  FixList.txt   1.21KB   2 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Mr Jeremy Fisher

Mr Jeremy Fisher
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 15 May 2015 - 11:19 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 12:13 on 15/05/2015 by Caleb DeBetta
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*minecraft*"
C:\Documents and Settings\Caleb DeBetta\Application Data\.technic\assets\virtual\legacy\icons\minecraft.icns --a---- 114786 bytes [14:30 18/01/2014] [14:30 18/01/2014] F939CF3C2B9557400F2C3D2E4337E503
C:\Documents and Settings\Caleb DeBetta\Application Data\.technic\cache\minecraft_1.5.2.jar --a---- 5564661 bytes [14:30 18/01/2014] [14:30 18/01/2014] 6897C3287FB971C9F362EB3AB20F5DDD
C:\Documents and Settings\Caleb DeBetta\Application Data\.technic\modpacks\tekkitmain\bin\minecraft.jar --a---- 5493783 bytes [14:30 18/01/2014] [14:30 18/01/2014] D1904F367A89873D3AA7EDD3A024DE4D
C:\Documents and Settings\Caleb DeBetta\Application Data\.technic\modpacks\tekkitmain\cache\minecraft.jar --a---- 5564661 bytes [14:29 18/01/2014] [14:30 18/01/2014] 6897C3287FB971C9F362EB3AB20F5DDD
C:\Documents and Settings\debetta\Application Data\.minecraft\assets\icons\minecraft.icns --a---- 114786 bytes [16:13 30/11/2013] [16:13 30/11/2013] F939CF3C2B9557400F2C3D2E4337E503
C:\Documents and Settings\debetta\Application Data\.minecraft\bin\minecraft.jar --a---- 4586019 bytes [16:35 24/03/2012] [20:34 17/08/2012] 969699F13E5BBE7F12E40AC4F32B7D9A
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2012-11-08-201542_Carsons-iPhone.crash --a---- 25536 bytes [21:37 30/07/2013] [21:37 30/07/2013] 448E9982F8161150BA9675C36210F71A
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2012-11-27-181425_Carsons-iPhone.crash --a---- 24005 bytes [21:37 30/07/2013] [21:37 30/07/2013] 9C54238CD1F182D7B604C93909813CB0
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2012-12-21-121200_Carsons-iPhone.crash --a---- 24006 bytes [21:37 30/07/2013] [21:37 30/07/2013] DB37919C96BE4121BA8E52D723D727D2
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-28-182643_Carsons-iPhone.crash --a---- 24097 bytes [21:37 30/07/2013] [21:37 30/07/2013] EC3D1C31EC1AE6CD43CA31F6A9450F21
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-30-184110_Carsons-iPhone.crash --a---- 26340 bytes [21:37 30/07/2013] [21:37 30/07/2013] E6E76469CCEC0E401808DB08C0AF12A2
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-30-184212_Carsons-iPhone.crash --a---- 24787 bytes [21:37 30/07/2013] [21:37 30/07/2013] 95648953B0B3DC14BE8D02AFCCE255FD
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-30-184859_Carsons-iPhone.crash --a---- 24787 bytes [21:37 30/07/2013] [21:37 30/07/2013] 21FC522FE097E0D1AA980F982AB886D0
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-30-185036_Carsons-iPhone.crash --a---- 24787 bytes [21:37 30/07/2013] [21:37 30/07/2013] 23F7167BAFE5FEDF6B908279DA642E66
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-01-30-190319_Carsons-iPhone.crash --a---- 24787 bytes [21:37 30/07/2013] [21:37 30/07/2013] C355F2E8ACB8A4AA384B44DE777DC03C
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-02-08-085940_Carsons-iPhone.crash --a---- 24689 bytes [21:37 30/07/2013] [21:37 30/07/2013] 5FB4228142766F242AD75D2B5A7B6471
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\minecraftpe_2013-02-11-213134_Carsons-iPhone.crash --a---- 24861 bytes [21:37 30/07/2013] [21:37 30/07/2013] BA3BF93549785D6894A7966ECF61A376
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\MinecraftSeeds_2012-09-07-174849_Carson.crash --a---- 30427 bytes [02:29 08/09/2012] [02:29 08/09/2012] B990DDFB5D26EB22D75666E51FA70226
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\Retired\minecraftpe_2012-09-06-171719_Carson.crash --a---- 22004 bytes [02:29 08/09/2012] [02:29 08/09/2012] 1E805C864DCEDFC3AB6D8C4E832E99EF
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson\Retired\minecraftpe_2012-09-06-202611_Carson.crash --a---- 23405 bytes [02:29 08/09/2012] [02:29 08/09/2012] 1340E8538E2C61CE322EA4902FB6BC80
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson's iPhone\minecraftpe_2012-03-17-141703_Carsons-iPhone.crash --a---- 25738 bytes [15:55 18/03/2012] [15:55 18/03/2012] BDB4B076161139E32D36483B5C6A5B91
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson's iPhone\minecraftpe_2012-08-08-161041_Carsons-iPhone.crash --a---- 23628 bytes [18:52 30/09/2012] [18:52 30/09/2012] CA3A0228B5A886A18E67F81ECA4172D1
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson's iPhone\minecraftpe_2012-09-11-201347_Carsons-iPhone.crash --a---- 25524 bytes [18:52 30/09/2012] [18:52 30/09/2012] E8A140859C7811285CBC694477CF5941
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Carson's iPhone\minecraftpe_2012-09-15-091844_Carsons-iPhone.crash --a---- 21674 bytes [18:52 30/09/2012] [18:52 30/09/2012] 5C692069AE1BA87B6BDB5A7D5B92DC37
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Christian's iPad\Retired\minecraftpe_2013-06-05-200033_Christians-iPad.crash --a---- 31185 bytes [00:03 11/06/2013] [00:03 11/06/2013] F541A283B8CAFBA5CB996D6A7FF8C357
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Christian's iPad\Retired\minecraftpe_2013-06-06-095744_Christians-iPad.crash --a---- 26438 bytes [00:03 11/06/2013] [00:03 11/06/2013] 2FD1CD882DDF2AB2EE9B5000FFC9199A
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Christian's iPad\Retired\minecraftpe_2013-06-07-204746_Christians-iPad.crash --a---- 26753 bytes [00:03 11/06/2013] [00:03 11/06/2013] ED8BCEDB06321C4EE7320723D81A6A84
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Jen-i's iPad\minecraftpe_2012-08-04-185257_Jen-is-iPad.crash --a---- 21974 bytes [23:44 04/08/2012] [23:44 04/08/2012] DF0BD77FB85A66545D27CFDA1FFDA871
C:\Documents and Settings\debetta\Application Data\Apple Computer\Logs\CrashReporter\MobileDevice\Jen-i's iPad\Retired\Minecraft Skins Pro_2012-08-03-214425_Jen-is-iPad.crash --a---- 25655 bytes [23:44 04/08/2012] [23:44 04/08/2012] EF4DED652901C31F8D717E438D544786
C:\Documents and Settings\debetta\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\1YT81BGU\minecraft[1].xml --a---- 27435 bytes [15:30 19/05/2013] [02:31 26/05/2013] 12E0DF0A0B3B26D4927153A9E8DCF55C
C:\Documents and Settings\debetta\Local Settings\Temp\0ryamb8k.tmp\Minecraft.exe --a---- 278561 bytes [22:51 22/05/2012] [22:51 22/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\dvhijq2p.tmp\Minecraft.exe --a---- 278561 bytes [10:46 17/05/2012] [10:46 17/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\e3eo4yp9.tmp\Minecraft.exe --a---- 278561 bytes [10:44 14/05/2012] [10:44 14/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\edco7wgw.tmp\Minecraft.exe --a---- 263186 bytes [00:07 06/08/2012] [00:07 06/08/2012] B63CCB43F2779CBEA5D8D3CE2E3D90FB
C:\Documents and Settings\debetta\Local Settings\Temp\fa1ve3jc.tmp\Minecraft.exe --a---- 278561 bytes [01:27 19/05/2012] [01:27 19/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\ft8cvgjd.tmp\Minecraft.exe --a---- 278561 bytes [00:49 15/05/2012] [00:49 15/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\gbrh37rn.tmp\Minecraft.exe --a---- 263186 bytes [13:16 10/08/2012] [13:16 10/08/2012] B63CCB43F2779CBEA5D8D3CE2E3D90FB
C:\Documents and Settings\debetta\Local Settings\Temp\imhqj1co.tmp\Minecraft.exe --a---- 278561 bytes [22:34 08/07/2012] [22:34 08/07/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\m2meo0oy.tmp\Minecraft.exe --a---- 278561 bytes [20:09 13/05/2012] [20:09 13/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\mkk1k46a.tmp\Minecraft zoom mod for 1.2.3.zip --a---- 45666 bytes [10:59 18/05/2012] [10:59 18/05/2012] 0ED95A63255E9E02313F896B08426BF3
C:\Documents and Settings\debetta\Local Settings\Temp\nckqvmjw.tmp\Minecraft.exe --a---- 278561 bytes [22:17 08/07/2012] [22:17 08/07/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\npakplnu.tmp\Minecraft_Server.exe --a---- 1589718 bytes [23:23 22/05/2012] [23:23 22/05/2012] CC4E393865685118BDC0A241A315AA19
C:\Documents and Settings\debetta\Local Settings\Temp\ns8j0eus.tmp\Minecraft.exe --a---- 278561 bytes [00:15 20/05/2012] [00:15 20/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\ohh2rh7y.tmp\Minecraft_Server.exe --a---- 1589718 bytes [23:24 22/05/2012] [23:24 22/05/2012] CC4E393865685118BDC0A241A315AA19
C:\Documents and Settings\debetta\Local Settings\Temp\ohzy173s.tmp\Minecraft.exe --a---- 278561 bytes [14:04 20/05/2012] [14:04 20/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\phw86cr4.tmp\minecraft.jar --a---- 97825 bytes [22:16 08/07/2012] [22:16 08/07/2012] 3CE30E0C30D145EBFAFDA83D361BC2CC
C:\Documents and Settings\debetta\Local Settings\Temp\qhjtosny.tmp\Minecraft.exe --a---- 278561 bytes [00:52 17/05/2012] [00:52 17/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\t75dfhz5.tmp\Minecraft_Server.exe --a---- 1589718 bytes [23:25 22/05/2012] [23:25 22/05/2012] CC4E393865685118BDC0A241A315AA19
C:\Documents and Settings\debetta\Local Settings\Temp\ta3285r8.tmp\minecraft_server.jar --a---- 1408470 bytes [23:25 22/05/2012] [23:25 22/05/2012] 5F078323C2D661B8D9773C8242D912C3
C:\Documents and Settings\debetta\Local Settings\Temp\tsc7c4vw.tmp\Minecraft.exe --a---- 278561 bytes [20:56 13/05/2012] [20:56 13/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\vp317pwu.tmp\Minecraft.exe --a---- 263186 bytes [13:11 10/08/2012] [13:11 10/08/2012] B63CCB43F2779CBEA5D8D3CE2E3D90FB
C:\Documents and Settings\debetta\Local Settings\Temp\vwhw7sht.tmp\Minecraft.exe --a---- 278561 bytes [22:15 08/07/2012] [22:15 08/07/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\wsn8mtwv.tmp\Minecraft.exe --a---- 278561 bytes [12:44 13/05/2012] [12:44 13/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\www.minecraft.net\Minecraft\minecraft.jar --a---- 297776 bytes [15:53 28/04/2012] [15:53 28/04/2012] FCFD7F83A6B27503CF48202381A5ADF2
C:\Documents and Settings\debetta\Local Settings\Temp\x7czznyk.tmp\Minecraft.exe --a---- 278561 bytes [20:09 13/05/2012] [20:09 13/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\xdwxtq70.tmp\Minecraft.exe --a---- 278561 bytes [10:46 17/05/2012] [10:46 17/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\y6e3zwka.tmp\Minecraft.exe --a---- 278561 bytes [17:35 20/05/2012] [17:35 20/05/2012] F3AF9E6BE544B4A28B2ABFF08292CDE6
C:\Documents and Settings\debetta\Local Settings\Temp\yjvke6vr.tmp\Minecraft_Server.exe --a---- 1589718 bytes [23:20 22/05/2012] [23:20 22/05/2012] CC4E393865685118BDC0A241A315AA19
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_burning_skull_poster[1].png --a---- 57035 bytes [15:15 30/11/2013] [15:15 30/11/2013] CFAF55D91A15C432FDB0CE7B4E1A13D4
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creepers_gonna_creep_youth_tee[1].png --a---- 24427 bytes [15:15 30/11/2013] [15:15 30/11/2013] 1BEC909FA3FD30718B974AB0BD5BDB20
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_face_mug[1].png --a---- 35027 bytes [15:15 30/11/2013] [15:15 30/11/2013] F97B7CC425E43A648BDDDB0F4366C0B4
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_glow_in_the_dark_face_youth_tee[1].png --a---- 2344 bytes [15:15 30/11/2013] [15:15 30/11/2013] C3895E200B974D2EEBDB57DB6A99A680
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_head[1].png --a---- 43524 bytes [15:31 30/11/2013] [15:31 30/11/2013] 35BE98869680EBD3FB0BCD8EDBF61AAD
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_plush[2].png --a---- 90738 bytes [15:31 30/11/2013] [15:31 30/11/2013] DE2A609EE83AF1A049C80EF1C2FFC3E0
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_premium_zip_up_youth_hoodie[1].png --a---- 47874 bytes [15:31 30/11/2013] [15:31 30/11/2013] 2F187493818608950D3270F63F305000
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_scarf[1].png --a---- 40551 bytes [15:15 30/11/2013] [15:15 30/11/2013] 98A5AC1E1ECB3582D660C7F7A556D36B
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_ssssss_sticker[1].png --a---- 19460 bytes [15:15 30/11/2013] [15:15 30/11/2013] C9E493C9B399F3CE4C44277F970234D9
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_wallet[1].png --a---- 42641 bytes [15:15 30/11/2013] [15:15 30/11/2013] B1C529206D45433BDAA3AE0B0BCE012A
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_creeper_window_poster[1].png --a---- 15851 bytes [15:15 30/11/2013] [15:15 30/11/2013] 33999C40CA8B6B65AF5AFE12782C2FB0
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_enderman_head[1].png --a---- 28803 bytes [15:15 30/11/2013] [15:15 30/11/2013] A81E513A6471CE6C8C6681EE6E296DBC
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_hand_and_fighter_poster[1].png --a---- 49916 bytes [15:15 30/11/2013] [15:15 30/11/2013] E6E733297729985400BCF8BFE769F694
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_incomm_s[1].png --a---- 18517 bytes [15:19 30/11/2013] [15:19 30/11/2013] C612D2B460A1A5988DECE00871C5E73F
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_ironsword_belt[1].png --a---- 49188 bytes [15:15 30/11/2013] [15:15 30/11/2013] 0AFC030D246F4C8716BA142D6A59C9E2
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_logo[1].png --a---- 12818 bytes [15:04 30/11/2013] [15:04 30/11/2013] 413608BC9EE8C061CECD5CF16083CEF8
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_logo_sticker[1].png --a---- 14197 bytes [15:15 30/11/2013] [15:15 30/11/2013] 8F3ECB4065DF6DB044E1C68637DD3CF9
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_periodic_table_youth_tee[1].png --a---- 30534 bytes [15:15 30/11/2013] [15:15 30/11/2013] DF6FF3F38152CECA5082B9BF9411E9FA
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_pig_portrait_poster[1].png --a---- 53200 bytes [15:15 30/11/2013] [15:15 30/11/2013] BF75E45EFB1B3F9FE5AFC02ED42F67EE
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_pig_riding_youth_tee[1].png --a---- 43401 bytes [15:15 30/11/2013] [15:15 30/11/2013] 818259C89DF24622A8D792326806BF2F
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_run_away_youth_tee[1].png --a---- 30516 bytes [15:15 30/11/2013] [15:15 30/11/2013] 697C31B0F1FC93519AE07EEAA9960A6A
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_sam_cube_poster[1].png --a---- 44814 bytes [15:15 30/11/2013] [15:15 30/11/2013] 7CF9487F6BDF9EE826D76AD19AB17AE2
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_steve_head[1].png --a---- 37607 bytes [15:31 30/11/2013] [15:31 30/11/2013] 22E7E3A7B5C212E8E98329BAD5D8C5A5
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\23RHYA3C\minecraft_the_end_is_nigh_premium_tee[1].png --a---- 68283 bytes [15:15 30/11/2013] [15:15 30/11/2013] 0E935C7BEBB9D0811FCB7D295E52189A
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_cobblestone_wrapping_paper[1].png --a---- 53977 bytes [15:15 30/11/2013] [15:15 30/11/2013] 6923098486ED26D6F46D091A4FE8F60B
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_creeper_anatomy_youth_tee[1].png --a---- 43742 bytes [15:15 30/11/2013] [15:15 30/11/2013] 1D80B628609A226C1170058B5FAE7B98
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_creeper_bracelet[1].png --a---- 23145 bytes [15:31 30/11/2013] [15:31 30/11/2013] 5D83E6893339897D0A619C6EB075DF86
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_creeper_face_sticker[1].png --a---- 14310 bytes [15:15 30/11/2013] [15:15 30/11/2013] 88444B95DE295B128F643784A56E7DA3
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_creeper_green_vinyl[1].png --a---- 25045 bytes [15:31 30/11/2013] [15:31 30/11/2013] 0656B6C4EF756A15608DAA78C62E6847
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_diamond_crafting_premium_snap_back_hat[1].png --a---- 36854 bytes [15:15 30/11/2013] [15:15 30/11/2013] 76398FD841A0344FF313D1D97A1F9070
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_diamond_crafting_youth_tee[1].png --a---- 20382 bytes [15:15 30/11/2013] [15:15 30/11/2013] 2840F01A53F9051365456E83D9778A99
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_diamond_pickaxe_keychain[1].png --a---- 30461 bytes [15:15 30/11/2013] [15:15 30/11/2013] 1A67D1AB7CCDB823B4FCA815E4ABF13D
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_enderman_moving_company_youth_tee[1].png --a---- 46165 bytes [15:15 30/11/2013] [15:15 30/11/2013] C49B32EF04750578C5DD63BF1471DAA9
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_icon[1].png --a---- 3025 bytes [15:20 30/11/2013] [15:20 30/11/2013] 79BF40E5E0069E4EFFC999F4A79E1449
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_i_brake_for_porkchop_bumper_sticker[1].png --a---- 8301 bytes [15:15 30/11/2013] [15:15 30/11/2013] 094353B3D0C340C9EF6D81B286240081
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_like_a_boss_youth_tee[1].png --a---- 32805 bytes [15:15 30/11/2013] [15:15 30/11/2013] 2327C1C5AD2D7441443461F1541C5AAB
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_one_more_block_premium_tee[1].png --a---- 25755 bytes [15:15 30/11/2013] [15:15 30/11/2013] ACD80AC56297D715FB38B3A065F6A192
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_party_youth_tee[1].png --a---- 55034 bytes [15:15 30/11/2013] [15:15 30/11/2013] F4DC8DD3B8FB3A071B57BA8DC11E59E6
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_statues_youth_tee[1].png --a---- 32307 bytes [15:15 30/11/2013] [15:15 30/11/2013] 877FF0A8F759AF20122D98C237C6C876
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\9RARHYYI\minecraft_three_creeper_moon_youth_tee[1].png --a---- 41318 bytes [15:15 30/11/2013] [15:15 30/11/2013] 29A82E8839AD47F888081B818AC8B4E4
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\lego_minecraft_micro_world[1].png --a---- 83970 bytes [15:31 30/11/2013] [15:31 30/11/2013] B227E4F377DF533D6C1C6454F5103C01
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\lego_minecraft_nether[1].png --a---- 82834 bytes [15:31 30/11/2013] [15:31 30/11/2013] 2F530240CA408C4BB9EC1A4D6A0AF201
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\lego_minecraft_village[1].png --a---- 91207 bytes [15:31 30/11/2013] [15:31 30/11/2013] 7D5EFE9EEA3449F51258D29EC93582D1
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_computronic_poster[1].png --a---- 55645 bytes [15:15 30/11/2013] [15:15 30/11/2013] FE8BD17E10728A32DF010B61C0056F8C
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_creeper_face_premium_snap_back_hat[1].png --a---- 43805 bytes [15:15 30/11/2013] [15:15 30/11/2013] 3DFE3E07515345737F9C69D34F4EAC8F
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_creeper_flexfit_hat[1].png --a---- 38212 bytes [15:15 30/11/2013] [15:15 30/11/2013] 65E46999A3878307EA2FD77B458F5910
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_creeper_inside_youth_tee[1].png --a---- 18274 bytes [15:15 30/11/2013] [15:15 30/11/2013] 31C96ADAC74BBA379096223D25517E2B
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_creeper_pendant_necklace[1].png --a---- 43697 bytes [15:15 30/11/2013] [15:15 30/11/2013] D342AEF9774CD493F21B942D8D78FC1A
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_diamond_premium_hoodie[1].png --a---- 48452 bytes [15:15 30/11/2013] [15:15 30/11/2013] 89865844D03721E5D6795B3C82CAE3D7
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_diamond_steve_vinyl[1].png --a---- 36946 bytes [15:31 30/11/2013] [15:31 30/11/2013] 34E9F1520BECD3D523CC2D27AD773AD9
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_dirt_block_sticker[1].png --a---- 40830 bytes [15:15 30/11/2013] [15:15 30/11/2013] 2DA167A05616C8D1D75C81E22832FBDB
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_enderdragon_youth_tee[1].png --a---- 48908 bytes [15:15 30/11/2013] [15:15 30/11/2013] C1AFDD27643FB29B8E59788C2126C3CB
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_i_porkchop_minecraft_youth_tee[1].png --a---- 6766 bytes [15:15 30/11/2013] [15:15 30/11/2013] E87B2DEB344F02777F0DD2F58A2DD964
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_lanyard[2].png --a---- 15841 bytes [15:20 30/11/2013] [15:20 30/11/2013] FAA70B9C9D03505AAD6E0AC6D44936C0
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_retro_creeper_youth_tee[1].png --a---- 53852 bytes [15:15 30/11/2013] [15:15 30/11/2013] 1FB5CB0853071919EE28DC408FB24EAC
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_sss_boom_youth_tee[1].png --a---- 34045 bytes [15:15 30/11/2013] [15:15 30/11/2013] 6D8A96D5E22AA45FD44F51C000F2FEA7
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_steve_vinyl[1].png --a---- 34461 bytes [15:20 30/11/2013] [15:20 30/11/2013] C7E4DEF7D951BA03AB1C91C51BEFD984
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\LO54IZKJ\minecraft_tight_spot_youth_tee[1].png --a---- 31963 bytes [15:15 30/11/2013] [15:15 30/11/2013] DD93ECFAD8C21A32ED28B64166CD5230
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_adventure_youth_tee[1].png --a---- 44448 bytes [15:15 30/11/2013] [15:15 30/11/2013] 88D617EDEB21C8AAF7BEC8CD1B77404F
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_animals_sticker[1].png --a---- 57342 bytes [15:15 30/11/2013] [15:15 30/11/2013] 05A3647DF5EA25629109A1D0AE5EEC91
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_animal_totem_youth_tee[1].png --a---- 27570 bytes [15:15 30/11/2013] [15:15 30/11/2013] 6554FEB1654B98EF005BDDF61BB8162D
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_creeper_demolition_company_premium_tee[1].png --a---- 39943 bytes [15:15 30/11/2013] [15:15 30/11/2013] 8BE87A52FDC2D3E44A984A4159E282F0
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_creeper_face_beanie[1].png --a---- 41898 bytes [15:15 30/11/2013] [15:15 30/11/2013] 2A256AF24D2EC00A4D8199C9664D1857
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_diamond_bracelet[1].png --a---- 18474 bytes [15:20 30/11/2013] [15:20 30/11/2013] A496376AB3716C1C66A3C905C4C6BE27
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_diamond_necklace[1].png --a---- 33157 bytes [15:15 30/11/2013] [15:15 30/11/2013] 2056402F42BEB79D50E7757406B05465
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_diamond_sword_keychain[1].png --a---- 29015 bytes [15:15 30/11/2013] [15:15 30/11/2013] 4EC562A3B2E53C2AD8E8DC3B18A1265A
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_diamond_wrapping_paper[1].png --a---- 46659 bytes [15:15 30/11/2013] [15:15 30/11/2013] B86E59BF550260A3C9E527A55B268E82
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_enderman_inside_youth_tee[1].png --a---- 13418 bytes [15:15 30/11/2013] [15:15 30/11/2013] BB008D3BC775F814786B3854EFDFF4FE
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_ghastbusters_youth_tee[1].png --a---- 20539 bytes [15:15 30/11/2013] [15:15 30/11/2013] FC4CEDDFAFF170B5828DCF1AA1DBE5A3
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_icon_s[1].png --a---- 1705 bytes [15:04 30/11/2013] [15:04 30/11/2013] 8F6FEA5D64E3AE7394B64397966996F5
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_lineup_youth_tee[1].png --a---- 28426 bytes [15:15 30/11/2013] [15:15 30/11/2013] D059FE28E4DF79EFA3E4FC0FF01CADF8
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_megafan_bundle[1].png --a---- 89784 bytes [15:15 30/11/2013] [15:15 30/11/2013] 3B11D0FCD1824CDF3F40EC7721252294
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_monsters_sticker[1].png --a---- 73873 bytes [15:15 30/11/2013] [15:15 30/11/2013] 3FF022089005570CE341A06A6A64A9C5
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_pick_axe_keychain[1].png --a---- 33328 bytes [15:15 30/11/2013] [15:15 30/11/2013] 13595A2DA0B7FC7DBF66F4AD67A2CDA9
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_pin_pack[1].png --a---- 48944 bytes [15:15 30/11/2013] [15:15 30/11/2013] 3E333C139A6E320DC88371579EC3A4E4
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_poster[1].png --a---- 37535 bytes [15:15 30/11/2013] [15:15 30/11/2013] 447218EF87F77383B83492ECD016EF94
C:\Documents and Settings\debetta\Local Settings\Temporary Internet Files\Content.IE5\SZQJFLP7\minecraft_premium_fleece_jacket[1].png --a---- 30370 bytes [15:15 30/11/2013] [15:15 30/11/2013] 52105AE0ED252C7A81B2083BAE305F0B
 
========== folderfind ==========
 
Searching for "*minecraft*"
C:\Documents and Settings\debetta\Application Data\.minecraft d------ [16:35 24/03/2012]
C:\Documents and Settings\debetta\Application Data\.minecraft\saves\Yaaay minecraft d------ [21:24 12/05/2012]
C:\Documents and Settings\debetta\Local Settings\Temp\www.minecraft.net d------ [15:53 28/04/2012]
C:\Documents and Settings\debetta\Local Settings\Temp\www.minecraft.net\Minecraft d------ [15:53 28/04/2012]
 
========== regfind ==========
 
Searching for "minecraft"
[HKEY_CURRENT_USER\Software\OMX_Media]
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File7"="C:\DOCUMENTS AND SETTINGS\CALEB DEBETTA\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\HQP1UVDR\MINECRAFT_SETUP[1].EXE"
[HKEY_USERS\S-1-5-21-507921405-884357618-842925246-1004\Software\OMX_Media]
 
-= EOF =-





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users